Sujet Précédent Sujet Suivant

Gros pb avec mon pc, rapport hijackthis

stoukboy Messages postés 1345 Statut Membre -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,

Je souhaite obtenir de l'aide car mon pc présente plusieurs souci:

1. j'ai le sentiment d'avoir un virus, trojan, ... dans mon pc vu la stabilité générale de l'ensemble.

2. le plus important: j'ai un gros souci de drivers graphique, j'ai essayé de réinstaller les pilotes de façon super propre et toujours des soucis. Cela va d'un bug durant un jeu à la fenêtre de propriétés d'affichage qui ressemble à rien.

3. j'ai une mise à jour windows répétitive qui ne s'installe pas à la fermeture du pc.

Je vous poste un rapport hijackthis ici pour commencer:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:21:24, on 03/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
E:\Azureus\Azureus.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\WinRAR\WinRAR.exe
F:\Rar$EX00.453\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: HP52A9C2 HP0017A452A9C2
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.bitdefender.fr/
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6ED06200-B1DE-461E-A130-545249899506}: NameServer = 192.168.1.1,192.168.1.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{94391837-E9E6-46AA-BC33-B6E19D4C0135}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0FEA7D6-E801-4DFD-AA41-D14F47BE3710}: NameServer = 192.168.0.1
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

Voici à présent ma config en détails:

Version du plugin
3.5.1 build 0
Version de la base
10
Date de la détection
03/07/2009 13:27
Nom de la machine
gregoire
Système d'exploitation
Windows XP Edition familliale (build 2600) Service Pack 3
Navigateur web par défaut: Mozilla Firefox
Client e-mail par défaut: Windows Live Mail
Client de groupes de discussions par défaut: Outlook Express
Antivirus: Kaspersky Internet Security 8.0.0.506
Pare-feu:Kaspersky Internet Security 8.0.0.506
Carte mère
SMBios version 2.4
ASUSTeK Computer INC. P5B-Deluxe Rev 1.xx
Bios: American Megatrends Inc. 1226 11/23/2007 taille: 1024Kb
Chipset
Northbridge: Intel P965/G965
Southbridge: Intel 82801HB/HR (ICH8/R)
Processeur
Intel Core 2 Duo E6300 Conroe Socket 775 LGA (@65 nm) 1866 Mhz ( L1I: 2 x 32 Ko,
L1D: 2 x 32 Ko, L2: 2048 Ko )
Mémoire
Mémoire physique totale: 2048 Mo, Type: DDR2, @350.0MHz, 5.0-6-6-18-2T
DDR2 Kingmax Semiconductor KLCD48F-A8KL5 1024 Mo PC2-5300 (333 Mhz) (5.0-5-5-15)
DDR2 Kingmax Semiconductor KLCD48F-A8KL5 1024 Mo PC2-5300 (333 Mhz)
(5.0-5-5-15)
Carte Graphique
nVidia Corporation G92 [GeForce 9800 GT] (512 Mo)
Péripheriques IDE
Hitachi HDT725032VLA360 V54OA52A (SATA II, 298.09 Go, tampon: 14 Mo)
Lecteurs CD/DVD
PIONEER DVD-RW DVR-112D1.06
Disque dur
Hitachi HDT725032VLA360 (298.09Go)
Cartes PCI/AGP
Stockage
Intel Corporation:82801H (ICH8 Family) 4 port SATA IDE Controller
Intel Corporation:82801H (ICH8 Family) 2 port SATA IDE Controller
JMicron Technologies, Inc.:20360/20363 Serial ATA Controller: P5B [JMB363]

Réseau
Marvell Technology Group Ltd.:88E8056 PCI-E Gigabit Ethernet Controller
Marvell Technology Group Ltd.:88E8001 Gigabit Ethernet Controller: Marvell
88E8001 Gigabit Ethernet Controller (Asus)

Affichage
nVidia Corporation:G92 [GeForce 9800 GT]

Multimedia
Intel Corporation:82801H (ICH8 Family) HD Audio Controller: P5B
Brooktree Corporation:Bt878 Video Capture: WinTV Series
Brooktree Corporation:Bt878 Audio Capture: WinTV Series

Ponts
Intel Corporation:82P965/G965 Memory Controller Hub: P5B
Intel Corporation:82P965/G965 PCI Express Root Port: 82P965/G965 PCI Express
Root Port
Intel Corporation:82801H (ICH8 Family) PCI Express Port 1: 82801H (ICH8 Family)
PCI Express Port 1
Intel Corporation:82801H (ICH8 Family) PCI Express Port 5: 82801H (ICH8 Family)
PCI Express Port 5
Intel Corporation:82801H (ICH8 Family) PCI Express Port 6: 82801H (ICH8 Family)
PCI Express Port 6
Intel Corporation:82801 PCI Bridge: 82801 PCI Bridge
Intel Corporation:82801HB/HR (ICH8/R) LPC Interface Controller: P5B

Bus Series
Intel Corporation:82801H (ICH8 Family) USB UHCI Controller #4: P5B
Intel Corporation:82801H (ICH8 Family) USB UHCI Controller #5: P5B
Intel Corporation:82801H (ICH8 Family) USB2 EHCI Controller #2: P5B
Intel Corporation:82801H (ICH8 Family) USB UHCI Controller #1: P5B
Intel Corporation:82801H (ICH8 Family) USB UHCI Controller #2: P5B
Intel Corporation:82801H (ICH8 Family) USB UHCI Controller #3: P5B
Intel Corporation:82801H (ICH8 Family) USB2 EHCI Controller #1: P5B
Intel Corporation:82801H (ICH8 Family) SMBus Controller: P5B
Texas Instruments:TSB43AB22/A IEEE-1394a-2000 Controller (PHY/Link): P5W DH
Deluxe Motherboard

Périphérique USB
Logitech, Inc. LX710 Cordless Desktop Laser (Périphérique USB
composite)
Logitech, Inc. LX710 Cordless Desktop Laser (Périphérique
d'interface utilisateur USB)
Logitech, Inc. LX710 Cordless Desktop Laser (Périphérique
d'interface utilisateur USB)
Cambridge Silicon Radio, Ltd Bluetooth Dongle (HCI mode) (Generic Bluetooth
Radio)
Realtek Semiconductor Corp. RTL8187 Wireless Adapter
Clavier
Périphérique clavier PIH
Souris
Souris HID
Ecran(s)
Écran Plug-and-Play( HC194D)

Merci si quelqu'un peu m'aider, je serai très reconnaissant.

Greg

PS: antivirus: Kaspersky 2009

A voir également:

12 réponses

Réponse 1 / 12
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt
kaspersky trouve des infections? tu as un rapport de lui ?

_________

analyse ce fichier sur virus total et colle le rapport: https://www.virustotal.com/gui/

C:\WINDOWS\system32\winsys2.exe

_________

scan avec malwarebyte , fais un scan minutieux et colle le rapport obtenu et vire ce qui est trouvé:

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/­

______________________

Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit
0
Réponse 2 / 12
stoukboy Messages postés 1345 Statut Membre 139
 
Salut,

Avant tout, merci de me répondre.

Voici ce que tu m'as demandé:

"analyse ce fichier sur virus total et colle le rapport: https://www.virustotal.com/gui/

C:\WINDOWS\system32\winsys2.exe "

Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.18 2009.07.03 -
AhnLab-V3 5.0.0.2 2009.07.03 -
AntiVir 7.9.0.204 2009.07.03 -
Antiy-AVL 2.0.3.1 2009.07.03 -
Authentium 5.1.2.4 2009.07.03 -
Avast 4.8.1335.0 2009.07.03 -
AVG 8.5.0.386 2009.07.03 -
BitDefender 7.2 2009.07.03 -
CAT-QuickHeal 10.00 2009.07.03 -
ClamAV 0.94.1 2009.07.03 -
Comodo 1538 2009.07.02 -
DrWeb 5.0.0.12182 2009.07.03 -
eSafe 7.0.17.0 2009.07.02 -
eTrust-Vet 31.6.6596 2009.07.03 -
F-Prot 4.4.4.56 2009.07.03 -
F-Secure 8.0.14470.0 2009.07.03 -
Fortinet 3.117.0.0 2009.07.03 -
GData 19 2009.07.03 -
Ikarus T3.1.1.64.0 2009.07.03 -
Jiangmin 11.0.706 2009.07.03 -
K7AntiVirus 7.10.783 2009.07.03 -
Kaspersky 7.0.0.125 2009.07.03 -
McAfee 5665 2009.07.03 -
McAfee+Artemis 5665 2009.07.03 -
McAfee-GW-Edition 6.8.5 2009.07.03 -
Microsoft 1.4803 2009.07.03 -
NOD32 4214 2009.07.03 -
Norman 6.01.09 2009.07.03 -
nProtect 2009.1.8.0 2009.07.03 -
Panda 10.0.0.14 2009.07.03 -
PCTools 4.4.2.0 2009.07.03 -
Prevx 3.0 2009.07.03 -
Rising 21.36.44.00 2009.07.03 -
Sophos 4.43.0 2009.07.03 -
Sunbelt 3.2.1858.2 2009.07.02 -
Symantec 1.4.4.12 2009.07.03 -
TheHacker 6.3.4.3.360 2009.07.03 -
TrendMicro 8.950.0.1094 2009.07.03 -
VBA32 3.12.10.7 2009.07.03 -
ViRobot 2009.7.3.1818 2009.07.03 -
VirusBuster 4.6.5.0 2009.07.03 -
Information additionnelle
File size: 208896 bytes
MD5 : 27949ccd505a6be082d15547b1dff90d
SHA1 : 569f27f34d53ec7f3eb0151108f3d4f0b4e54140
SHA256: 7c47e876766ecd62aad68812a40f30bad56a32d994cc16a116b8d3c4ea30ee82
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x10214
timedatestamp.....: 0x478FF7FE (Fri Jan 18 01:51:10 2008)
machinetype.......: 0x14C (Intel I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x20996 0x21000 6.65 2bd762b046ea4317483b547ed7ae2d7f
.rdata 0x22000 0x7CFE 0x8000 4.90 1f93dbb50db9c21acda7c7c1888d93e8
.data 0x2A000 0x8FD4 0x3000 3.31 2bc8669cfae0847f14f5e0b842c89897
CONST 0x33000 0x1F 0x1000 0.09 e1c91d3ead8e57dca21253f563c750c1
.rsrc 0x34000 0x48A8 0x5000 4.41 46abb0b06f7f2c3453dea7320e86064f

( 0 imports )

( 0 exports )
TrID : File type identification
Win64 Executable Generic (54.6%)
Win32 Executable MS Visual C++ (generic) (24.0%)
Windows Screen Saver (8.3%)
Win32 Executable Generic (5.4%)
Win32 Dynamic Link Library (generic) (4.8%)
ThreatExpert: https://www.symantec.com?md5=27949ccd505a6be082d15547b1dff90d
ssdeep: 3072:AQNGGM2V/Oa49QFb+s6+6WKYy2YJfGnFGY2IKmistUtcQrvkpTQ7:APGlk59QFbj6+6oyjJfrY2IKHbrMm
PEiD : -
CWSandbox: http://research.sunbelt-software.com/...
RDS : NSRL Reference Data Set

"scan avec malwarebyte , fais un scan minutieux et colle le rapport obtenu et vire ce qui est trouvé: "


Malwarebytes' Anti-Malware 1.38
Version de la base de données: 2374
Windows 5.1.2600 Service Pack 3

05/07/2009 11:26:38
mbam-log-2009-07-05 (11-26-38).txt

Type de recherche: Examen complet (C:\|E:\|F:\|)
Eléments examinés: 291403
Temps écoulé: 1 hour(s), 6 minute(s), 7 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\program files\motorola phone tools\MPT_TEST_Info.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

Poste le contenu de log.txt (<<qui sera affiché)

Logfile of random's system information tool 1.06 (written by random/random)
Run by Greg at 2009-07-05 11:28:37
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 2 GB (10%) free of 20 GB
Total RAM: 2047 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:28:44, on 05/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
E:\Malwarebytes' Anti-Malware\mbam.exe
E:\Azureus\Azureus.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\Install\msxml4-KB954430-enu.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\NOTEPAD.EXE
E:\Telechargements\RSIT.exe
F:\Rar$EX00.453\Greg.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: HP52A9C2 HP0017A452A9C2
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] E:\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.bitdefender.fr/
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6ED06200-B1DE-461E-A130-545249899506}: NameServer = 192.168.1.1,192.168.1.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{94391837-E9E6-46AA-BC33-B6E19D4C0135}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0FEA7D6-E801-4DFD-AA41-D14F47BE3710}: NameServer = 192.168.0.1
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)
0
Réponse 3 / 12
stoukboy Messages postés 1345 Statut Membre 139
 
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 French Language Pack\setup.exe
Motorola Driver Installation 3.2.0-->MsiExec.exe /I{D6A1E429-CCE1-4140-A615-710B806D12BA}
Motorola Phone Tools-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
Music NFO Builder v1.20-->"C:\Program Files\Music NFO Builder\unins000.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA Performance Drivers-->MsiExec.exe /I{4C0A8D65-4286-4B58-87FE-18AD24289285}
NVIDIA PhysX-->MsiExec.exe /X{1C4551A6-4743-4093-91E4-1477CD655043}
OCCT Perestroika 2.0.1-->"C:\Program Files\OCCT\unins000.exe"
OCR Software by I.R.I.S 7.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
OpenTTD 0.7.1-->E:\TTD\uninstall.exe
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
PC Probe II-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\Setup.exe" -l0x40c
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
Pinnacle MediaCenter-->"C:\Program Files\InstallShield Installation Information\{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}\Setup.exe"UNINSTALL /l0x040c
Pinnacle MediaServer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{460CE8B9-6EC2-458A-90D4-691631ECE9D9}\setup.exe" -l0x40c UNINSTALL
PixiePack Codec Pack-->MsiExec.exe /I{621FCD24-4498-4324-A81E-07D331376EDF}
Plaxis 8.2 Update Pack 4-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB29BE83-1112-4219-8B29-559FB73E2BF8}\Setup.exe" -l0x9 ControlPanel
Plaxis 8.x-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B070BE0-4A7E-4914-8DF4-D5F1B3F9ED0E}\Setup.exe" -l0x9
Poker Indicator 2.2.7-->"E:\Poker Indicator\unins000.exe"
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
RCT3 Soaked-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA926717-CE5A-4CB4-AB21-9E6E9565A458}\Setup.exe" -l0x40c
RocketDock 1.3.5-->"C:\Program Files\RocketDock\unins000.exe"
RollerCoaster Tycoon 2: Wacky Worlds-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B1AD83A0-DC92-41E3-B111-E9472349768C}\Setup.exe" -l0x40c
RollerCoaster Tycoon 2-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}\Setup.exe" -l0x40c
RollerCoaster Tycoon® 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\Setup.exe" -l0x40c
SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x40c -removeonly
Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x040c -removeonly
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sins of a Solar Empire-->"C:\Documents and Settings\All Users\Application Data\{3ADC3395-6379-4C95-9292-30A373AC55BC}\setup.exe" REMOVE=TRUE MODIFY=FALSE
Sins of a Solar Empire-->C:\Documents and Settings\All Users\Application Data\{3ADC3395-6379-4C95-9292-30A373AC55BC}\setup.exe
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SoundMAX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x40c -removeonly
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Test Drive Unlimited-->"E:\Atari\Test Drive Unlimited\unins000.exe"
Thermal Analysis Tool-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6B2C675E-8040-431B-99C4-137DF4FBF75A}\setup.exe" -l0x9 -removeonly
Tom Clancy's H.A.W.X-->"C:\Program Files\InstallShield Installation Information\{6E36A172-06FB-4BC8-B7FC-D30D219E6776}\setup.exe" -runfromtemp -l0x040c -removeonly
Total Recorder 7.0-->"E:\TotalRecorder\setup.exe" U
TrackMania Nations Forever-->"E:\Steam\steam.exe" steam://uninstall/11020
Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Update for Outlook 2007 Junk Email Filter (kb970012)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {DC4A962B-9EC2-469C-BC9C-87312ADAEE81}
VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}
VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VideoLAN VLC media player 0.8.6i-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Vuze-->E:\Azureus\uninstall.exe
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Presentation Foundation Language Pack (FRA)-->MsiExec.exe /X{6901DD22-527A-41EF-9059-E81FEDE9E494}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation FR Language Pack-->MsiExec.exe /I{B84C141C-9A13-44BE-9A69-301D7B11D836}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Xbox 360 Controller for Windows-->"C:\WINDOWS\$NtUninstall_Xbox_360_CC_Driver$\spuninst\spuninst.exe"
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
YouTUBE (TM) movie downloader-->MsiExec.exe /X{2F8BE445-D14C-40E2-AF62-E43539FD1500}

======Hosts File======

HP52A9C2 HP0017A452A9C2
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com

======Security center information======

AV: Kaspersky Internet Security
FW: Kaspersky Internet Security

======System event log======

Computer Name: GREGOIRE
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Carte de performance WMI.

Record Number: 13148
Source Name: Service Control Manager
Time Written: 20090525121106.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: GREGOIRE
Event Code: 7036
Message: Le service Gestionnaire de connexions d'accès distant est entré dans l'état : en cours d'exécution.

Record Number: 13147
Source Name: Service Control Manager
Time Written: 20090525121053.000000+120
Event Type: Informations
User:

Computer Name: GREGOIRE
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Gestionnaire de connexions d'accès distant.

Record Number: 13146
Source Name: Service Control Manager
Time Written: 20090525121049.000000+120
Event Type: Informations
User: GREGOIRE\Greg

Computer Name: GREGOIRE
Event Code: 7036
Message: Le service Téléphonie est entré dans l'état : en cours d'exécution.

Record Number: 13145
Source Name: Service Control Manager
Time Written: 20090525121049.000000+120
Event Type: Informations
User:

Computer Name: GREGOIRE
Event Code: 7036
Message: Le service NLA (Network Location Awareness) est entré dans l'état : en cours d'exécution.

Record Number: 13144
Source Name: Service Control Manager
Time Written: 20090525121049.000000+120
Event Type: Informations
User:

=====Application event log=====

Computer Name: GREGOIRE
Event Code: 100
Message: wlmail (3028) Le moteur de base de données 5.01.2600.5512 est démarré.

Record Number: 4879
Source Name: ESENT
Time Written: 20081213145544.000000+060
Event Type: Informations
User:

Computer Name: GREGOIRE
Event Code: 102
Message: msnmsgr (3288) \\.\C:\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Messenger\stoukaytt@msn.com\SharingMetadata\Working\database_4248_F6C2_48F6_B3AF\dfsr.db: Le moteur de base de données a démarré une nouvelle instance (0).

Record Number: 4878
Source Name: ESENT
Time Written: 20081213144350.000000+060
Event Type: Informations
User:

Computer Name: GREGOIRE
Event Code: 100
Message: msnmsgr (3288) Le moteur de base de données 5.01.2600.5512 est démarré.

Record Number: 4877
Source Name: ESENT
Time Written: 20081213144350.000000+060
Event Type: Informations
User:

Computer Name: GREGOIRE
Event Code: 101
Message: msnmsgr (2876) Le moteur de base de données est arrêté.

Record Number: 4876
Source Name: ESENT
Time Written: 20081213130843.000000+060
Event Type: Informations
User:

Computer Name: GREGOIRE
Event Code: 103
Message: msnmsgr (2876) \\.\C:\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Messenger\stoukaytt@msn.com\SharingMetadata\Working\database_4248_F6C2_48F6_B3AF\dfsr.db: Le moteur de base de données a arrêté une instance (0).

Record Number: 4875
Source Name: ESENT
Time Written: 20081213130843.000000+060
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Samsung\Samsung PC Studio 3\;E:\IsoBuster;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0f02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Merci
0
Réponse 4 / 12
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
colle le rapport d'un scan en ligne
avec un des suivants:

bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 12
stoukboy Messages postés 1345 Statut Membre 139
 
Salut,

pour bitdefender, je n'ai pas de rapport... mais il n'a rien detecté d'anormale.

pour pands:

;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-07-06 00:14:04
PROTECTIONS: 1
MALWARE: 4
SUSPECTS: 2
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Kaspersky Internet Security 8.0.0.506 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00055560 Exploit/LoadImage HackTools No 0 Yes No E:\GRID\audio\speech\en\08_accidents\team9Term_2.raw
00055560 Exploit/LoadImage HackTools No 0 Yes No E:\GRID\audio\speech\it\Names_Player\man\Man_WD_N_42.raw
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Greg\Application Data\Uniblue\SpyEraser\Quarantine\Cookie.BS.Serving-Sys_20_09_2008_18_57_03.asq41
00590315 Rootkit/Agent.LNB HackTools No 0 Yes No C:\System Volume Information\_restore{C5B0309A-2E56-4EEC-ABE0-678C69502691}\RP546\A0156621.sys
02990320 Application/BoontyGames HackTools Yes 0 Yes No C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No C:\Program Files\Pinnacle\MediaCenter\Install\DivXPlayer\DivXPlay_ISV.exe
No E:\TechSmith\Camtasia Studio 5\Patch.exe
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================

merci
0
Réponse 6 / 12
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
bonty tu l'utilise?
0
Réponse 7 / 12
stoukboy Messages postés 1345 Statut Membre 139
 
Non pas du tout.

je l'ai virer, ainsi que le reste (sauf C:\System Volume Information\_restore{C5B0309A-2E56-4EEC-ABE0-678C69502691}\R­P546\A0156621.sys )

j'ai reinstaller mes drivers graphiques et tjs le meme pb.

merci
0
Réponse 8 / 12
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0
Réponse 9 / 12
stoukboy Messages postés 1345 Statut Membre 139
 
Bonsoir,

voici le rapport:

ComboFix 09-07-06.A0 - Greg 07/07/2009 19:00.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2047.1445 [GMT 2:00]
Lancé depuis: e:\telechargements\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\emMON.exe
c:\windows\Installer\522daf.msi
c:\windows\Installer\d94a505.msp

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games

((((((((((((((((((((((((((((( Fichiers créés du 2009-06-07 au 2009-07-07 ))))))))))))))))))))))))))))))))))))
.

2009-07-07 08:29 . 2009-07-07 08:29 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-07-07 08:25 . 2008-06-27 07:39 332928 ----a-w- c:\windows\system32\drivers\RTL8187.sys
2009-07-05 16:47 . 2009-07-05 16:47 -------- d-----w- c:\program files\Fichiers communs\PocketSoft
2009-07-05 16:47 . 2002-02-27 16:50 197120 ----a-w- c:\windows\patchw32.dll
2009-07-05 16:38 . 2008-06-19 15:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-07-05 16:38 . 2009-07-05 16:38 -------- d-----w- c:\program files\Panda Security
2009-07-05 09:28 . 2009-07-05 09:28 -------- d-----w- C:\rsit
2009-07-04 21:27 . 2009-07-04 21:27 -------- d-----w- c:\documents and settings\Greg\Application Data\Malwarebytes
2009-07-04 21:26 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-04 21:26 . 2009-07-04 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-04 21:26 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-30 07:50 . 2009-06-30 07:50 -------- d-----w- c:\documents and settings\Greg\Local Settings\Application Data\Microsoft Help
2009-06-23 20:42 . 2009-06-23 20:42 -------- d-----w- c:\program files\NVIDIA Corporation
2009-06-23 20:38 . 2009-04-30 20:02 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-23 20:38 . 2009-04-26 22:42 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-06-23 20:33 . 2009-05-18 09:00 208896 ----a-w- c:\windows\system32\WinSys2.exe
2009-06-23 20:33 . 2009-05-18 09:00 131072 ----a-w- c:\windows\system32\smdll.dll
2009-06-23 20:33 . 2009-04-30 20:02 9994240 ----a-w- c:\windows\system32\nvoglnt.dll
2009-06-23 20:33 . 2009-04-30 20:02 663552 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-23 20:33 . 2009-04-30 20:02 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-23 20:33 . 2009-04-30 20:02 1314816 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-23 20:33 . 2009-05-18 09:00 1798144 ----a-w- c:\windows\system32\msicpl.dll
2009-06-23 20:33 . 2009-05-18 09:00 130048 ----a-w- c:\windows\system32\MadCHook.dll
2009-06-23 20:33 . 2009-04-30 20:02 806912 ----a-w- c:\windows\system32\nvapi.dll
2009-06-23 20:33 . 2009-04-30 20:02 143360 ----a-w- c:\windows\system32\nvcodins.dll
2009-06-23 20:33 . 2009-04-30 20:02 143360 ----a-w- c:\windows\system32\nvcod.dll
2009-06-23 20:33 . 2009-05-18 09:00 32768 ----a-w- c:\windows\system32\Auxiliary.dll
2009-06-22 19:50 . 2009-04-30 20:02 1579630 ----a-w- c:\windows\system32\nvdata.bin
2009-06-22 14:08 . 2009-06-22 14:08 -------- d-----w- c:\documents and settings\Greg\Application Data\Sony Corporation
2009-06-22 13:45 . 2009-06-22 16:27 -------- d-----w- c:\documents and settings\Greg\Application Data\gtk-2.0
2009-06-22 13:45 . 2009-06-22 13:45 -------- d-----w- c:\documents and settings\Greg\.thumbnails
2009-06-22 13:43 . 2009-06-22 16:36 -------- d-----w- c:\documents and settings\Greg\.gimp-2.6
2009-06-22 13:43 . 2009-06-22 13:43 -------- d-----w- c:\documents and settings\Greg\.gegl-0.0
2009-06-21 22:53 . 2009-06-21 22:53 -------- d-----w- c:\program files\Fichiers communs\DivX Shared
2009-06-21 14:07 . 2006-06-12 01:30 89264 ----a-w- c:\windows\system32\drivers\DRVMCDB.SYS
2009-06-21 14:07 . 2006-03-17 06:35 5660 ----a-w- c:\windows\system32\drivers\DLACDBHM.SYS
2009-06-21 14:07 . 2006-03-17 06:34 22684 ----a-w- c:\windows\system32\drivers\DLARTL_N.SYS
2009-06-21 14:07 . 2006-03-17 03:20 40544 ----a-w- c:\windows\system32\drivers\DRVNDDM.SYS
2009-06-21 14:07 . 2009-06-21 14:07 -------- d-----w- c:\windows\system32\DLA
2009-06-21 14:07 . 2006-06-13 03:20 94263 ----a-w- c:\windows\DLA.EXE
2009-06-21 14:07 . 2006-06-13 03:20 61500 ----a-w- c:\windows\system32\DLAAPI_W.DLL
2009-06-21 14:06 . 2006-11-02 14:57 118520 ----a-w- c:\windows\system32\PxInsI64.exe
2009-06-21 14:06 . 2006-10-18 17:43 115960 ----a-w- c:\windows\system32\PxCpyI64.exe
2009-06-21 14:05 . 2009-06-21 14:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation
2009-06-21 13:51 . 2009-06-21 13:51 -------- d-----w- c:\documents and settings\Greg\Application Data\Publish Providers
2009-06-21 13:51 . 2009-06-21 13:51 -------- d-----w- c:\documents and settings\Greg\Local Settings\Application Data\Sony
2009-06-21 13:51 . 2009-06-21 13:51 -------- d-----w- c:\documents and settings\Greg\Application Data\Sony
2009-06-21 13:47 . 2009-06-21 14:14 -------- d-----w- c:\program files\Sony
2009-06-21 13:41 . 2009-06-21 13:41 -------- d-----w- c:\documents and settings\Greg\Local Settings\Application Data\WMTools Downloaded Files
2009-06-21 13:18 . 2009-06-21 13:18 -------- d-----w- c:\documents and settings\Greg\Application Data\Xilisoft Corporation
2009-06-21 13:17 . 2009-06-21 13:17 -------- d-----w- c:\program files\Xilisoft
2009-06-21 10:54 . 2009-06-21 10:54 -------- d-----w- c:\program files\Music NFO Builder
2009-06-18 23:22 . 2009-06-18 23:22 -------- d-----w- c:\program files\YouTUBE (TM) movie downloader
2009-06-18 20:38 . 2009-06-18 20:43 -------- d-----w- c:\program files\No-IP
2009-06-17 23:20 . 2009-06-18 18:00 -------- d-----w- C:\Poker
2009-06-14 19:05 . 2009-06-14 19:05 -------- d-----w- c:\documents and settings\Greg\Local Settings\Application Data\Bizarre Creations
2009-06-11 16:33 . 2009-04-30 21:16 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-11 16:33 . 2009-04-30 21:16 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-10 22:17 . 2009-06-17 23:27 -------- d-----w- c:\program files\PartyGaming

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-07 17:06 . 2009-05-25 10:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-07-07 17:03 . 2009-05-25 10:06 917536 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-07-07 17:03 . 2009-05-25 10:06 6383136 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-07 17:03 . 2009-05-25 10:06 6312 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-07-07 17:03 . 2009-05-25 10:06 54092 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-07 09:29 . 2008-06-23 20:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-05 17:24 . 2008-12-02 18:28 -------- d-----w- c:\documents and settings\Greg\Application Data\Atari
2009-07-05 17:24 . 2008-12-16 23:47 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-07-05 16:32 . 2008-06-24 17:18 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-07-05 16:06 . 2008-06-26 16:35 -------- d-----w- c:\documents and settings\Greg\Application Data\Azureus
2009-07-02 08:09 . 2008-12-04 00:09 -------- d-----w- c:\program files\Messenger Plus! Live
2009-06-23 20:41 . 2009-01-05 20:47 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2009-06-23 20:41 . 2009-01-05 20:49 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-22 15:09 . 2009-03-11 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Test Drive Unlimited
2009-06-21 22:53 . 2008-10-05 15:08 -------- d-----w- c:\program files\DivX
2009-06-18 23:26 . 2009-01-10 14:38 -------- d-----w- c:\documents and settings\Greg\Application Data\Apple Computer
2009-06-18 20:59 . 2008-07-08 22:22 -------- d-----w- c:\program files\ma-config.com
2009-06-18 20:59 . 2008-07-08 22:22 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com
2009-06-17 16:18 . 2008-06-23 22:51 -------- d-----w- c:\program files\RocketDock
2009-06-14 00:52 . 2008-06-23 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-08 17:46 . 2008-06-23 20:56 76280 ----a-w- c:\documents and settings\Greg\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-01 23:11 . 2009-06-01 23:11 -------- d-----w- c:\program files\iPod
2009-06-01 23:11 . 2009-01-10 14:34 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-06-01 23:09 . 2009-01-10 14:35 -------- d-----w- c:\program files\QuickTime
2009-06-01 23:05 . 2009-06-01 23:05 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-05-29 11:36 . 2009-03-18 17:58 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-29 11:36 . 2009-01-10 14:35 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-25 10:13 . 2008-01-29 15:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-05-25 10:13 . 2009-05-25 10:06 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-05-25 10:13 . 2009-05-25 10:06 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-05-25 10:13 . 2009-05-25 10:13 33808 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys
2009-05-25 10:13 . 2009-05-25 10:13 206088 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe
2009-05-25 10:13 . 2009-05-25 10:13 226832 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys
2009-05-25 10:06 . 2009-05-25 10:06 -------- d-----w- c:\program files\Kaspersky Lab
2009-05-25 09:59 . 2009-05-25 09:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-05-25 09:49 . 2008-07-15 20:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-18 09:00 . 2008-10-16 16:46 614400 ----a-w- c:\windows\system32\msvcr80.dll
2009-05-14 17:05 . 2001-08-28 12:00 91540 ----a-w- c:\windows\system32\perfc00C.dat
2009-05-14 17:05 . 2001-08-28 12:00 525078 ----a-w- c:\windows\system32\perfh00C.dat
2009-05-14 17:04 . 2008-06-23 22:52 -------- d-----w- c:\program files\MSBuild
2009-05-14 17:04 . 2009-05-14 17:04 166744 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-14 17:01 . 2009-05-14 17:01 -------- d-----w- c:\program files\Reference Assemblies
2009-05-14 16:59 . 2009-05-14 16:58 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-05-13 14:21 . 2008-06-23 22:05 121249 ----a-w- c:\windows\hpoins11.dat
2009-05-12 19:33 . 2008-10-21 21:25 -------- d-----w- c:\documents and settings\All Users\Application Data\TrackMania
2009-05-12 13:12 . 2008-06-23 21:15 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-05-07 15:33 . 2001-08-28 12:00 348672 ----a-w- c:\windows\system32\localspl.dll
2009-04-30 22:30 . 2009-04-30 22:30 1194528 ----a-w- c:\windows\system32\nvcplui.exe
2009-04-30 20:02 . 2008-06-23 20:53 8055584 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-04-30 20:02 . 2008-06-23 20:53 5896320 ----a-w- c:\windows\system32\nv4_disp.dll
2009-04-29 04:45 . 2001-08-28 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:45 . 2009-04-16 11:11 78336 ------w- c:\windows\system32\ieencode.dll
2009-04-22 16:51 . 2009-04-22 16:51 307200 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Radiotracker4\lyrics\SeekLyrics.dll
2009-04-22 16:51 . 2009-04-22 16:51 286720 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Radiotracker4\lyrics\LyricsOnDemand.dll
2009-04-22 16:51 . 2009-04-22 16:50 311296 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Radiotracker4\lyrics\LyricsVault.dll
2009-04-22 16:50 . 2009-04-22 16:50 307200 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Radiotracker4\lyrics\LyricsDemon.dll
2009-04-22 16:50 . 2009-04-22 16:50 286720 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Radiotracker4\lyrics\AstraLyrics.dll
2009-04-22 16:50 . 2009-04-22 16:50 339968 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Radiotracker4\general\allmusic.dll
2009-04-22 16:50 . 2009-04-22 16:50 413696 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Radiotracker4\general\amazon.dll
2009-04-22 16:50 . 2009-04-22 16:50 331776 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Radiotracker4\general\sonybmg.dll
2009-04-22 16:50 . 2009-04-22 16:50 311296 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Radiotracker4\general\musicline.dll
2009-04-22 16:50 . 2009-04-22 16:50 339968 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Radiotracker4\general\connect.dll
2009-04-22 16:50 . 2009-04-22 16:50 311296 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Radiotracker4\general\mp3com.dll
2009-04-21 22:20 . 2009-04-21 22:20 14311680 ----a-w- c:\windows\system32\xlive.dll
2009-04-21 22:20 . 2009-04-21 22:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll
2009-04-19 19:50 . 2001-08-28 12:00 1847296 ----a-w- c:\windows\system32\win32k.sys
2009-04-18 12:57 . 2008-09-21 10:49 15100943 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-04-17 10:46 . 2009-04-17 10:46 171566 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_04_17_12_40_37_small.dmp.zip
2009-04-15 14:53 . 2001-08-28 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2002-08-29 08:44 165376 A0EE5C06390357FEE7B7949DBCA156D3 c:\windows\system32\appmgmts.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-06-02 385024]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-05-25 206088]
"WinSys2"="c:\windows\system32\winsys2.exe" [2009-05-18 208896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-04-30 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"e:\\GRID\\GRID.exe"=
"e:\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"e:\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
"e:\\Steam\\steamapps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=
"e:\\Steam\\steamapps\\common\\gti racing\\GTIRacing.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\iTunes\\iTunes.exe"=
"e:\\Tom Clancy's H.A.W.X\\HAWX.exe"=

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [31/07/2008 21:45 20616]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 17:29 33808]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [05/07/2009 18:38 28544]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [28/04/2009 02:40 4440064]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]
R3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;c:\windows\system32\drivers\BUSB2902.sys [24/06/2008 19:13 110272]
R3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8XX.sys [24/06/2008 00:36 433732]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 18:02 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 17:06 24592]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [07/07/2009 10:25 332928]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [30/07/2008 15:02 120472]
S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\DRIVERS\EAPPkt.sys --> c:\windows\system32\DRIVERS\EAPPkt.sys [?]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [02/07/2008 15:58 26248]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [29/05/2009 17:13 234864]
S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;\??\c:\windows\system32\PLCMPR5.SYS --> c:\windows\system32\PLCMPR5.SYS [?]
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;c:\windows\system32\PLCNDIS5.SYS [23/06/2008 23:14 17280]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contenu du dossier 'Tâches planifiées'

2009-07-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
IE: Ajouter à Kaspersky Anti-Bannière - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: bitdefender.com\kb
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
TCP: {94391837-E9E6-46AA-BC33-B6E19D4C0135} = 192.168.0.1
TCP: {C0FEA7D6-E801-4DFD-AA41-D14F47BE3710} = 192.168.0.1
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
FF - ProfilePath - c:\documents and settings\Greg\Application Data\Mozilla\Firefox\Profiles\mgqo95mq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - plugin: c:\documents and settings\Greg\Application Data\Mozilla\Firefox\Profiles\mgqo95mq.default\extensions\npfax@microgaming.co.uk\platform\WINNT_x86-msvc\plugins\npfax.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: e:\itunes\Mozilla Plugins\npitunes.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-07 19:06
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-839522115-1303643608-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:58,dc,97,a5,fd,07,e7,62,ae,1b,ef,e8,46,1c,ea,6f,c4,fd,df,bc,d5,6e,9d,
b2,b0,dc,18,0c,02,d3,05,c9,b7,ab,cd,64,10,b8,23,c0,03,36,0d,5a,5d,2b,11,c5,\
"??"=hex:59,e5,97,70,47,08,a5,1e,f6,13,83,cc,52,0d,a6,6c

[HKEY_USERS\S-1-5-21-839522115-1303643608-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:9a,14,af,ec,85,6a,be,ba,81,0b,4e,43,89,38,9b,5f,07,2c,01,1b,f7,
db,a0,57,59,17,87,3e,76,8b,e0,5d,4d,6e,e3,6d,99,9c,92,28,19,e4,61,22,c7,64,\
"rkeysecu"=hex:83,12,9d,05,a7,65,b0,ec,cd,9b,51,7f,f2,d3,f5,ee

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,09,85,dd,c5,17,
bd,71,67,e2,63,26,f1,3f,c8,ff,68,94,9e,43,83,99,05,63,1c,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,7e,ee,45,ab,c5,
a1,a3,38,6a,9c,d6,61,af,45,84,18,7a,de,54,49,81,3a,3f,7c,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,f3,49,fe,8a,fe,
c3,43,26,ff,7c,85,e0,43,d4,0e,fe,fd,e1,f1,62,df,9a,02,39,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,5f,13,d9,20,7d,
4f,8e,ac,86,8c,21,01,be,91,eb,e7,0d,e0,ae,8b,d0,e4,ea,de,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,2a,69,a9,c3,87,
25,48,77,f5,1d,4d,73,a8,13,5c,05,71,fb,50,ae,0f,bb,69,ee,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,4e,cb,fb,96,78,
8e,68,b8,df,20,58,62,78,6b,cf,c8,41,70,36,0d,ca,a6,7d,10,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,6e,75,d2,de,ba,
82,08,32,fb,a7,78,e6,12,2f,9a,ea,fb,8a,e6,2f,fd,5a,6c,6e,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,54,c9,17,78,db,
1a,79,3e,01,3a,48,fc,e8,04,4a,f1,4e,cf,67,f1,08,bb,04,51,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,f1,a4,8d,75,da,
5f,00,3d,f6,0f,4e,58,98,5b,89,c9,88,f0,f5,d8,e9,ff,2e,21,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,c0,da,67,8b,5c,
8c,f1,40,3d,ce,ea,26,2d,45,aa,78,61,d8,12,7b,e2,ce,20,21,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,25,a4,83,e5,3a,
37,8e,85,2a,b7,cc,b5,b9,7f,41,e7,10,ef,a3,3a,f7,96,f7,f3,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,dd,c3,e8,13,20,
47,6e,04,6c,43,2d,1e,aa,22,2f,9c,14,5a,02,12,43,d6,21,2d,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(2652)
c:\program files\RocketDock\RocketDock.dll
c:\windows\system32\msi.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Heure de fin: 2009-07-07 19:09 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-07-07 17:09

Avant-CF: 1 457 831 936 octets libres
Après-CF: 2 351 153 152 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn

Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
371 --- E O F --- 2009-07-07 01:07

J'y comprends pas grand chose là... que faire?

Merci
0
Réponse 10 / 12
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
le pc va mieux? Tes soucis ont débuté quel jour? Depuis l'installation de kaspersky..-?
0
Réponse 11 / 12
stoukboy Messages postés 1345 Statut Membre 139
 
bonjour,

je ne sais plus trop en fait. Peut etre après la reinstallation de test drive unlimited, mais ce n'est pas un jeu cracké.
0
Réponse 12 / 12
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
tente de le virer pour voir si cela arrange tout

____________

repare windows aussi:
http://www.commentcamarche.net/faq/sujet 3713 fichier corrompu ou manquant

_______________

cela persiste?
0