Trojan

Résolu/Fermé
povredemoi - 17 août 2009 à 23:10
jlpjlp Messages postés 51574 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 23 août 2009 à 18:58
Bonjour,g un probleme avec un trojan proxy win 32 sef g tenter pas mal de truc en vain si quelqu1 pouvait m aider sa m aidrer bien(spy bot,adward,scan avast,a2 qui les a detecter mais ne peut pas les enlever ni mettre en quarentaine,malwrbyte,rien n y fait.help!!!!

31 réponses

jlpjlp Messages postés 51574 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 042
17 août 2009 à 23:12
slt colle le rapport a suqared et malwarebyte
pour voir les fichiers infectés


puis


Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit
2
bs merci de ton aide g virer a2,et si tu m explique coment je pe t envoyer le rapport malwarbyte je suis super nul en informatique si t ai patient je finirer par y arriver.
0
Version - a-squared Free 4.5
Dernière mise à jour : 15/08/2009 23:54:03

Paramètres des balayages :

Type de numérisation : Scan Rapide
Éléments : Mémoire, Traces, Cookies
Balaye dans les archives : Marche
Analyse heuristique : Arrêt
Balaye dans les ADS : Marche

Début du balayage : 16/08/2009 02:33:54

[5868] C:\Windows\Temp\kripibsvwa.exe Objets détectés : Trojan-Proxy.Win32.Sefbov!IK
[4896] C:\Windows\Temp\kripibsvwa.exe Objets détectés : Trojan-Proxy.Win32.Sefbov!IK

Analysé

Fichiers : 2197
Traces : 535725
Cookies : 41
Processus : 49

Objets trouvés

Fichiers : 0
Traces : 0
Cookies : 0
Processus : 2
Clés de Registre : 0

Fin du balayage : 16/08/2009 02:36:36
Temps du balayage : 0:02:42

[5868] C:\Windows\Temp\kripibsvwa.exe En quarantaine Trojan-Proxy.Win32.Sefbov!IK
[4896] C:\Windows\Temp\kripibsvwa.exe En quarantaine Trojan-Proxy.Win32.Sefbov!IK

En quarantaine

Fichiers : 0
Traces : 0
Cookies : 0
0
vinfo.txt logfile of random's system information tool 1.06 2009-08-16 23:29:22

======Uninstall list======

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC4F90EC-B1DA-11D9-9D77-000129760D75}\setup.exe" -uninstall
Acer eMode Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Acer Empowering Technology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x40c -removeonly
Acer ePerformance Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D462BF9E-0C35-4705-BF9B-3DF9F3816643}\setup.exe" -l0x40c -removeonly
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Acer Tour-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x40c -removeonly
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Glary Utilities 2.13.0.686-->"C:\Program Files\Glary Utilities\unins000.exe"
GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Works-->MsiExec.exe /I{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C}
Mozilla Firefox (2.0.0.20)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
Nokia Connectivity Cable Driver-->MsiExec.exe /I{82427977-8776-4087-90CA-9F65174D3C4D}
Nokia PC Suite-->MsiExec.exe /I{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}
Paint.NET v3.08-->MsiExec.exe /X{83B26E5D-1795-4DFE-9317-0FA0F3AAB568}
PC Connectivity Solution-->MsiExec.exe /I{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}
PC Health Optimizer Free Edition-->"C:\Program Files\PC Health Optimizer Free Edition\unins000.exe"
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
Revo Uninstaller 1.83-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""

=====HijackThis Backups=====

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-08-16]

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AS: Spybot - Search and Destroy (disabled)
AS: Lavasoft Ad-Watch Live!
AS: Windows Defender

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2

-----------------EOF-----------------
0
info.txt logfile of random's system information tool 1.06 2009-08-16 23:29:22

======Uninstall list======

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC4F90EC-B1DA-11D9-9D77-000129760D75}\setup.exe" -uninstall
Acer eMode Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Acer Empowering Technology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x40c -removeonly
Acer ePerformance Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D462BF9E-0C35-4705-BF9B-3DF9F3816643}\setup.exe" -l0x40c -removeonly
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Acer Tour-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x40c -removeonly
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Glary Utilities 2.13.0.686-->"C:\Program Files\Glary Utilities\unins000.exe"
GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Works-->MsiExec.exe /I{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C}
Mozilla Firefox (2.0.0.20)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
Nokia Connectivity Cable Driver-->MsiExec.exe /I{82427977-8776-4087-90CA-9F65174D3C4D}
Nokia PC Suite-->MsiExec.exe /I{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}
Paint.NET v3.08-->MsiExec.exe /X{83B26E5D-1795-4DFE-9317-0FA0F3AAB568}
PC Connectivity Solution-->MsiExec.exe /I{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}
PC Health Optimizer Free Edition-->"C:\Program Files\PC Health Optimizer Free Edition\unins000.exe"
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
Revo Uninstaller 1.83-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""

=====HijackThis Backups=====

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-08-16]

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AS: Spybot - Search and Destroy (disabled)
AS: Lavasoft Ad-Watch Live!
AS: Windows Defender

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2

-----------------EOF-----------------
0
Logfile of random's system information tool 1.06 (written by random/random)
Run by bob at 2009-08-16 23:29:05
Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 1
System drive C: has 51 GB (71%) free of 71 GB
Total RAM: 2047 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:29:21, on 16/08/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\bob\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\bob.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hugedomains.com/domain_profile.cfm?d=cooxer&e=com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: a-squared Free Service a2freeAcerMemUsageCheckService (a2freeAcerMemUsageCheckService) - Unknown owner - C:\Windows\TEMP\kripibsvwa.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
0
jlpjlp Messages postés 51574 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 042
21 août 2009 à 17:34
oui fais tool cleaner qui virera ce qui a été utilisé et non utile pour toi!
1
jlpjlp Messages postés 51574 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 042
18 août 2009 à 13:07
télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0
ComboFix 09-08-10.06 - bob 17/08/2009 13:58.2.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6001.1.1252.33.1036.18.2047.1361 [GMT 1:00]
Running from: c:\users\bob\Downloads\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\Installer\2943f6.msi
c:\windows\Installer\29441b.msi
c:\windows\Installer\30447d.msi
c:\windows\system32\kungsffybritxy.dat
c:\windows\TEMP\kripibsvwa.exe



.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_kungsfxslbmqwm
-------\Legacy_ovfsthbtpvrrctlhcnjifitsmeiwctxncetxxb
-------\Service_kungsfxslbmqwm
-------\Service_ovfsthbtpvrrctlhcnjifitsmeiwctxncetxxb
-------\Service_a2freeAcerMemUsageCheckService


((((((((((((((((((((((((( Files Created from 2009-07-17 to 2009-08-17 )))))))))))))))))))))))))))))))
.

2009-08-17 11:31 . 2009-08-17 12:36 117760 ----a-w- c:\users\bob\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-17 11:30 . 2009-08-17 11:30 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-08-17 11:30 . 2009-08-17 11:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-17 11:30 . 2009-08-17 11:30 -------- d-----w- c:\users\bob\AppData\Roaming\SUPERAntiSpyware.com
2009-08-17 11:30 . 2009-08-17 11:30 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-16 22:29 . 2009-08-16 22:32 -------- d-----w- C:\rsit
2009-08-15 00:35 . 2009-08-15 00:35 91 ----a-w- c:\windows\system32\kbiwkmsetqkfes.dat
2009-08-15 00:25 . 2009-08-15 00:25 19968 ----a-w- c:\windows\system32\kbiwkmbydknnmm.dll
2009-08-15 00:24 . 2009-08-15 01:26 68608 ------w- c:\windows\system32\drivers\kbiwkmqlsuxwcm.sys
2009-08-15 00:24 . 2009-08-15 00:40 1528 ----a-w- c:\windows\system32\kbiwkmbocinvxa.dat
2009-08-15 00:24 . 2009-08-15 00:24 42496 ----a-w- c:\windows\system32\kbiwkmfnevqbvm.dll
2009-08-12 16:19 . 2009-08-15 01:15 -------- d-----w- c:\users\bob\.thumbnails
2009-08-12 15:25 . 2009-05-11 11:15 251392 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstfaad.dll
2009-08-12 15:25 . 2009-05-11 11:13 32256 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstmms.dll
2009-08-12 15:25 . 2009-05-11 11:13 51200 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgsta52dec.dll
2009-08-12 15:25 . 2009-05-11 11:13 90112 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstmpeg2dec.dll
2009-08-12 15:25 . 2009-05-11 15:12 5297152 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstffmpeg.dll
2009-08-12 15:25 . 2009-05-11 11:14 155648 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstdtsdec.dll
2009-08-12 15:25 . 2009-05-11 11:11 187392 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstmad.dll
2009-08-12 15:25 . 2009-05-11 11:09 42496 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstmpegaudioparse.dll
2009-08-12 15:23 . 2009-08-13 17:04 -------- d-----w- c:\program files\Moovida
2009-08-11 23:00 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-11 23:00 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-11 23:00 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-11 23:00 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-11 23:00 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-11 23:00 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-11 23:00 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-11 23:00 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-11 21:09 . 2009-08-13 09:42 -------- d-----w- c:\users\bob\AppData\Local\PowerCinema
2009-08-11 00:06 . 2009-08-12 15:39 76488 ----a-w- c:\users\bob\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-10 09:24 . 2009-08-10 09:47 -------- d-----w- c:\users\bob\AppData\Roaming\Broad Intelligence
2009-08-10 09:23 . 2009-08-10 09:23 12588752 ----a-w- c:\users\bob\AppData\Roaming\OpenCandy\pal_install_r83037.exe
2009-08-10 09:23 . 2009-08-10 09:23 -------- d-----w- c:\users\bob\AppData\Roaming\OpenCandy
2009-08-10 09:22 . 2009-08-10 09:47 -------- d-----w- c:\program files\MediaCoder
2009-08-06 09:54 . 2009-08-06 09:54 -------- d-----w- c:\users\bob\AppData\Local\Mozilla
2009-07-27 16:10 . 2009-07-27 16:10 -------- d-----w- c:\users\bob\AppData\Roaming\Talkback
2009-07-21 15:52 . 2009-07-21 15:52 -------- d-----w- c:\users\bob\AppData\Roaming\GRETECH
2009-07-19 14:41 . 2009-07-19 14:41 -------- d-----w- c:\users\bob\AppData\Roaming\Media Player Classic

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-16 18:12 . 2009-02-26 21:48 -------- d-----w- c:\program files\a-squared Free
2009-08-16 17:25 . 2009-05-20 15:57 -------- d-----w- c:\program files\Glary Utilities
2009-08-16 17:25 . 2008-05-05 20:28 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-08-13 16:00 . 2009-08-12 15:24 -------- d-----w- c:\users\bob\AppData\Roaming\Python-Eggs
2009-08-13 15:08 . 2009-04-13 14:32 -------- d-----w- c:\programdata\Lavasoft
2009-08-13 10:18 . 2009-05-02 16:16 -------- d-----w- c:\programdata\PC Suite
2009-08-12 09:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-10 18:31 . 2008-02-19 19:39 -------- d-----w- c:\users\bob\AppData\Roaming\CyberLink
2009-08-09 10:04 . 2008-12-08 16:44 -------- d-----w- c:\users\bob\AppData\Roaming\OpenOffice.org
2009-08-09 00:28 . 2006-11-02 15:45 669328 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-09 00:28 . 2006-11-02 15:45 123350 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-08 11:54 . 2008-06-06 09:41 -------- d-----w- c:\users\bob\AppData\Roaming\Nokia
2009-08-08 11:33 . 2009-08-08 11:33 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2009-08-08 11:30 . 2008-06-06 09:37 -------- d-----w- c:\programdata\Installations
2009-08-06 15:52 . 2009-07-15 08:40 -------- d-----w- c:\program files\PC Health Optimizer Free Edition
2009-08-03 12:36 . 2009-05-29 11:52 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 12:36 . 2009-02-18 00:33 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-03 01:26 . 2009-02-18 00:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-31 14:39 . 2008-05-05 20:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-25 11:16 . 2009-06-02 10:38 -------- dc-h--w- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-07-21 15:52 . 2009-07-14 00:06 -------- d-----w- c:\program files\GRETECH
2009-07-18 16:06 . 2009-07-28 10:54 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-28 10:54 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-28 10:54 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 00:26 . 2009-07-17 00:26 -------- d-----w- c:\program files\Alwil Software
2009-07-14 11:28 . 2009-06-15 14:51 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-07-11 13:53 . 2009-06-15 14:49 -------- d-sh--w- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-06-21 09:00 . 2009-06-17 16:16 -------- d-----w- c:\program files\Paint.NET
2009-06-20 21:53 . 2008-12-10 20:52 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-20 14:43 . 2007-07-10 12:09 -------- d-----w- c:\program files\Microsoft Works
2009-06-15 15:24 . 2009-07-13 23:59 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-13 23:59 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-13 23:59 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-13 23:59 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-06-11 15:52 . 2009-08-12 15:24 123904 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_codecs-0.1.101-py2.5.egg-tmp\elisa\plugins\codecs\gstreamer\libgstflumpegdemux.dll
2009-06-11 15:52 . 2009-08-12 15:24 128000 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_codecs-0.1.101-py2.5.egg-tmp\elisa\plugins\codecs\gstreamer\libgstfluasfdemux.dll
2009-06-02 10:38 . 2009-03-13 15:09 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-20 22:52 . 2009-08-12 15:24 108032 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_codecs-0.1.101-py2.5.egg-tmp\elisa\plugins\codecs\gstreamer\libgstcoreelements.dll
2008-12-17 23:04 . 2009-08-06 16:06 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-17 23:04 . 2009-08-06 16:06 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-17 23:04 . 2009-08-06 16:06 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-17 23:04 . 2009-08-06 16:06 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-17 23:04 . 2009-08-06 16:06 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-08-05 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Ad-Watch"=c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
"PCMService"="c:\acer\Empowering Technology\eMode\PCM\PCMService.exe"
"Acer Empowering Technology Monitor"=c:\acer\Empowering Technology\SysMonitor.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{EBF00423-765B-4BCB-9694-FD0A5747AB01}"= UDP:c:\acer\Empowering Technology\eMode\PCM\PCMService.exe:CyberLink PowerCinema Resident Program
"{E7521040-F2A1-46DE-82BC-41CE0035A1D0}"= TCP:c:\acer\Empowering Technology\eMode\PCM\PCMService.exe:CyberLink PowerCinema Resident Program
"{889A3DE1-37FF-4843-9067-0A4FE0C9B168}"= UDP:c:\program files\Moovida\moovida.exe:Moovida Media Center
"{ACAA56E4-FE6D-4843-B638-906E3533320E}"= TCP:c:\program files\Moovida\moovida.exe:Moovida Media Center

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [21/04/2009 13:02 64160]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [17/07/2009 01:26 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05/08/2009 16:06 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/08/2009 16:06 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [17/07/2009 01:26 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [17/07/2009 01:26 51792]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 22:34 1029456]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [05/05/2008 21:28 809296]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/08/2009 16:06 7408]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\System32\drivers\SiSGB6.sys [10/07/2007 21:29 46592]
S3 SiS6350;SiS6350;c:\windows\System32\drivers\SISGRKMD.sys [10/07/2007 21:29 454520]
S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [04/03/2008 16:42 80744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-06-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 11:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://orange.fr/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.cooxer.com/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\l4r4gg60.default\
FF - prefs.js: browser.startup.homepage - hxxp://orange.fr/
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-17 14:02
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\S45\Par]
@DACL=(02 0000)
"ID"=dword:0038580b
"CheckPort25DateTime"=dword:00384ff4
"CheckPort25Result"=dword:00000001
"CheckNATDateTime"=dword:004dad31
"CheckNATResult"=dword:00000003
"RA"=dword:1e686b59
"RP"=dword:0000f00a

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-08-17 14:05
ComboFix-quarantined-files.txt 2009-08-17 13:05

Pre-Run: 51 338 739 712 octets libres
Post-Run: 51 140 894 720 octets libres

234 --- E O F --- 2009-08-17 10:44
0
bj voila c fait.merci jlpjlp
0
Srpski | Македонски | العربية | Suomi | ihMdI | | עברית | | Slovenščina | Dansk | Русский | Română | Türkçe | Nederlands | Ελληνικά | Svenska | Português | Italiano | | | Magyar | Deutsch | Česky | Polski | Español | English
Virustotal est un service qui analyse les fichiers suspects et facilite la détection rapide des virus, vers, chevaux de Troie et toutes sortes de malwares détectés par les moteurs antivirus. Plus d'informations...
Fichier kbiwkmbydknnmm.dll_ reçu le 2009.08.18 12:46:55 (UTC)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE


Résultat: 1/41 (2.44%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 1.
L'heure estimée de démarrage est entre 40 et 57 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:


Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.18 -
AhnLab-V3 5.0.0.2 2009.08.18 -
AntiVir 7.9.1.1 2009.08.18 -
Antiy-AVL 2.0.3.7 2009.08.18 -
Authentium 5.1.2.4 2009.08.18 -
Avast 4.8.1335.0 2009.08.17 -
AVG 8.5.0.406 2009.08.18 -
BitDefender 7.2 2009.08.18 -
CAT-QuickHeal 10.00 2009.08.18 -
ClamAV 0.94.1 2009.08.18 -
Comodo 2011 2009.08.18 -
DrWeb 5.0.0.12182 2009.08.18 -
eSafe 7.0.17.0 2009.08.17 -
eTrust-Vet 31.6.6685 2009.08.18 -
F-Prot 4.4.4.56 2009.08.18 -
F-Secure 8.0.14470.0 2009.08.18 -
Fortinet 3.120.0.0 2009.08.18 -
GData 19 2009.08.18 -
Ikarus T3.1.1.68.0 2009.08.18 -
Jiangmin 11.0.800 2009.08.18 -
K7AntiVirus 7.10.820 2009.08.17 -
Kaspersky 7.0.0.125 2009.08.18 -
McAfee 5712 2009.08.17 -
McAfee+Artemis 5712 2009.08.17 -
McAfee-GW-Edition 6.8.5 2009.08.18 -
Microsoft 1.4903 2009.08.18 Trojan:Win32/Alureon.gen!U
NOD32 4344 2009.08.18 -
Norman 6.01.09 2009.08.17 -
nProtect 2009.1.8.0 2009.08.18 -
Panda 10.0.0.14 2009.08.17 -
PCTools 4.4.2.0 2009.08.18 -
Prevx 3.0 2009.08.18 -
Rising 21.43.13.00 2009.08.18 -
Sophos 4.44.0 2009.08.18 -
Sunbelt 3.2.1858.2 2009.08.18 -
Symantec 1.4.4.12 2009.08.18 -
TheHacker 6.3.4.3.383 2009.08.13 -
TrendMicro 8.950.0.1094 2009.08.18 -
VBA32 3.12.10.9 2009.08.18 -
ViRobot 2009.8.18.1889 2009.08.18 -
VirusBuster 4.6.5.0 2009.08.17 -
Information additionnelle
File size: 19968 bytes
MD5...: 2fcc7e7f612937f775cef0318ced7ae7
SHA1..: e568511387afabff264876065ae5ee289c4e8bea
SHA256: 1f78c6ab9a79d5dc5079e60861842afe7df7b7b6a1f02165ce7b9748dfbf24f3
ssdeep: 384:x8CJXPeX5wwQeBmEzAHa6HECBnr+HzE9ZW2kCvLSrl:x8CJX2pRQgcffv9ZW
+LSr

PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1481
timedatestamp.....: 0x4a85adf2 (Fri Aug 14 18:33:22 2009)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x181c 0x1a00 6.52 a2f48af149da681a9aa4ba1f9de7a2e4
.rdata 0x3000 0xffb 0x1000 7.08 fee94a68f82f4110a917fffca8d1f0be
.data 0x4000 0xac1 0xc00 6.77 bb599d73bf43e06beade97bad2cb311c
.rsrc 0x5000 0x116f 0x1200 6.47 c2bae2506023fd6393b7d66785c9e741
.reloc 0x7000 0x34 0x200 0.80 5faf858ca19d1fdb7ddabd41abe43418

( 4 imports )
> kernel32.dll: GetTempPathA, OpenFile, CreateFileW, CallNamedPipeA, GetFileSize, OpenEventW, WriteFileEx, VirtualAllocEx, PostQueuedCompletionStatus, GetVersion, GetSystemDefaultLangID, ResetEvent, VirtualFree, GetProfileSectionA, GetCurrencyFormatW, GetProcAddress, GetEnvironmentVariableA, GetFileInformationByHandle, GetCurrentProcess, CreateDirectoryA, InterlockedExchangeAdd, EndUpdateResourceA, GetComputerNameA, GetLastError, FindResourceA, VirtualAlloc, DosPathToSessionPathA, EraseTape, FreeLibrary, CreateMutexA, TlsSetValue, GetProcessWorkingSetSize
> msvcrt.dll: rand, _filelengthi64, _initterm, _putenv, _CIsqrt, _futime, _fullpath, _strerror, memcpy
> winmm.dll: waveOutGetErrorTextA, mmioSeek, midiOutMessage, mciGetCreatorTask, waveInGetDevCapsW, DriverCallback, waveInGetDevCapsA, mmioSetBuffer, midiOutSetVolume, WOWAppExit
> opengl32.dll: glClipPlane, glColor4f, glGetLightiv, glVertex3sv, glTexSubImage1D, glTexCoord1iv, glVertex3fv, glDebugEntry, glIndexubv, glTexCoordPointer, glClear

( 3 exports )
OxGzqhpXcx, VriQjzhSjmeehEsxumvDp, GzxzSfhfsknRigqyxOb

PDFiD.: -
RDS...: NSRL Reference Data Set
-


ATTENTION: VirusTotal est un service gratuit offert par Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la détection des virus et malwares.

VirusTotal © Hispasec Sistemas - Blog - Contact: info@virustotal.com - Terms of Service & Privacy Policy
0
jlpjlp Messages postés 51574 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 042
18 août 2009 à 14:25
analyse 3 de ces fichiers sur virus total et colle les rapports https://www.virustotal.com/gui/

c:\windows\system32\kbiwkmsetqkfes.dat
c:\windows\system32\kbiwkmbydknnmm.dll
c:\windows\system32\drivers\kbiwkmqlsux­wcm.sys
c:\windows\system32\kbiwkmbocinvxa.dat
c:\windows\system32\kbiwkmfnevqbvm.dll
0
Srpski | Македонски | العربية | Suomi | ihMdI | | עברית | | Slovenščina | Dansk | Русский | Română | Türkçe | Nederlands | Ελληνικά | Svenska | Português | Italiano | | | Magyar | Deutsch | Česky | Polski | Español | English
Virustotal est un service qui analyse les fichiers suspects et facilite la détection rapide des virus, vers, chevaux de Troie et toutes sortes de malwares détectés par les moteurs antivirus. Plus d'informations...
Fichier kbiwkmsetqkfes.dat_ reçu le 2009.08.18 12:42:29 (UTC)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE


Résultat: 0/41 (0%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 1.
L'heure estimée de démarrage est entre 40 et 57 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:


Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.18 -
AhnLab-V3 5.0.0.2 2009.08.18 -
AntiVir 7.9.1.1 2009.08.18 -
Antiy-AVL 2.0.3.7 2009.08.18 -
Authentium 5.1.2.4 2009.08.18 -
Avast 4.8.1335.0 2009.08.17 -
AVG 8.5.0.406 2009.08.18 -
BitDefender 7.2 2009.08.18 -
CAT-QuickHeal 10.00 2009.08.18 -
ClamAV 0.94.1 2009.08.18 -
Comodo 2011 2009.08.18 -
DrWeb 5.0.0.12182 2009.08.18 -
eSafe 7.0.17.0 2009.08.17 -
eTrust-Vet 31.6.6685 2009.08.18 -
F-Prot 4.4.4.56 2009.08.18 -
F-Secure 8.0.14470.0 2009.08.18 -
Fortinet 3.120.0.0 2009.08.18 -
GData 19 2009.08.18 -
Ikarus T3.1.1.68.0 2009.08.18 -
Jiangmin 11.0.800 2009.08.18 -
K7AntiVirus 7.10.820 2009.08.17 -
Kaspersky 7.0.0.125 2009.08.18 -
McAfee 5712 2009.08.17 -
McAfee+Artemis 5712 2009.08.17 -
McAfee-GW-Edition 6.8.5 2009.08.18 -
Microsoft 1.4903 2009.08.18 -
NOD32 4344 2009.08.18 -
Norman 6.01.09 2009.08.17 -
nProtect 2009.1.8.0 2009.08.18 -
Panda 10.0.0.14 2009.08.17 -
PCTools 4.4.2.0 2009.08.18 -
Prevx 3.0 2009.08.18 -
Rising 21.43.13.00 2009.08.18 -
Sophos 4.44.0 2009.08.18 -
Sunbelt 3.2.1858.2 2009.08.18 -
Symantec 1.4.4.12 2009.08.18 -
TheHacker 6.3.4.3.383 2009.08.13 -
TrendMicro 8.950.0.1094 2009.08.18 -
VBA32 3.12.10.9 2009.08.18 -
ViRobot 2009.8.18.1889 2009.08.18 -
VirusBuster 4.6.5.0 2009.08.17 -
Information additionnelle
File size: 91 bytes
MD5...: 2b20b570f4b669d69e9bfe9c5c9b755b
SHA1..: 232b5bf3012ee85cf57f1e48b122a7424a08ca6b
SHA256: 0f1aebc9751a9eba643424240b45adedecbc5a9ce75540a103e63ea986fa36fb
ssdeep: 3:am7CQaAjh9B6EGbmgm/edACeB3tl2HnlBXqVwd:aDQhjV6EGseCdB/GlBJd

PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-


ATTENTION: VirusTotal est un service gratuit offert par Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la détection des virus et malwares.

VirusTotal © Hispasec Sistemas - Blog - Contact: info@virustotal.com - Terms of Service & Privacy Policy
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Srpski | Македонски | العربية | Suomi | ihMdI | | עברית | | Slovenščina | Dansk | Русский | Română | Türkçe | Nederlands | Ελληνικά | Svenska | Português | Italiano | | | Magyar | Deutsch | Česky | Polski | Español | English
Virustotal est un service qui analyse les fichiers suspects et facilite la détection rapide des virus, vers, chevaux de Troie et toutes sortes de malwares détectés par les moteurs antivirus. Plus d'informations...
Fichier kbiwkmbocinvxa.dat_ reçu le 2009.08.18 12:42:57 (UTC)
Situation actuelle: terminé

Résultat: 1/41 (2.44%)
Formaté Impression des résultats
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.18 -
AhnLab-V3 5.0.0.2 2009.08.18 -
AntiVir 7.9.1.1 2009.08.18 -
Antiy-AVL 2.0.3.7 2009.08.18 -
Authentium 5.1.2.4 2009.08.18 -
Avast 4.8.1335.0 2009.08.17 -
AVG 8.5.0.406 2009.08.18 -
BitDefender 7.2 2009.08.18 -
CAT-QuickHeal 10.00 2009.08.18 -
ClamAV 0.94.1 2009.08.18 -
Comodo 2005 2009.08.18 -
DrWeb 5.0.0.12182 2009.08.18 -
eSafe 7.0.17.0 2009.08.17 -
eTrust-Vet 31.6.6685 2009.08.18 -
F-Prot 4.4.4.56 2009.08.18 -
F-Secure 8.0.14470.0 2009.08.18 -
Fortinet 3.120.0.0 2009.08.18 -
GData 19 2009.08.18 -
Ikarus T3.1.1.68.0 2009.08.18 -
Jiangmin 11.0.800 2009.08.18 -
K7AntiVirus 7.10.820 2009.08.17 -
Kaspersky 7.0.0.125 2009.08.18 -
McAfee 5712 2009.08.17 -
McAfee+Artemis 5712 2009.08.17 -
McAfee-GW-Edition 6.8.5 2009.08.18 -
Microsoft 1.4903 2009.08.18 -
NOD32 4344 2009.08.18 -
Norman 2009.08.17 -
nProtect 2009.1.8.0 2009.08.18 -
Panda 10.0.0.14 2009.08.17 -
PCTools 4.4.2.0 2009.08.18 -
Prevx 3.0 2009.08.18 -
Rising 21.43.13.00 2009.08.18 -
Sophos 4.44.0 2009.08.18 Mal/TDSSConf-A
Sunbelt 3.2.1858.2 2009.08.18 -
Symantec 1.4.4.12 2009.08.18 -
TheHacker 6.3.4.3.383 2009.08.13 -
TrendMicro 8.950.0.1094 2009.08.18 -
VBA32 3.12.10.9 2009.08.18 -
ViRobot 2009.8.18.1889 2009.08.18 -
VirusBuster 4.6.5.0 2009.08.17 -
Information additionnelle
File size: 1528 bytes
MD5 : de06e1ca8629d0178c0a311e946210c8
SHA1 : 2595976464eb98c0b1c373cb99dd48e3413d8754
SHA256: 01a7ac183465f4b345fc0087e9712440f19bb73139142fec3bbf27971cf81fdd
TrID : File type identification
Unknown!
ssdeep: 24:efxxt1hDh//14F0Co2SJI9moAoaPFBLGWbqyFqRRAkXt+wJaHXyUnQZzGll9WA:mxZh/4F0C999moCdtGxRR3BJa3rQZ2WA
PEiD : -
RDS : NSRL Reference Data Set
-


ATTENTION: VirusTotal est un service gratuit offert par Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la détection des virus et malwares.

VirusTotal © Hispasec Sistemas - Blog - Contact: info@virustotal.com - Terms of Service & Privacy Policy
0
jlpjlp Messages postés 51574 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 042
18 août 2009 à 16:39
Pour fusionner:

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

_______________

telecharge combofix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

_________________

Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

Collect::
c:\windows\system32\kbiwkmsetqkfes.dat
c:\windows\system32\kbiwkmbydknnmm.dll
c:\windows\system32\drivers\kbiwkmqlsux­wcm.sys
c:\windows\system32\kbiwkmbocinvxa.dat
c:\windows\system32\kbiwkmfnevqbvm.dll
Driver::
kbiwkmqlsux­wcm
File::
c:\windows\system32\kbiwkmsetqkfes.dat
c:\windows\system32\kbiwkmbydknnmm.dll
c:\windows\system32\drivers\kbiwkmqlsux­wcm.sys
c:\windows\system32\kbiwkmbocinvxa.dat
c:\windows\system32\kbiwkmfnevqbvm.dll




Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
0
je doit aussi desactiver les securiter?
0
ComboFix 09-08-10.06 - bob 17/08/2009 19:28.5.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6001.1.1252.33.1036.18.2047.1295 [GMT 1:00]
Running from: c:\users\bob\Desktop\ComboFix.exe
Command switches used :: c:\users\bob\Desktop\cfscript.txt
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-07-17 to 2009-08-17 )))))))))))))))))))))))))))))))
.

2009-08-17 18:32 . 2009-08-17 18:32 -------- d-----w- c:\users\bob\AppData\Local\temp
2009-08-17 18:32 . 2009-08-17 18:32 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-08-17 18:32 . 2009-08-17 18:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-17 11:31 . 2009-08-17 18:13 117760 ----a-w- c:\users\bob\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-17 11:30 . 2009-08-17 11:30 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-08-17 11:30 . 2009-08-17 11:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-17 11:30 . 2009-08-17 11:30 -------- d-----w- c:\users\bob\AppData\Roaming\SUPERAntiSpyware.com
2009-08-17 11:30 . 2009-08-17 11:30 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-16 22:29 . 2009-08-16 22:32 -------- d-----w- C:\rsit
2009-08-15 00:35 . 2009-08-15 00:35 91 ----a-w- c:\windows\system32\kbiwkmsetqkfes.dat
2009-08-15 00:25 . 2009-08-17 18:25 19968 ----a-w- c:\windows\system32\kbiwkmbydknnmm.dll
2009-08-15 00:24 . 2009-08-17 18:25 42496 ----a-w- c:\windows\system32\kbiwkmfnevqbvm.dll
2009-08-15 00:24 . 2009-08-15 01:26 68608 ------w- c:\windows\system32\drivers\kbiwkmqlsuxwcm.sys
2009-08-15 00:24 . 2009-08-15 00:40 1528 ----a-w- c:\windows\system32\kbiwkmbocinvxa.dat
2009-08-12 16:19 . 2009-08-15 01:15 -------- d-----w- c:\users\bob\.thumbnails
2009-08-12 15:25 . 2009-05-11 11:15 251392 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstfaad.dll
2009-08-12 15:25 . 2009-05-11 11:13 32256 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstmms.dll
2009-08-12 15:25 . 2009-05-11 11:13 51200 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgsta52dec.dll
2009-08-12 15:25 . 2009-05-11 11:13 90112 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstmpeg2dec.dll
2009-08-12 15:25 . 2009-05-11 15:12 5297152 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstffmpeg.dll
2009-08-12 15:25 . 2009-05-11 11:14 155648 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstdtsdec.dll
2009-08-12 15:25 . 2009-05-11 11:11 187392 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstmad.dll
2009-08-12 15:25 . 2009-05-11 11:09 42496 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstmpegaudioparse.dll
2009-08-12 15:23 . 2009-08-13 17:04 -------- d-----w- c:\program files\Moovida
2009-08-11 23:00 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-11 23:00 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-11 23:00 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-11 23:00 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-11 23:00 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-11 23:00 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-11 23:00 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-11 23:00 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-11 21:09 . 2009-08-13 09:42 -------- d-----w- c:\users\bob\AppData\Local\PowerCinema
2009-08-11 00:06 . 2009-08-12 15:39 76488 ----a-w- c:\users\bob\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-10 09:24 . 2009-08-10 09:47 -------- d-----w- c:\users\bob\AppData\Roaming\Broad Intelligence
2009-08-10 09:23 . 2009-08-10 09:23 12588752 ----a-w- c:\users\bob\AppData\Roaming\OpenCandy\pal_install_r83037.exe
2009-08-10 09:23 . 2009-08-10 09:23 -------- d-----w- c:\users\bob\AppData\Roaming\OpenCandy
2009-08-10 09:22 . 2009-08-10 09:47 -------- d-----w- c:\program files\MediaCoder
2009-08-06 09:54 . 2009-08-06 09:54 -------- d-----w- c:\users\bob\AppData\Local\Mozilla
2009-07-27 16:10 . 2009-07-27 16:10 -------- d-----w- c:\users\bob\AppData\Roaming\Talkback
2009-07-21 15:52 . 2009-07-21 15:52 -------- d-----w- c:\users\bob\AppData\Roaming\GRETECH
2009-07-19 14:41 . 2009-07-19 14:41 -------- d-----w- c:\users\bob\AppData\Roaming\Media Player Classic

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-17 14:27 . 2009-02-26 21:48 -------- d-----w- c:\program files\a-squared Free
2009-08-16 17:25 . 2009-05-20 15:57 -------- d-----w- c:\program files\Glary Utilities
2009-08-16 17:25 . 2008-05-05 20:28 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-08-13 16:00 . 2009-08-12 15:24 -------- d-----w- c:\users\bob\AppData\Roaming\Python-Eggs
2009-08-13 15:08 . 2009-04-13 14:32 -------- d-----w- c:\programdata\Lavasoft
2009-08-13 10:18 . 2009-05-02 16:16 -------- d-----w- c:\programdata\PC Suite
2009-08-12 09:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-10 18:31 . 2008-02-19 19:39 -------- d-----w- c:\users\bob\AppData\Roaming\CyberLink
2009-08-09 10:04 . 2008-12-08 16:44 -------- d-----w- c:\users\bob\AppData\Roaming\OpenOffice.org
2009-08-09 00:28 . 2006-11-02 15:45 669328 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-09 00:28 . 2006-11-02 15:45 123350 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-08 11:54 . 2008-06-06 09:41 -------- d-----w- c:\users\bob\AppData\Roaming\Nokia
2009-08-08 11:33 . 2009-08-08 11:33 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2009-08-08 11:30 . 2008-06-06 09:37 -------- d-----w- c:\programdata\Installations
2009-08-06 15:52 . 2009-07-15 08:40 -------- d-----w- c:\program files\PC Health Optimizer Free Edition
2009-08-03 12:36 . 2009-05-29 11:52 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 12:36 . 2009-02-18 00:33 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-03 01:26 . 2009-02-18 00:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-31 14:39 . 2008-05-05 20:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-25 11:16 . 2009-06-02 10:38 -------- dc-h--w- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-07-21 15:52 . 2009-07-14 00:06 -------- d-----w- c:\program files\GRETECH
2009-07-18 16:06 . 2009-07-28 10:54 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-28 10:54 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-28 10:54 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 00:26 . 2009-07-17 00:26 -------- d-----w- c:\program files\Alwil Software
2009-07-14 11:28 . 2009-06-15 14:51 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-07-11 13:53 . 2009-06-15 14:49 -------- d-sh--w- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-06-21 09:00 . 2009-06-17 16:16 -------- d-----w- c:\program files\Paint.NET
2009-06-20 21:53 . 2008-12-10 20:52 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-20 14:43 . 2007-07-10 12:09 -------- d-----w- c:\program files\Microsoft Works
2009-06-15 15:24 . 2009-07-13 23:59 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-13 23:59 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-13 23:59 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-13 23:59 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-06-11 15:52 . 2009-08-12 15:24 123904 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_codecs-0.1.101-py2.5.egg-tmp\elisa\plugins\codecs\gstreamer\libgstflumpegdemux.dll
2009-06-11 15:52 . 2009-08-12 15:24 128000 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_codecs-0.1.101-py2.5.egg-tmp\elisa\plugins\codecs\gstreamer\libgstfluasfdemux.dll
2009-06-02 10:38 . 2009-03-13 15:09 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-20 22:52 . 2009-08-12 15:24 108032 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_codecs-0.1.101-py2.5.egg-tmp\elisa\plugins\codecs\gstreamer\libgstcoreelements.dll
2008-12-17 23:04 . 2009-08-06 16:06 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-17 23:04 . 2009-08-06 16:06 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-17 23:04 . 2009-08-06 16:06 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-17 23:04 . 2009-08-06 16:06 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-17 23:04 . 2009-08-06 16:06 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-08-05 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Ad-Watch"=c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
"PCMService"="c:\acer\Empowering Technology\eMode\PCM\PCMService.exe"
"Acer Empowering Technology Monitor"=c:\acer\Empowering Technology\SysMonitor.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{EBF00423-765B-4BCB-9694-FD0A5747AB01}"= UDP:c:\acer\Empowering Technology\eMode\PCM\PCMService.exe:CyberLink PowerCinema Resident Program
"{E7521040-F2A1-46DE-82BC-41CE0035A1D0}"= TCP:c:\acer\Empowering Technology\eMode\PCM\PCMService.exe:CyberLink PowerCinema Resident Program
"{889A3DE1-37FF-4843-9067-0A4FE0C9B168}"= UDP:c:\program files\Moovida\moovida.exe:Moovida Media Center
"{ACAA56E4-FE6D-4843-B638-906E3533320E}"= TCP:c:\program files\Moovida\moovida.exe:Moovida Media Center

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [21/04/2009 13:02 64160]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [17/07/2009 01:26 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05/08/2009 16:06 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/08/2009 16:06 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [17/07/2009 01:26 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [17/07/2009 01:26 51792]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 22:34 1029456]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [05/05/2008 21:28 809296]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/08/2009 16:06 7408]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\System32\drivers\SiSGB6.sys [10/07/2007 21:29 46592]
S3 SiS6350;SiS6350;c:\windows\System32\drivers\SISGRKMD.sys [10/07/2007 21:29 454520]
S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [04/03/2008 16:42 80744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-06-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 11:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://orange.fr/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.cooxer.com/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\l4r4gg60.default\
FF - prefs.js: browser.startup.homepage - hxxp://orange.fr/
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-17 19:32
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\S45\Par]
@DACL=(02 0000)
"ID"=dword:0038580b
"CheckPort25DateTime"=dword:00384ff4
"CheckPort25Result"=dword:00000001
"CheckNATDateTime"=dword:004dad31
"CheckNATResult"=dword:00000003
"RA"=dword:1e686b59
"RP"=dword:0000f00a

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-08-17 19:35
ComboFix-quarantined-files.txt 2009-08-17 18:35
ComboFix2.txt 2009-08-17 13:05

Pre-Run: 50 488 295 424 octets libres
Post-Run: 50 287 394 816 octets libres

219 --- E O F --- 2009-08-17 10:44
0
jlpjlp Messages postés 51574 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 042
18 août 2009 à 20:08
tu as mal fais la procédure du glisser du CFscript (attention aux majuscules) sur combofix

recommence
0
bs j ai fait comme ecrit,mais quand je le superpose sur combo il demar un scan il ne propose pas de choix (1,2)g fait attention au maj,et g tout desactiver.(g coller toute les lignes en meme temps que tu a envoyer sur le mail)
0
jlpjlp Messages postés 51574 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 042
18 août 2009 à 22:07
1/

---> Ouvre le Bloc-notes.

---> Copie le texte ci-dessous par sélection puis Ctrl+C :






Collect::
c:\windows\system32\kbiwkmsetqkfes.dat
c:\windows\system32\kbiwkmbydknnmm.dll
c:\windows\system32\drivers\kbiwkmqlsux­wcm.sys
c:\windows\system32\kbiwkmbocinvxa.dat
c:\windows\system32\kbiwkmfnevqbvm.dll
Driver::
kbiwkmqlsux­wcm
File::
c:\windows\system32\kbiwkmsetqkfes.dat
c:\windows\system32\kbiwkmbydknnmm.dll
c:\windows\system32\drivers\kbiwkmqlsux­wcm.sys
c:\windows\system32\kbiwkmbocinvxa.dat
c:\windows\system32\kbiwkmfnevqbvm.dll





--> Colle la sélection dans le Bloc-notes.

--> Enregistre ce fichier sur le Bureau (Impératif).

--> Nom du fichier : CFScript
--> Type du fichier : tous les fichiers
--> Clique sur Enregistrer.
--> Quitte le Bloc-notes.


2/

--> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :


--> Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.

--> Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.

--> Une fois le scan achevé, un rapport va s'afficher : poste-le.

--> Si le fichier ne s'ouvre pas, il se trouve ici C:\Combofix.txt
0
jlpjlp Messages postés 51574 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 042
19 août 2009 à 11:20
Télécharge OTM
http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/
(de Old_Timer) sur ton Bureau.

double-clique sur OTM.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTM :Paste instruction for items to be moved.




:processes
explorer.exe
:services
kbiwkmqlsux­wcm
:files
c:\windows\system32\kbiwkmsetqkfes.dat
c:\windows\system32\kbiwkmbydknnmm.dll
c:\windows\system32\drivers\kbiwkmqlsux­wcm.sys
c:\windows\system32\kbiwkmbocinvxa.dat
c:\windows\system32\kbiwkmfnevqbvm.dll
:commands
[purity]
[emptytemp]
[start explorer]




clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTM\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
0
All processes killed
Error: Unable to interpret <processes > in the current context!
Error: Unable to interpret <explorer.exe > in the current context!
========== SERVICES/DRIVERS ==========
Service\Driver kbiwkmqlsux­wcm not found.

========== FILES ==========
c:\windows\system32\kbiwkmsetqkfes.dat moved successfully.
LoadLibrary failed for c:\windows\system32\kbiwkmbydknnmm.dll
c:\windows\system32\kbiwkmbydknnmm.dll NOT unregistered.
File move failed. c:\windows\system32\kbiwkmbydknnmm.dll scheduled to be moved on reboot.
File/Folder c:\windows\system32\drivers\kbiwkmqlsux­wcm.sys not found.
File move failed. c:\windows\system32\kbiwkmbocinvxa.dat scheduled to be moved on reboot.
LoadLibrary failed for c:\windows\system32\kbiwkmfnevqbvm.dll
c:\windows\system32\kbiwkmfnevqbvm.dll NOT unregistered.
File move failed. c:\windows\system32\kbiwkmfnevqbvm.dll scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: bob
->Temp folder emptied: 31832 bytes
File delete failed. C:\Users\bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(14)\Content.IE5\EIJRT42X\4;var2=1;var3=58000;var4=;var21=5;var22=1;var23=0;var24=1;var25=0;var26=58194;var7=;var8=0;var9=0;var10=0;var11=;var14=;tile=1;sz=300x250;ord=6709349925191124[1] scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 1713576 bytes
->FireFox cache emptied: 4972475 bytes

User: Default
->Temp folder emptied: 0 bytes
File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 67 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 6,41 mb


OTM by OldTimer - Version 3.0.0.6 log created on 08182009_114937

Files moved on Reboot...
LoadLibrary failed for c:\windows\system32\kbiwkmbydknnmm.dll
c:\windows\system32\kbiwkmbydknnmm.dll NOT unregistered.
File move failed. c:\windows\system32\kbiwkmbydknnmm.dll scheduled to be moved on reboot.
File move failed. c:\windows\system32\kbiwkmbocinvxa.dat scheduled to be moved on reboot.
LoadLibrary failed for c:\windows\system32\kbiwkmfnevqbvm.dll
c:\windows\system32\kbiwkmfnevqbvm.dll NOT unregistered.
File move failed. c:\windows\system32\kbiwkmfnevqbvm.dll scheduled to be moved on reboot.
File C:\Users\bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(14)\Content.IE5\EIJRT42X\4;var2=1;var3=58000;var4=;var21=5;var22=1;var23=0;var24=1;var25=0;var26=58194;var7=;var8=0;var9=0;var10=0;var11=;var14=;tile=1;sz=300x250;ord=6709349925191124[1] not found!
File move failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
0
jlpjlp Messages postés 51574 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 042
19 août 2009 à 13:24
retente la procédure avec combofix
0
ComboFix 09-08-18.03 - bob 18/08/2009 14:21.11.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6001.1.1252.33.1036.18.2047.1351 [GMT 1:00]
Running from: c:\users\bob\Desktop\ComboFix.exe
Command switches used :: c:\users\bob\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\drivers\kbiwkmqlsux­wcm.sys"
"c:\windows\system32\kbiwkmbocinvxa.dat"
"c:\windows\system32\kbiwkmbydknnmm.dll"
"c:\windows\system32\kbiwkmfnevqbvm.dll"
"c:\windows\system32\kbiwkmsetqkfes.dat"

file zipped: c:\windows\system32\kbiwkmbocinvxa.dat
file zipped: c:\windows\system32\kbiwkmbydknnmm.dll
file zipped: c:\windows\system32\kbiwkmfnevqbvm.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\kbiwkmbocinvxa.dat
c:\windows\system32\kbiwkmbydknnmm.dll
c:\windows\system32\kbiwkmfnevqbvm.dll

.
((((((((((((((((((((((((( Files Created from 2009-07-18 to 2009-08-18 )))))))))))))))))))))))))))))))
.

2009-08-18 12:51 . 2009-08-18 12:54 -------- d-----w- c:\users\bob\AppData\Roaming\Lavasoft
2009-08-18 10:41 . 2009-08-18 10:41 -------- d-----w- C:\_OTM
2009-08-17 23:11 . 2009-08-17 23:11 54 ----a-w- c:\windows\system32\rp_stats.dat
2009-08-17 23:11 . 2009-08-17 23:11 39 ----a-w- c:\windows\system32\rp_rules.dat
2009-08-17 11:31 . 2009-08-17 22:00 117760 ----a-w- c:\users\bob\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-17 11:30 . 2009-08-17 11:30 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-08-17 11:30 . 2009-08-17 11:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-17 11:30 . 2009-08-17 11:30 -------- d-----w- c:\users\bob\AppData\Roaming\SUPERAntiSpyware.com
2009-08-17 11:30 . 2009-08-17 11:30 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-16 22:29 . 2009-08-18 10:08 -------- d-----w- C:\rsit
2009-08-15 00:24 . 2009-08-15 01:26 68608 ------w- c:\windows\system32\drivers\kbiwkmqlsuxwcm.sys
2009-08-12 16:19 . 2009-08-15 01:15 -------- d-----w- c:\users\bob\.thumbnails
2009-08-12 15:25 . 2009-05-11 11:15 251392 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstfaad.dll
2009-08-12 15:25 . 2009-05-11 11:13 32256 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstmms.dll
2009-08-12 15:25 . 2009-05-11 11:13 51200 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgsta52dec.dll
2009-08-12 15:25 . 2009-05-11 11:13 90112 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstmpeg2dec.dll
2009-08-12 15:25 . 2009-05-11 15:12 5297152 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstffmpeg.dll
2009-08-12 15:25 . 2009-05-11 11:14 155648 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstdtsdec.dll
2009-08-12 15:25 . 2009-05-11 11:11 187392 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstmad.dll
2009-08-12 15:25 . 2009-05-11 11:09 42496 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstmpegaudioparse.dll
2009-08-12 15:23 . 2009-08-13 17:04 -------- d-----w- c:\program files\Moovida
2009-08-11 23:00 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-11 23:00 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-11 23:00 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-11 23:00 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-11 23:00 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-11 23:00 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-11 23:00 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-11 23:00 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-11 21:09 . 2009-08-13 09:42 -------- d-----w- c:\users\bob\AppData\Local\PowerCinema
2009-08-11 00:06 . 2009-08-12 15:39 76488 ----a-w- c:\users\bob\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-10 09:24 . 2009-08-10 09:47 -------- d-----w- c:\users\bob\AppData\Roaming\Broad Intelligence
2009-08-10 09:23 . 2009-08-10 09:23 12588752 ----a-w- c:\users\bob\AppData\Roaming\OpenCandy\pal_install_r83037.exe
2009-08-10 09:23 . 2009-08-10 09:23 -------- d-----w- c:\users\bob\AppData\Roaming\OpenCandy
2009-08-10 09:22 . 2009-08-10 09:47 -------- d-----w- c:\program files\MediaCoder
2009-08-06 09:54 . 2009-08-06 09:54 -------- d-----w- c:\users\bob\AppData\Local\Mozilla
2009-07-27 16:10 . 2009-07-27 16:10 -------- d-----w- c:\users\bob\AppData\Roaming\Talkback
2009-07-21 15:52 . 2009-07-21 15:52 -------- d-----w- c:\users\bob\AppData\Roaming\GRETECH
2009-07-19 14:41 . 2009-07-19 14:41 -------- d-----w- c:\users\bob\AppData\Roaming\Media Player Classic

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-18 13:11 . 2009-04-13 14:32 -------- d-----w- c:\programdata\Lavasoft
2009-08-18 13:11 . 2009-01-24 12:07 -------- d-----w- c:\program files\Lavasoft
2009-08-17 14:27 . 2009-02-26 21:48 -------- d-----w- c:\program files\a-squared Free
2009-08-16 17:25 . 2009-05-20 15:57 -------- d-----w- c:\program files\Glary Utilities
2009-08-16 17:25 . 2008-05-05 20:28 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-08-13 16:00 . 2009-08-12 15:24 -------- d-----w- c:\users\bob\AppData\Roaming\Python-Eggs
2009-08-13 10:18 . 2009-05-02 16:16 -------- d-----w- c:\programdata\PC Suite
2009-08-12 09:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-10 18:31 . 2008-02-19 19:39 -------- d-----w- c:\users\bob\AppData\Roaming\CyberLink
2009-08-09 10:04 . 2008-12-08 16:44 -------- d-----w- c:\users\bob\AppData\Roaming\OpenOffice.org
2009-08-09 00:28 . 2006-11-02 15:45 669328 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-09 00:28 . 2006-11-02 15:45 123350 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-08 11:54 . 2008-06-06 09:41 -------- d-----w- c:\users\bob\AppData\Roaming\Nokia
2009-08-08 11:33 . 2009-08-08 11:33 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2009-08-08 11:30 . 2008-06-06 09:37 -------- d-----w- c:\programdata\Installations
2009-08-06 15:52 . 2009-07-15 08:40 -------- d-----w- c:\program files\PC Health Optimizer Free Edition
2009-08-03 12:36 . 2009-05-29 11:52 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 12:36 . 2009-02-18 00:33 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-03 01:26 . 2009-02-18 00:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-31 14:39 . 2008-05-05 20:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-21 15:52 . 2009-07-14 00:06 -------- d-----w- c:\program files\GRETECH
2009-07-18 16:06 . 2009-07-28 10:54 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-28 10:54 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-28 10:54 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 00:26 . 2009-07-17 00:26 -------- d-----w- c:\program files\Alwil Software
2009-07-14 11:28 . 2009-06-15 14:51 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-07-11 13:53 . 2009-06-15 14:49 -------- d-sh--w- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-06-21 09:00 . 2009-06-17 16:16 -------- d-----w- c:\program files\Paint.NET
2009-06-20 21:53 . 2008-12-10 20:52 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-20 14:43 . 2007-07-10 12:09 -------- d-----w- c:\program files\Microsoft Works
2009-06-15 15:24 . 2009-07-13 23:59 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-13 23:59 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-13 23:59 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-13 23:59 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-06-11 15:52 . 2009-08-12 15:24 123904 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_codecs-0.1.101-py2.5.egg-tmp\elisa\plugins\codecs\gstreamer\libgstflumpegdemux.dll
2009-06-11 15:52 . 2009-08-12 15:24 128000 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_codecs-0.1.101-py2.5.egg-tmp\elisa\plugins\codecs\gstreamer\libgstfluasfdemux.dll
2009-05-20 22:52 . 2009-08-12 15:24 108032 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_codecs-0.1.101-py2.5.egg-tmp\elisa\plugins\codecs\gstreamer\libgstcoreelements.dll
2008-12-17 23:04 . 2009-08-06 16:06 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-17 23:04 . 2009-08-06 16:06 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-17 23:04 . 2009-08-06 16:06 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-17 23:04 . 2009-08-06 16:06 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-17 23:04 . 2009-08-06 16:06 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
"PCMService"="c:\acer\Empowering Technology\eMode\PCM\PCMService.exe"
"Acer Empowering Technology Monitor"=c:\acer\Empowering Technology\SysMonitor.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{EBF00423-765B-4BCB-9694-FD0A5747AB01}"= UDP:c:\acer\Empowering Technology\eMode\PCM\PCMService.exe:CyberLink PowerCinema Resident Program
"{E7521040-F2A1-46DE-82BC-41CE0035A1D0}"= TCP:c:\acer\Empowering Technology\eMode\PCM\PCMService.exe:CyberLink PowerCinema Resident Program
"{889A3DE1-37FF-4843-9067-0A4FE0C9B168}"= UDP:c:\program files\Moovida\moovida.exe:Moovida Media Center
"{ACAA56E4-FE6D-4843-B638-906E3533320E}"= TCP:c:\program files\Moovida\moovida.exe:Moovida Media Center

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [17/07/2009 01:26 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05/08/2009 16:06 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/08/2009 16:06 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [17/07/2009 01:26 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [17/07/2009 01:26 51792]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [05/05/2008 21:28 809296]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\System32\drivers\SiSGB6.sys [10/07/2007 21:29 46592]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/08/2009 16:06 7408]
S3 SiS6350;SiS6350;c:\windows\System32\drivers\SISGRKMD.sys [10/07/2007 21:29 454520]
S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [04/03/2008 16:42 80744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://orange.fr/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.cooxer.com/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\l4r4gg60.default\
FF - prefs.js: browser.startup.homepage - hxxp://orange.fr/
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-18 14:25
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\bob\AppData\Local\Temp\catchme.dll 53248 bytes executable
c:\windows\TEMP\TMP00000059058E27B75F1C8636 524288 bytes executable

scan completed successfully
hidden files: 2

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\S45\Par]
@DACL=(02 0000)
"ID"=dword:0038580b
"CheckPort25DateTime"=dword:00384ff4
"CheckPort25Result"=dword:00000001
"CheckNATDateTime"=dword:004dad31
"CheckNATResult"=dword:00000003
"RA"=dword:1e686b59
"RP"=dword:0000f00a

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-08-18 14:28
ComboFix-quarantined-files.txt 2009-08-18 13:28
ComboFix2.txt 2009-08-18 10:18
ComboFix3.txt 2009-08-17 23:06
ComboFix4.txt 2009-08-17 18:35
ComboFix5.txt 2009-08-18 10:23

Pre-Run: 49 812 688 896 octets libres
Post-Run: 49 612 939 264 octets libres

223 --- E O F --- 2009-08-17 10:44
Upload was successful
merci de me donner un peu de temp c sympas
0
Utilisateur anonyme
19 août 2009 à 14:30
salut jlpjlp tu veux essayer de lui faire passer mon tool ?
0
Kill'em by g3n-h@ckm@n 1.0.2.6

updated on 20.08.2009 ::::: 00.30


Microsoft Windows [version 6.0.6001]


19/08/2009 10:01:47,72

Fichiers analysés :
=================


¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :

"C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat"
"C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat"
"C:\Windows\iun6002.exe"
C:\Windows\system32\Drivers\kbiwkmqlsuxwcm.sys
C:\Windows\system32\kbiwkmbocinvxa.dat
C:\Windows\system32\kbiwkmsetqkfes.dat
C:\Windows\system32\kbiwkmbydknnmm.dll
C:\Windows\system32\kbiwkmfnevqbvm.dll
C:\Windows\system32\kungsffybritxy.dat
C:\Windows\Temp\_avast4_\unp12133185.tmp
C:\Windows\Temp\_avast4_\unp124767560.tmp
C:\Windows\Temp\_avast4_\unp24849588.tmp


¤¤¤¤¤¤¤¤¤¤ Action sur les fichiers :

Quarantaine :

iun6002.exe.Kill'em
kbiwkmbocinvxa.dat.Kill'em
kbiwkmbydknnmm.dll.Kill'em
kbiwkmfnevqbvm.dll.Kill'em
kbiwkmqlsuxwcm.sys.Kill'em
kbiwkmsetqkfes.dat.Kill'em
kungsffybritxy.dat.Kill'em
unp12133185.tmp.Kill'em
unp124767560.tmp.Kill'em
unp24849588.tmp.Kill'em

¤¤¤¤¤¤¤¤¤¤ Verification :


List'em by g3n-h@ckm@n 1.0.2.6

updated on 20.08.2009 ::::: 00.30


Microsoft Windows [version 6.0.6001]


19/08/2009 10:02:28,65

Infections :
========


¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :

"C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat"
"C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat"

¤¤¤¤¤¤¤¤¤¤ Clés de registre Presentes :

"HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser"

¤¤¤¤¤¤¤¤¤¤ C:\Windows\Prefetch :

AgAppLaunch.db
AgCx_SC1.db
AgCx_SC1.db.trx
AgGlFaultHistory.db
AgGlFgAppHistory.db
AgGlGlobalHistory.db
AgGlUAD_P_S-1-5-21-1045278646-3694467463-1462972102-1000.db
AgGlUAD_S-1-5-21-1045278646-3694467463-1462972102-1000.db
AgRobust.db
Layout.ini
NTOSBOOT-B00DFAAD.pf
PfSvPerfStats.bin
ReadyBoot




¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
jlpjlp Messages postés 51574 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 042
19 août 2009 à 20:13
oui bien sûr tu peux le faire passer car je ne suis pas chez moi et donc je ne j'ai pas sous la main
0
Utilisateur anonyme
19 août 2009 à 20:42
ok povredemoi :

▶ Télécharge List&Kill'em et enregistre le sur ton bureau

Redemarre en mode sans echec

Il ne necessite pas d'installation

▶double clic (clic droit "executer en tant qu'administrateur" pour Vista) pour lancer le scan

choisis la langue puis choisis l'option 1 = Mode Recherche

▶laisse travailler l'outil

le rapport va s'afficher , une fois le scan fini

▶colle le contenu dans ta prochaine réponse
0
bs gene hackman et merci de me filler un coup de main.comme tu a pu le lire je ne suis pas douer en informatique demarer en mode sans echec je fait comment.merci
0
alors g fait comme tu a dit sa a bien fait le scan mais ne ma donner aucun raport a la fin du scan plus rien
0
List'em by g3n-h@ckm@n 1.0.2.6

updated on 19.08.2009 ::::: 13.00


Microsoft Windows [version 6.0.6001]


18/08/2009 23:52:01,61

Infections :
========


¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :

"C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat"
"C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat"
"C:\Windows\iun6002.exe"
C:\Windows\system32\Drivers\kbiwkmqlsuxwcm.sys

¤¤¤¤¤¤¤¤¤¤ Clés de registre Presentes :
0
povredemoi Messages postés 2 Date d'inscription mardi 18 août 2009 Statut Membre Dernière intervention 21 août 2009
21 août 2009 à 19:16
je vous remercie bocoup de m avoire aider et d avoir ete patient.
0
Utilisateur anonyme
20 août 2009 à 00:58
oui je vens de corriger un beug dessus

supprime le , retelecharge-le et repasse l'opyion1 stp
0
g retrouver le raport je les coller.sinon pour le retelecharger il me fodrait le lien
0
List'em by g3n-h@ckm@n 1.0.2.6

updated on 20.08.2009 ::::: 00.30


Microsoft Windows [version 6.0.6001]


19/08/2009 1:38:40,81

Infections :
========


¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :

"C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat"
"C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat"
"C:\Windows\iun6002.exe"
C:\Windows\system32\Drivers\kbiwkmqlsuxwcm.sys
C:\Windows\system32\kbiwkmbocinvxa.dat
C:\Windows\system32\kbiwkmsetqkfes.dat
C:\Windows\system32\kbiwkmbydknnmm.dll
C:\Windows\system32\kbiwkmfnevqbvm.dll
C:\Windows\system32\kungsffybritxy.dat
C:\Windows\Temp\_avast4_\unp12133185.tmp
C:\Windows\Temp\_avast4_\unp124767560.tmp
C:\Windows\Temp\_avast4_\unp24849588.tmp

¤¤¤¤¤¤¤¤¤¤ Clés de registre Presentes :

"HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser"

¤¤¤¤¤¤¤¤¤¤ C:\Windows\Prefetch :

A2FREE.EXE-86BF1460.pf
AAWDRIVERTOOL.EXE-76B8E527.pf
AAWSERVICE.EXE-FA222F6E.pf
AAWTRAY.EXE-75D4AE19.pf
ACER.EMPOWERING.FRAMEWORK.SUP-54963495.pf
AD-AWARE.EXE-BA4C6C7E.pf
AD-AWAREADMIN.EXE-6DA58883.pf
AD-AWAREAE.EXE-172563EC.pf
AD-AWAREAE[1].EXE-D96628A1.pf
AgAppLaunch.db
AgCx_SC1.db
AgCx_SC1.db.trx
AgGlFaultHistory.db
AgGlFgAppHistory.db
AgGlGlobalHistory.db
AgGlUAD_P_S-1-5-21-1045278646-3694467463-1462972102-1000.db
AgGlUAD_S-1-5-21-1045278646-3694467463-1462972102-1000.db
AgRobust.db
ASHLOGV.EXE-25C12DE9.pf
ATBROKER.EXE-2E15A492.pf
AU_.EXE-C269544C.pf
AVAST.SETUP-499863F4.pf
CACLS.EXE-D332D70E.pf
CCC.EXE-AE792174.pf
CCLEANER.EXE-D4D76A60.pf
CDMKR32.EXE-3BB1E0CC.pf
CLEANMGR.EXE-E3C5E89D.pf
CONIME.EXE-9781FD5F.pf
CONSENT.EXE-531BD9EA.pf
CONTROL.EXE-817F8F1D.pf
CSC.EXE-A3B8D95D.pf
CVTRES.EXE-069169FB.pf
DEFRAG.EXE-588F90AD.pf
DFRGNTFS.EXE-7E4077FE.pf
DISKANALYSIS.EXE-E154FC70.pf
DISKCARE.EXE-C9D28D6E.pf
DISKDEFRAG.EXE-9C5F4FC0.pf
DLLHOST.EXE-4F28A26F.pf
DLLHOST.EXE-5E46FA0D.pf
DLLHOST.EXE-766398D2.pf
DLLHOST.EXE-7FAA2E4C.pf
DLLHOST.EXE-B2EB1806.pf
DOCMEMOPT.EXE-CD96EE00.pf
DOCTORSPYWARECLEANER.EXE-AEF4EFDD.pf
DOCUNINS.EXE-7423DCB7.pf
DRVINST.EXE-4CB4314A.pf
DUPEFINDER.EXE-E89C3C33.pf
DWM.EXE-6FFD3DA8.pf
EFF.EXE-BF8C0EDA.pf
EXPLORER.EXE-A80E4F97.pf
FIREFOX.EXE-A606B53C.pf
FLASHUTIL10B.EXE-06DAF439.pf
GSD.EXE-A2AD81DE.pf
GSD.EXE-C1AF7853.pf
HELPPANE.EXE-FEDC965B.pf
HIJACKTHIS.EXE-9FD56571.pf
IEHELPER.EXE-FD88BD93.pf
IEUSER.EXE-7C0FE221.pf
IEXPLORE.EXE-908C99F8.pf
INITIALIZE.EXE-7DCDC37F.pf
INTEGRATOR.EXE-84638148.pf
JAVA.EXE-E27B75C2.pf
JUNKCLEANER.EXE-492EE8BA.pf
JUNKCLEANER.EXE-54221B5F.pf
Layout.ini
LOGON.SCR-30601369.pf
LOGONUI.EXE-09140401.pf
MAININTEGRATOR.EXE-8749C974.pf
MBAM.EXE-305FF92C.pf
MFPMP.EXE-26F35380.pf
MOBSYNC.EXE-C5E2284F.pf
MPCMDRUN.EXE-F401FBB4.pf
MRT.EXE-851529F7.pf
MRTSTUB.EXE-D8E14132.pf
MSIEXEC.EXE-A2D55CB6.pf
MSPAINT.EXE-76E10B24.pf
NOTEPAD.EXE-D8414F97.pf
NOTEPAD.EXE-EA1C5CFA.pf
NTOSBOOT-B00DFAAD.pf
OLRSTATECHECK.EXE-98B029F3.pf
PCMSERVICE.EXE-5CE85DE2.pf
PfSvPerfStats.bin
POQEXEC.EXE-B329ADB0.pf
PREVHOST.EXE-4F1C4E0F.pf
PRIVACYCLEANER.EXE-0DEFDEF0.pf
PRODUCER.EXE-E03599CA.pf
ReadyBoot
REGCLEAN.EXE-09F65215.pf
REGEDIT.EXE-90FEEA06.pf
REGREPAIR.EXE-772FD0CA.pf
RUNDLL32.EXE-01E7BA70.pf
RUNDLL32.EXE-1487BC97.pf
RUNDLL32.EXE-15EF7AA5.pf
RUNDLL32.EXE-1ECC2819.pf
RUNDLL32.EXE-230FC512.pf
RUNDLL32.EXE-33BDAF18.pf
RUNDLL32.EXE-41CD37D2.pf
RUNDLL32.EXE-4EE10C7D.pf
RUNDLL32.EXE-61BAABC9.pf
RUNDLL32.EXE-6D2968F1.pf
RUNDLL32.EXE-AAB1BBB5.pf
RUNDLL32.EXE-AC3538E7.pf
RUNDLL32.EXE-B7141989.pf
RUNDLL32.EXE-C77C2362.pf
SEARCHFILTERHOST.EXE-4928796B.pf
SEARCHFILTERHOST.EXE-77482212.pf
SEARCHINDEXER.EXE-4A6353B9.pf
SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf
SETUP.OVR-34368674.pf
SHREDDER.EXE-9A847692.pf
SHREDDER.EXE-BBF79D85.pf
SNDVOL.EXE-5D4CC7D6.pf
SPYBOTSD.EXE-DC433942.pf
SSUPDATE.EXE-9F728B8D.pf
SSVAGENT.EXE-42E515EF.pf
SSVAGENT.EXE-D0A26E22.pf
STARTUP.EXE-C7BA14FC.pf
SVCHOST.EXE-7CFEDEA3.pf
TASKENG.EXE-48D4E289.pf
TRACKSERASER.EXE-88174AF7.pf
TRUSTEDINSTALLER.EXE-3CC531E5.pf
UNINSTALL.EXE-AEDCFE07.pf
UNSECAPP.EXE-A02905A6.pf
USERINIT.EXE-2257A3E7.pf
VERCLSID.EXE-7C52E31C.pf
VISTHAUX.EXE-5E9328A9.pf
VLC-0.9.9-WIN32[1].EXE-D2E3A9F8.pf
VLC.EXE-A11F73EE.pf
VSSVC.EXE-B8AFC319.pf
WERCON.EXE-E36BD04E.pf
WERFAULT.EXE-E69F695A.pf
WERMGR.EXE-0F2AC88C.pf
WINCAL.EXE-0681BC65.pf
WINDOWS-KB890830-V2.9-DELTA.E-FDEE779C.pf
WINSTD.EXE-344A5252.pf
WISEREGISTRYCLEANER.EXE-814F73AC.pf
WMIADAP.EXE-F8DFDFA2.pf
WMIPRVSE.EXE-1628051C.pf
WMPLAYER.EXE-BAD6BD53.pf
WSQMCONS.EXE-118B52B7.pf
WUAUCLT.EXE-70318591.pf




¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Utilisateur anonyme
20 août 2009 à 01:52
Ferme toutes tes fenetres(y compris internet et windows live messenger) , puis :

▶ Relance List&Kill'em comme tu as fait pour l'option 1 (soit en clic droit pour vista),

mais cette fois-ci :

▶ choisis l'option 2 = Mode Destruction

laisse travailler l'outil

apres les verifications , un rapport va s'ouvrir.

▶ ferme-le.

un deuxieme rapport va s'ouvrir ,

▶ colle son contenu dans ta reponse
0
List'em by g3n-h@ckm@n 1.0.2.6

updated on 20.08.2009 ::::: 00.30


Microsoft Windows [version 6.0.6001]


19/08/2009 10:02:28,65

Infections :
========


¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :

"C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat"
"C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat"

¤¤¤¤¤¤¤¤¤¤ Clés de registre Presentes :

"HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser"

¤¤¤¤¤¤¤¤¤¤ C:\Windows\Prefetch :

AgAppLaunch.db
AgCx_SC1.db
AgCx_SC1.db.trx
AgGlFaultHistory.db
AgGlFgAppHistory.db
AgGlGlobalHistory.db
AgGlUAD_P_S-1-5-21-1045278646-3694467463-1462972102-1000.db
AgGlUAD_S-1-5-21-1045278646-3694467463-1462972102-1000.db
AgRobust.db
Layout.ini
NTOSBOOT-B00DFAAD.pf
PfSvPerfStats.bin
ReadyBoot




¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Utilisateur anonyme
20 août 2009 à 15:32
Télécharge OTL de OLDTimer

enregistre le sur ton Bureau.

▶ Double clic sur OTL.exe pour le lancer.

▶ Coche les 2 cases Lop et Purity

▶ Coche la case devant scan all users

▶ règle-le sur "60 Days"

▶ dans la colonne de gauche , mets tout sur all

▶Clic sur Run Scan.

A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)

▶▶▶ NE LE POSTE PAS SUR LE FORUM

Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

▶ Clique sur Parcourir et cherche le fichier ci-dessus.

▶ Clique sur Ouvrir.

▶ Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

est ajouté dans la page.

▶ Copie ce lien dans ta réponse.

Tu feras la meme chose avec le "Extra.txt".
0
apparament le lien que tu ma donner et en maintenance je te le poste ici?
0
Utilisateur anonyme
20 août 2009 à 16:41
oui tant pis , alors dans ce cas , coupe OTL.txt en deux
0
OTL Extras logfile created on: 19/08/2009 15:59:48 - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\bob\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,30 Gb Available Physical Memory | 65,01% Memory free
4,00 Gb Paging File | 3,37 Gb Available in Paging File | 84,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,77 Gb Total Space | 44,10 Gb Free Space | 63,21% Space Free | Partition Type: NTFS
Drive D: | 69,52 Gb Total Space | 69,43 Gb Free Space | 99,87% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC-DE-BOB
Current User Name: bob
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 60 Days
Output = Standard

[color=#E56717]========== Extra Registry (All) ==========/color


[color=#E56717]========== File Associations ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = ] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========/color


[color=#E56717]========== Vista Active Open Ports Exception List ==========/color

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10FD5BE3-26E5-4361-BABC-4A86A9CB101D}" = rport=445 | protocol=6 | dir=out | app=system |
"{48E642FF-5D65-44C1-AD69-A56DA6C8CF1E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{56BE724B-1303-4A93-B330-825A62D1F79B}" = rport=139 | protocol=6 | dir=out | app=system |
"{66ACC543-07BE-4A87-8E03-A53E53AE9F0F}" = lport=445 | protocol=6 | dir=in | app=system |
"{8B645F69-DA42-470A-BC39-3D48558D90DC}" = rport=138 | protocol=17 | dir=out | app=system |
"{97B9E778-D9C0-4D0C-B51B-71D05D3D43A5}" = lport=137 | protocol=17 | dir=in | app=system |
"{BC743461-8C98-4267-9991-0461FECB26CA}" = rport=137 | protocol=17 | dir=out | app=system |
"{CC1D970B-8AF7-4405-86BE-3937D42494AF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F0300A96-AC29-4EBF-A56B-84724C4A7D9B}" = lport=139 | protocol=6 | dir=in | app=system |
"{F26B621E-1173-4300-A566-F074A4B0F837}" = lport=138 | protocol=17 | dir=in | app=system |

[color=#E56717]========== Vista Active Application Exception List ==========/color

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1F6EF69F-0E72-4A95-8AB9-59908FA02D3F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{47BB3072-54CA-4E3B-898A-011845FBA19D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{489E6873-0E43-4490-97CD-55189E86BC02}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{889A3DE1-37FF-4843-9067-0A4FE0C9B168}" = protocol=6 | dir=in | app=c:\program files\moovida\moovida.exe |
"{ACAA56E4-FE6D-4843-B638-906E3533320E}" = protocol=17 | dir=in | app=c:\program files\moovida\moovida.exe |
"{C3ED31E4-5457-4D0C-8714-8A831D5F8AA7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E7521040-F2A1-46DE-82BC-41CE0035A1D0}" = protocol=17 | dir=in | app=c:\acer\empowering technology\emode\pcm\pcmservice.exe |
"{EBF00423-765B-4BCB-9694-FD0A5747AB01}" = protocol=6 | dir=in | app=c:\acer\empowering technology\emode\pcm\pcmservice.exe |
"UDP Query User{F36003EB-EA09-4F4F-8E39-4C8E14870C07}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00381AD3-CD59-D060-1863-E1931CF7EFA8}" = CCC Help Finnish
"{0D8753BC-F497-5ACF-44AF-AD67E5D00A9C}" = CCC Help English
"{1407F8A7-5BCE-C139-4EFD-93277F280F48}" = ccc-utility
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer eMode Management
"{2EB715C1-786B-8B37-FDF9-0B4844AB5642}" = Catalyst Control Center Localization Spanish
"{3281291B-7AE8-6550-0AE9-7383919A1880}" = CCC Help Italian
"{35198E46-B990-F8A3-EAC6-7E079F040224}" = Catalyst Control Center Localization German
"{3D91E4E6-E653-5418-C2DE-697392F0E901}" = Catalyst Control Center Graphics Full Existing
"{4A5E2D64-C7CF-D0FC-9527-67D2510B9839}" = CCC Help Norwegian
"{4CCCB69A-E62C-D5C9-D2F4-BCDD66D5370A}" = CCC Help Japanese
"{5D20A864-DFE2-1A19-DB14-6F12399EE879}" = Catalyst Control Center Localization Danish
"{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C}" = Microsoft Works
"{6FA7DE6D-6569-3400-CEA2-09478C891C5E}" = Catalyst Control Center Localization Norwegian
"{6FF1E62C-7FC2-DCAD-6016-5CE6528AF325}" = CCC Help Swedish
"{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}" = Nokia PC Suite
"{76BD2250-898A-40C0-385D-8FB02741CF75}" = Catalyst Control Center Localization Finnish
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{818B4951-8169-9613-C354-2398FC2839E6}" = Catalyst Control Center Graphics Full New
"{82427977-8776-4087-90CA-9F65174D3C4D}" = Nokia Connectivity Cable Driver
"{83B26E5D-1795-4DFE-9317-0FA0F3AAB568}" = Paint.NET v3.08
"{879D0F0E-A889-ADDD-2CBE-223E75D9B0A1}" = CCC Help Danish
"{8F52BC87-2029-464D-C1C1-7BCFB16482D3}" = Catalyst Control Center Localization French
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{953A6D3D-1CA6-3C0F-CC45-9E62B87A5751}" = Catalyst Control Center Graphics Light
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2235F18-B173-B573-8CFB-D02EAFDD89C0}" = CCC Help Spanish
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}" = PC Connectivity Solution
"{C4EAEA25-443B-B846-2A62-A4C584277FB6}" = ccc-core-static
"{C9CBBBA9-7A9E-0F39-5085-B541EACC52D7}" = CCC Help German
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF82DD9-B49B-1474-8A85-C3AE5CCD5602}" = Catalyst Control Center Localization Japanese
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{DFCC820E-4A31-3B88-C3FC-1CE6E93A313F}" = CCC Help Dutch
"{E647747F-6933-AF55-F413-F6C3B719A0D2}" = CCC Help French
"{E82DA8EA-4451-D48B-B212-64723027EB5E}" = Catalyst Control Center Localization Italian
"{ED935A3D-C413-8455-27E4-5799376E7F11}" = Catalyst Control Center Localization Dutch
"{F03CC256-7D39-3043-5D81-40E7636DBC1A}" = Catalyst Control Center Graphics Previews Vista
"{F2FCE785-C9E7-2F06-964A-C66F5B49BA97}" = Skins
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F964B470-B0CE-4264-150A-910BBD0AAC4E}" = Catalyst Control Center Core Implementation
"{FBA01CB8-BDE5-2CF8-D9B2-1FFEEB3803A4}" = Catalyst Control Center Localization Swedish
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast!" = avast! Antivirus
"CCleaner" = CCleaner (remove only)
"Glary Utilities_is1" = Glary Utilities 2.13.0.686
"GOM Player" = GOM Player
"HijackThis" = HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"PC Health Optimizer Free Edition_is1" = PC Health Optimizer Free Edition
"Revo Uninstaller" = Revo Uninstaller 1.83

[color=#E56717]========== HKEY_USERS Uninstall List ==========/color

[HKEY_USERS\S-1-5-21-1045278646-3694467463-1462972102-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Live Search" = Notification Live Search

[color=#E56717]========== Last 10 Event Log Errors ==========/color

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
0
Utilisateur anonyme
20 août 2009 à 16:54
oui je voulais dire mets les en plusieurs parties mais entiers au final !!
0
vous l avez reçue entierement?
0
je suis entrain de refaire un scan avec a2 g 4 virus suplementaire du cout sa m en fait 6 .2trojan win 32 alureon ik et 4 trojan downloader win32 bredolabik
0
Utilisateur anonyme
20 août 2009 à 17:09
oui ok ca c'est "extras" fais pareil avec OTL.txt stp
0
[color=#E56717]========== Win32 Services (All) ==========[/color]

SRV - [2007/04/16 17:48:12 | 00,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService [Auto | Running])
SRV - [2006/11/02 10:46:02 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc [Auto | Running])
SRV - [2008/01/19 08:33:01 | 00,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\alg.exe -- (ALG [On_Demand | Stopped])
SRV - [2008/01/19 08:33:43 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\appinfo.dll -- (Appinfo [On_Demand | Running])
SRV - [2009/02/05 22:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2007/08/13 22:53:32 | 00,610,304 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility [Auto | Running])
SRV - [2008/01/19 08:33:45 | 00,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Audiosrv.dll -- (AudioEndpointBuilder [Auto | Running])
SRV - [2008/01/19 08:33:45 | 00,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Audiosrv.dll -- (Audiosrv [Auto | Running])
SRV - [2009/02/05 22:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/02/05 22:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/02/05 22:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2008/05/28 04:17:25 | 00,328,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bfe.dll -- (BFE [Auto | Running])
SRV - [2008/01/19 08:36:13 | 00,758,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\qmgr.dll -- (BITS [Auto | Running])
SRV - [2008/01/19 08:33:49 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\browser.dll -- (Browser [Auto | Running])
SRV - [2008/01/19 08:33:51 | 00,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\certprop.dll -- (CertPropSvc [Unknown | Stopped])
SRV - [2007/01/12 20:25:28 | 00,274,520 | ---- | M] () -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe -- (CLCapSvc [Auto | Running])
SRV - [2008/07/27 19:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/01/12 20:25:28 | 00,118,870 | ---- | M] () -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe -- (CLSched [Auto | Running])
SRV - File not found -- -- (CLTNetCnService [Auto | Stopped])
SRV - [2006/11/02 10:45:02 | 00,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dllhost.exe -- (COMSysApp [On_Demand | Stopped])
SRV - [2008/01/19 08:34:00 | 00,128,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc [Auto | Running])
SRV - [2009/03/03 05:39:32 | 00,551,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll -- (DcomLaunch [Unknown | Running])
SRV - [2008/01/19 08:34:03 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp [Auto | Running])
SRV - [2008/01/19 08:34:05 | 00,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache [Auto | Running])
SRV - [2008/01/19 08:34:05 | 00,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dot3svc.dll -- (dot3svc [On_Demand | Stopped])
SRV - [2008/01/19 08:34:06 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dps.dll -- (DPS [Unknown | Running])
SRV - [2008/01/19 08:34:08 | 00,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eapsvc.dll -- (EapHost [On_Demand | Stopped])
SRV - [2007/04/25 15:34:30 | 00,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service [Auto | Stopped])
SRV - [2008/06/26 04:29:02 | 00,565,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt [Auto | Running])
SRV - [2007/07/03 10:40:10 | 00,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService [Auto | Running])
SRV - [2008/01/19 08:36:53 | 01,013,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Disabled | Stopped])
SRV - [2008/04/18 06:48:39 | 00,269,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\es.dll -- (EventSystem [Auto | Running])
SRV - [2008/01/19 08:34:21 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fdPHost.dll -- (fdPHost [On_Demand | Stopped])
SRV - [2006/11/02 10:46:04 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fdrespub.dll -- (FDResPub [On_Demand | Stopped])
SRV - [2008/06/20 02:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/01/19 08:34:25 | 00,574,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpsvc.dll -- (gpsvc [Unknown | Running])
SRV - [2006/11/02 10:46:05 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\hidserv.dll -- (hidserv [Auto | Running])
SRV - [2008/01/19 08:34:36 | 00,068,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kmsvc.dll -- (hkmsvc [On_Demand | Stopped])
SRV - [2008/06/20 02:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/05/28 04:19:32 | 00,438,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ikeext.dll -- (IKEEXT [On_Demand | Stopped])
SRV - [2008/01/19 08:34:34 | 00,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ipbusenum.dll -- (IPBusEnum [On_Demand | Stopped])
SRV - [2008/01/19 08:34:34 | 00,188,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iphlpsvc.dll -- (iphlpsvc [Auto | Running])
SRV - [2008/01/19 08:33:14 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe -- (KeyIso [On_Demand | Stopped])
SRV - [2008/01/19 08:34:56 | 00,344,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdtckrm.dll -- (KtmRm [Auto | Running])
SRV - [2008/01/19 08:36:36 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srvsvc.dll -- (LanmanServer [Auto | Running])
SRV - [2009/06/10 13:12:29 | 00,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation [Auto | Running])
SRV - [2007/01/17 10:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2008/01/19 08:34:42 | 00,188,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lltdsvc.dll -- (lltdsvc [On_Demand | Stopped])
SRV - [2006/11/02 10:46:05 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lmhsvc.dll -- (lmhosts [Auto | Running])
SRV - [2008/01/19 08:34:49 | 00,045,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mmcss.dll -- (MMCSS [Auto | Running])
SRV - [2008/01/19 08:34:53 | 00,393,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpssvc.dll -- (MpsSvc [Auto | Running])
SRV - [2008/01/19 08:33:16 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdtc.exe -- (MSDTC [Unknown | Stopped])
SRV - [2008/01/19 08:34:35 | 00,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iscsiexe.dll -- (MSiSCSI [On_Demand | Stopped])
SRV - [2008/01/19 08:33:16 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msiexec.exe -- (msiserver [On_Demand | Stopped])
SRV - [2008/01/19 08:36:12 | 00,302,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\qagentRT.dll -- (napagent [On_Demand | Stopped])
SRV - [2008/01/19 08:33:32 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe -- (Net Driver HPZ12 [Auto | Stopped])
SRV - [2008/01/19 08:33:14 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe -- (Netlogon [On_Demand | Stopped])
SRV - [2008/01/19 08:35:36 | 00,274,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netman.dll -- (Netman [On_Demand | Running])
SRV - [2008/01/19 08:35:36 | 00,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netprofm.dll -- (netprofm [Auto | Running])
SRV - [2008/06/20 02:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/01/19 08:35:38 | 00,168,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nlasvc.dll -- (NlaSvc [Auto | Running])
SRV - [2008/01/19 08:35:57 | 00,018,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nsisvc.dll -- (nsi [Auto | Running])
SRV - [2008/01/19 08:36:09 | 00,658,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\p2psvc.dll -- (p2pimsvc [On_Demand | Stopped])
SRV - [2008/01/19 08:36:09 | 00,658,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\p2psvc.dll -- (p2psvc [On_Demand | Stopped])
SRV - [2008/01/19 08:36:03 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pcasvc.dll -- (PcaSvc [Auto | Running])
SRV - [2008/01/19 08:36:06 | 01,502,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pla.dll -- (pla [On_Demand | Stopped])
SRV - [2008/01/19 08:36:45 | 00,221,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay [Auto | Running])
SRV - [2008/01/19 08:33:32 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe -- (Pml Driver HPZ12 [Auto | Stopped])
SRV - [2008/01/19 08:36:09 | 00,658,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\p2psvc.dll -- (PNRPAutoReg [On_Demand | Stopped])
SRV - [2008/01/19 08:36:09 | 00,658,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\p2psvc.dll -- (PNRPsvc [On_Demand | Stopped])
SRV - [2008/06/19 04:31:48 | 00,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ipsecsvc.dll -- (PolicyAgent [On_Demand | Stopped])
SRV - [2008/01/19 08:36:11 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profsvc.dll -- (ProfSvc [Auto | Running])
SRV - [2008/01/19 08:33:14 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe -- (ProtectedStorage [On_Demand | Running])
SRV - [2008/01/19 08:36:14 | 00,243,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\qwave.dll -- (QWAVE [On_Demand | Stopped])
SRV - [2008/01/19 08:36:15 | 00,090,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasauto.dll -- (RasAuto [On_Demand | Stopped])
SRV - [2008/01/19 08:36:15 | 00,260,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasmans.dll -- (RasMan [On_Demand | Stopped])
SRV - [2008/01/19 08:34:53 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mprdim.dll -- (RemoteAccess [Disabled | Stopped])
SRV - [2008/01/19 08:36:16 | 00,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\regsvc.dll -- (RemoteRegistry [Disabled | Stopped])
SRV - [2007/01/12 14:26:10 | 00,262,247 | ---- | M] () -- C:\Program Files\Cyberlink\Shared files\RichVideo.exe -- (RichVideo [Auto | Running])
SRV - [2006/11/02 10:45:21 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\locator.exe -- (RpcLocator [On_Demand | Stopped])
SRV - [2009/03/03 05:39:32 | 00,551,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll -- (RpcSs [Unknown | Running])
SRV - [2008/01/19 08:33:14 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe -- (SamSs [Auto | Running])
SRV - [2008/08/14 13:39:56 | 00,809,296 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService [Auto | Running])
SRV - [2008/01/19 08:36:19 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [Unknown | Stopped])
SRV - [2008/01/19 08:36:19 | 00,596,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schedsvc.dll -- (Schedule [Unknown | Stopped])
SRV - [2008/01/19 08:33:51 | 00,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\certprop.dll -- (SCPolicySvc [Unknown | Stopped])
SRV - [2008/01/19 08:36:20 | 00,104,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SDRSVC.dll -- (SDRSVC [On_Demand | Stopped])
SRV - [2008/01/19 08:36:20 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\seclogon.dll -- (seclogon [On_Demand | Stopped])
SRV - [2008/01/19 08:36:21 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sens.dll -- (SENS [Auto | Running])
SRV - [2009/03/04 11:25:12 | 00,621,056 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])
SRV - [2008/01/19 08:36:21 | 00,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sessenv.dll -- (SessionEnv [On_Demand | Stopped])
SRV - [2008/01/19 08:34:34 | 00,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess [Disabled | Stopped])
SRV - [2008/01/19 08:36:30 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection [Auto | Running])
SRV - [2008/01/19 08:33:22 | 02,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe -- (slsvc [Auto | Running])
SRV - [2008/01/19 08:36:30 | 00,057,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLUINotify.dll -- (SLUINotify [On_Demand | Stopped])
SRV - [2006/11/02 10:45:46 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])
SRV - [2008/01/19 08:33:32 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe -- (Spooler [Auto | Running])
SRV - [2008/01/19 08:36:36 | 00,155,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ssdpsrv.dll -- (SSDPSRV [On_Demand | Running])
SRV - [2008/01/19 08:36:36 | 00,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sstpsvc.dll -- (SstpSvc [On_Demand | Stopped])
SRV - [2008/01/19 08:36:53 | 00,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wiaservc.dll -- (stisvc [Auto | Running])
SRV - [2008/01/19 08:36:37 | 00,310,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\swprv.dll -- (swprv [On_Demand | Stopped])
SRV - [2008/01/19 08:36:38 | 00,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sysmain.dll -- (SysMain [Auto | Running])
SRV - [2006/11/02 13:34:40 | 00,068,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TabSvc.dll -- (TabletInputService [Auto | Running])
SRV - [2008/01/19 08:36:39 | 00,242,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tapisrv.dll -- (TapiSrv [On_Demand | Running])
SRV - [2008/01/19 08:36:39 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tbssvc.dll -- (TBS [Auto | Stopped])
SRV - [2008/01/19 08:36:39 | 00,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\termsrv.dll -- (TermService [Auto | Running])
SRV - [2008/01/19 08:36:30 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shsvcs.dll -- (Themes [Auto | Running])
SRV - [2008/01/19 08:34:49 | 00,045,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mmcss.dll -- (THREADORDER [On_Demand | Stopped])
SRV - [2008/01/19 08:36:42 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\trkwks.dll -- (TrkWks [Auto | Running])
SRV - [2008/01/19 08:33:33 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\servicing\TrustedInstaller.exe -- (TrustedInstaller [Unknown | Stopped])
SRV - [2008/01/19 08:33:33 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect [On_Demand | Stopped])
SRV - [2008/01/19 08:36:46 | 00,259,072 | ---- | M (Microsoft Corporation) -- C:\Windows\System32\upnphost.dll -- (upnphost [On_Demand | Stopped])
SRV - [2008/01/19 08:36:47 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxsms.dll -- (UxSms [Auto | Running])
SRV - [2008/01/19 08:33:33 | 00,382,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vds.exe -- (vds [On_Demand | Stopped])
SRV - [2008/01/19 08:33:34 | 01,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssvc.exe -- (VSS [On_Demand | Stopped])
SRV - [2008/01/19 08:36:48 | 00,282,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\w32time.dll -- (W32Time [Auto | Running])
SRV - [2008/01/19 08:36:49 | 00,412,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wcncsvc.dll -- (wcncsvc [On_Demand | Stopped])
SRV - [2006/11/02 10:46:13 | 00,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WcsPlugInService.dll -- (WcsPlugInService [On_Demand | Stopped])
SRV - [2008/01/19 08:36:50 | 00,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wdi.dll -- (WdiServiceHost [Unknown | Stopped])
SRV - [2008/01/19 08:36:50 | 00,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wdi.dll -- (WdiSystemHost [Unknown | Running])
SRV - [2008/01/19 08:36:52 | 00,196,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\webclnt.dll -- (WebClient [On_Demand | Stopped])
SRV - [2008/01/19 08:36:52 | 00,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wecsvc.dll -- (Wecsvc [On_Demand | Stopped])
SRV - [2008/01/19 08:36:52 | 00,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wercplsupport.dll -- (wercplsupport [On_Demand | Stopped])
SRV - [2008/09/18 05:56:07 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WerSvc.dll -- (WerSvc [Auto | Running])
SRV - [2008/01/19 08:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2008/12/06 05:42:11 | 00,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll -- (WinHttpAutoProxySvc [On_Demand | Stopped])
SRV - [2008/01/19 08:36:59 | 00,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt [Auto | Running])
SRV - [2008/01/19 08:37:11 | 00,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WsmSvc.dll -- (WinRM [On_Demand | Stopped])
SRV - [2008/01/19 08:36:57 | 00,513,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlansvc.dll -- (Wlansvc [On_Demand | Stopped])
SRV - [2008/01/19 08:33:39 | 00,137,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiApSrv.exe -- (wmiApSrv [On_Demand | Stopped])
SRV - [2008/01/19 08:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2008/01/19 08:37:08 | 00,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcsvc.dll -- (WPCSvc [On_Demand | Stopped])
SRV - [2008/01/19 08:37:08 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpdbusenum.dll -- (WPDBusEnum [Auto | Running])
SRV - [2008/01/19 08:37:10 | 00,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wscsvc.dll -- (wscsvc [Auto | Running])
SRV - [2008/05/27 06:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])
SRV - [2008/10/16 22:13:38 | 01,809,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuaueng.dll -- (wuauserv [Auto | Running])
SRV - [2008/01/19 08:37:12 | 00,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFSvc.dll -- (wudfsvc [Auto | Running])
SRV - [2009/07/26 10:50:20 | 01,864,824 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe -- (a2free [Auto | Running])
0
Utilisateur anonyme
20 août 2009 à 17:19
je ne t ai pas demandé de scanner avec asquared

je peux avoir OTL.txt s'il te plait ?
0
color=#E56717]========== Driver Services (All) ==========[/color]

DRV - [2008/01/19 08:43:03 | 00,266,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\acpi.sys -- (ACPI [Boot | Running])
DRV - [2006/11/02 10:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2006/11/02 10:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2006/11/02 10:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2006/11/02 10:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2005/02/23 14:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) -- C:\Windows\System32\drivers\Afc.sys -- (Afc [On_Demand | Running])
DRV - [2008/01/19 06:57:03 | 00,273,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\afd.sys -- (AFD [System | Running])
DRV - [2006/11/02 10:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2006/11/02 10:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2006/11/02 10:49:59 | 00,054,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\amdagp.sys -- (amdagp [On_Demand | Stopped])
DRV - [2006/11/02 10:49:26 | 00,015,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\amdide.sys -- (amdide [Disabled | Stopped])
DRV - [2006/11/02 09:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\amdk7.sys -- (AmdK7 [Disabled | Stopped])
DRV - [2006/11/02 09:30:18 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\amdk8.sys -- (AmdK8 [Disabled | Stopped])
DRV - [2006/11/02 10:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2006/11/02 10:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2009/02/05 22:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\Windows\System32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2009/02/05 22:06:59 | 00,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\DRIVERS\aswMonFlt.sys -- (aswMonFlt [Auto | Running])
DRV - [2009/02/05 22:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr [System | Running])
DRV - [2009/02/05 22:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2009/02/05 22:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2008/01/19 06:56:29 | 00,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\asyncmac.sys -- (AsyncMac [On_Demand | Stopped])
DRV - [2008/01/19 08:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\atapi.sys -- (atapi [Boot | Running])
DRV - [2007/08/13 23:07:14 | 03,076,608 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\DRIVERS\atikmdag.sys -- (atikmdag [On_Demand | Running])
DRV - [2008/01/19 06:49:10 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\beep.sys -- (Beep [System | Running])
DRV - File not found -- -- (blbdrive [Disabled | Stopped])
DRV - [2008/01/19 06:28:26 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\bowser.sys -- (bowser [On_Demand | Running])
DRV - [2006/11/02 09:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006/11/02 09:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006/11/02 09:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006/11/02 09:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006/11/02 09:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006/11/02 09:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2006/11/02 09:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\bthmodem.sys -- (BTHMODEM [Disabled | Stopped])
DRV - [2008/01/19 06:28:02 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\cdfs.sys -- (cdfs [Disabled | Running])
DRV - [2008/01/19 06:49:51 | 00,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\cdrom.sys -- (cdrom [System | Running])
DRV - [2006/11/02 09:55:08 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\circlass.sys -- (circlass [Disabled | Stopped])
DRV - [2008/01/19 08:42:58 | 00,247,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CLFS.sys -- (CLFS [Unknown | Running])
DRV - [2006/11/02 10:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2006/11/02 10:49:32 | 00,018,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\compbatt.sys -- (Compbatt [Disabled | Stopped])
DRV - [2006/11/02 10:49:43 | 00,022,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\crcdisk.sys -- (crcdisk [Boot | Running])
DRV - [2006/11/02 09:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\crusoe.sys -- (Crusoe [Disabled | Stopped])
DRV - [2008/01/19 06:28:20 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Drivers\dfsc.sys -- (DfsC [System | Running])
DRV - [2008/01/19 08:42:20 | 00,055,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\disk.sys -- (disk [Boot | Running])
DRV - [2008/01/19 06:49:12 | 00,131,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\Dot4.sys -- (Dot4 [On_Demand | Stopped])
DRV - [2008/01/19 06:49:09 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\Dot4Prt.sys -- (Dot4Print [On_Demand | Stopped])
DRV - [2008/01/19 06:49:10 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\dot4usb.sys -- (dot4usb [On_Demand | Stopped])
DRV - [2008/01/19 06:53:16 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmkaud.sys -- (drmkaud [On_Demand | Stopped])
DRV - [2008/08/02 02:01:23 | 00,625,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl [On_Demand | Running])
DRV - [2006/11/02 08:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2008/01/19 08:42:11 | 00,143,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys -- (Ecache [Boot | Running])
DRV - [2006/11/02 10:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2008/01/19 06:28:01 | 00,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\exfat.sys -- (exfat [On_Demand | Stopped])
DRV - [2008/01/19 06:28:01 | 00,143,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fastfat.sys -- (fastfat [On_Demand | Running])
DRV - [2008/01/19 06:49:37 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\fdc.sys -- (fdc [On_Demand | Running])
DRV - [2008/01/19 08:42:31 | 00,058,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\fileinfo.sys -- (FileInfo [Boot | Running])
DRV - [2008/01/19 06:30:23 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace [On_Demand | Stopped])
DRV - [2006/11/02 09:51:32 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\flpydisk.sys -- (flpydisk [Disabled | Stopped])
DRV - [2008/01/19 08:42:38 | 00,192,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\fltmgr.sys -- (FltMgr [Boot | Running])
DRV - [2006/11/02 10:50:04 | 00,058,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\gagp30kx.sys -- (gagp30kx [On_Demand | Stopped])
DRV - [2006/11/02 08:36:49 | 00,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
DRV - [2008/01/19 05:30:49 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2006/11/02 09:55:22 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\hidbth.sys -- (HidBth [Disabled | Stopped])
DRV - [2006/11/02 09:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\hidir.sys -- (HidIr [Disabled | Stopped])
DRV - [2008/01/19 06:53:17 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\hidusb.sys -- (HidUsb [On_Demand | Stopped])
DRV - [2006/11/02 10:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2008/01/19 06:55:25 | 00,401,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\HTTP.sys -- (HTTP [On_Demand | Running])
DRV - [2006/11/02 10:49:49 | 00,027,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\i2omp.sys -- (i2omp [Disabled | Stopped])
DRV - [2008/01/19 06:49:18 | 00,054,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\i8042prt.sys -- (i8042prt [System | Running])
DRV - [2006/11/02 10:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])
DRV - [2006/11/02 10:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2006/12/07 18:12:02 | 00,076,584 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15 [Auto | Running])
DRV - [2007/06/22 10:34:12 | 01,788,056 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2006/11/02 10:49:24 | 00,014,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\intelide.sys -- (intelide [Disabled | Stopped])
DRV - [2008/01/19 06:27:21 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\intelppm.sys -- (intelppm [On_Demand | Running])
DRV - [2008/01/19 06:56:23 | 00,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\ipfltdrv.sys -- (IpFilterDriver [On_Demand | Stopped])
DRV - File
0
RV - File not found -- -- (IpInIp [On_Demand | Stopped])
DRV - [2006/11/02 09:42:03 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ipmidrv.sys -- (IPMIDRV [Disabled | Stopped])
DRV - [2008/01/19 06:56:28 | 00,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\ipnat.sys -- (IPNAT [On_Demand | Stopped])
DRV - [2008/01/19 06:55:19 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\irenum.sys -- (IRENUM [On_Demand | Stopped])
DRV - [2006/11/02 10:50:24 | 00,047,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\isapnp.sys -- (isapnp [Disabled | Stopped])
DRV - [2008/01/19 08:42:35 | 00,181,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\msiscsi.sys -- (iScsiPrt [On_Demand | Running])
DRV - [2006/11/02 10:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2006/11/02 10:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - [2008/01/19 08:41:52 | 00,035,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\kbdclass.sys -- (kbdclass [System | Running])
DRV - [2006/11/02 09:51:12 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\kbdhid.sys -- (kbdhid [System | Stopped])
DRV - [2008/01/19 08:43:25 | 00,441,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Drivers\ksecdd.sys -- (KSecDD [Boot | Running])
DRV - [2009/04/21 13:02:30 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2008/01/19 06:55:03 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\lltdio.sys -- (lltdio [Auto | Running])
DRV - [2006/11/02 10:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2006/11/02 10:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2006/11/02 10:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2008/01/19 06:30:36 | 00,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\luafv.sys -- (luafv [Disabled | Stopped])
DRV - [2006/11/02 10:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2008/01/19 06:57:16 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\modem.sys -- (Modem [On_Demand | Stopped])
DRV - [2008/01/19 06:52:19 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\monitor.sys -- (monitor [On_Demand | Running])
DRV - [2008/01/19 08:41:52 | 00,034,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\mouclass.sys -- (mouclass [System | Running])
DRV - [2008/01/19 06:49:16 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\mouhid.sys -- (mouhid [On_Demand | Stopped])
DRV - [2008/01/19 08:42:28 | 00,057,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mountmgr.sys -- (MountMgr [Boot | Running])
DRV - [2006/11/02 10:50:16 | 00,078,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mpio.sys -- (mpio [Disabled | Stopped])
DRV - [2008/01/19 06:54:46 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv [On_Demand | Running])
DRV - [2006/11/02 10:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2008/01/19 06:28:45 | 00,110,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mrxdav.sys -- (MRxDAV [On_Demand | Stopped])
DRV - [2008/01/19 06:28:36 | 00,105,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\mrxsmb.sys -- (mrxsmb [On_Demand | Running])
DRV - [2008/08/27 02:05:41 | 00,212,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\mrxsmb10.sys -- (mrxsmb10 [On_Demand | Running])
DRV - [2008/01/19 06:28:37 | 00,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\mrxsmb20.sys -- (mrxsmb20 [On_Demand | Running])
DRV - [2006/11/02 10:49:44 | 00,023,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\msahci.sys -- (msahci [Disabled | Stopped])
DRV - [2006/11/02 10:50:17 | 00,080,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\msdsm.sys -- (msdsm [Disabled | Stopped])
DRV - [2008/01/19 06:28:09 | 00,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msfs.sys -- (Msfs [System | Running])
DRV - [2008/01/19 08:41:14 | 00,016,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\msisadrv.sys -- (msisadrv [Boot | Running])
DRV - [2008/01/19 06:49:20 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\MSKSSRV.sys -- (MSKSSRV [On_Demand | Stopped])
DRV - [2008/01/19 06:49:18 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\MSPCLOCK.sys -- (MSPCLOCK [On_Demand | Stopped])
DRV - [2008/01/19 06:49:18 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\MSPQM.sys -- (MSPQM [On_Demand | Stopped])
DRV - [2008/01/19 08:42:29 | 00,163,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC [On_Demand | Stopped])
DRV - [2008/01/19 08:41:49 | 00,031,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\mssmbios.sys -- (mssmbios [On_Demand | Running])
DRV - [2008/01/19 06:49:19 | 00,006,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\MSTEE.sys -- (MSTEE [On_Demand | Stopped])
DRV - [2008/01/19 08:42:14 | 00,049,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Drivers\mup.sys -- (Mup [Boot | Running])
DRV - [2008/05/20 03:07:31 | 00,148,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\nwifi.sys -- (NativeWifiP [On_Demand | Stopped])
DRV - [2008/01/19 08:43:31 | 00,529,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ndis.sys -- (NDIS [Boot | Running])
DRV - [2008/01/19 06:56:24 | 00,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\ndistapi.sys -- (NdisTapi [On_Demand | Running])
DRV - [2008/01/19 06:55:40 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\ndisuio.sys -- (Ndisuio [On_Demand | Stopped])
DRV - [2008/01/19 06:56:33 | 00,121,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\ndiswan.sys -- (NdisWan [On_Demand | Running])
DRV - [2008/01/19 06:56:28 | 00,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndproxy.sys -- (NDProxy [On_Demand | Running])
DRV - [2008/01/19 06:55:45 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\netbios.sys -- (NetBIOS [System | Running])
DRV - [2008/01/19 06:55:35 | 00,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\netbt.sys -- (netbt [System | Running])
DRV - [2006/11/02 10:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2009/02/09 07:37:46 | 00,017,664 | ---- | M] (Nokia) -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd [On_Demand | Stopped])
DRV - [2009/02/09 07:37:46 | 00,022,016 | ---- | M] (Nokia) -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc [On_Demand | Stopped])
DRV - [2008/01/19 06:28:10 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\npfs.sys -- (Npfs [System | Running])
DRV - [2008/01/19 06:55:50 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy [System | Running])
DRV - [2008/01/19 08:43:40 | 01,081,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ntfs.sys -- (Ntfs [On_Demand | Running])
DRV - [2007/07/10 13:32:06 | 00,006,144 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Windows\System32\DRIVERS\NTIDrvr.sys -- (NTIDrvr [On_Demand | Running])
DRV - [2006/11/02 08:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2008/01/19 06:49:12 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\null.sys -- (Null [System | Running])
DRV - [2006/11/02 10:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
DRV - [2006/11/02 10:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
DRV - [2006/11/02 10:50:40 | 00,106,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\nv_agp.sys -- (nv_agp [On_Demand | Stopped])
DRV - File not found -- -- (NwlnkFlt [On_Demand | Stopped])
DRV - File not found -- -- (NwlnkFwd [On_Demand | Stopped])
DRV - [2008/01/19 06:53:33 | 00,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\ohci1394.sys -- (ohci1394 [On_Demand | Running])
DRV - [2008/01/19 06:49:33 | 00,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\parport.sys -- (Parport [On_Demand | Running])
DRV - [2008/01/19 08:42:23 | 00,056,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\partmgr.sys -- (partmgr [Boot | Running])
DRV - [2008/01/19 06:49:28 | 00,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\parvdm.sys -- (Parvdm [Auto | Running])
DRV - [2008/08/26 10:26:12 | 00,018,816 | ---- | M] (Nokia) -- C:\Windows\System32\DRIVERS\pccsmcfd.sys -- (pccsmcfd [On_Demand | Stopped])
DRV - [2008/01/19 08:42:20 | 00,151,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\pci.sys -- (pci [Boot | Running])
DRV - [2008/01/19 08:41:13 | 00,016,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\pciide.sys -- (pciide [Boot | Running])
DRV - [2006/11/02 10:51:12 | 00,167,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\pcmcia.sys -- (pcmcia [Disabled | Stopped])
DRV - [2006/11/02 10:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\peauth.sys -- (PEAUTH [Auto | Running])
DRV - [2008/01/19 06:56:34 | 00,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\raspptp.sys -- (PptpMiniport [On_Demand | Running])
DRV - [2006/11/02 09:30:18 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\processr.sys -- (Processor [Disabled | Stopped])
DRV - [2008/04/05 02:21:42 | 00,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\pacer.sys -- (PSched [System | Running])
DRV - [2007/04/25 15:34:38 | 00,020,776 | ---- | M] (HiTRUST) -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter [Boot | Running])
DRV - [2007/04/25 15:34:44 | 00,016,680 | ---- | M] (HiTRUST) -- C:\Windows\system32\drivers\PSDNServ.sys -- (PSDNServ [Boot | Running])
DRV - [2007/04/25 15:34:40 | 00,060,712 | ---- | M] (HiTRUST) -- C:\Windows\system32\drivers\psdvdisk.sys -- (psdvdisk [Boot | Running])
DRV - [2006/11/02 10:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2006/11/02 10:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2008/01/19 06:56:07 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\qwavedrv.sys -- (QWAVEdrv [On_Demand | Stopped])
DRV - [2008/01/19 06:56:31 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\rasacd.sys -- (RasAcd [System | Running])
DRV - [2008/01/19 06:56:34 | 00,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\rasl2tp.sys -- (Rasl2tp [On_Demand | Running])
DRV - [2008/01/19 06:56:33 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\raspppoe.sys -- (RasPppoe [On_Demand | Running])
DRV - [2008/01/19 06:56:43 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\rassstp.sys -- (RasSstp [On_Demand | Running])
DRV - [2008/01/19 06:28:37 | 00,224,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\rdbss.sys -- (rdbss [System | Running])
DRV - [2008/01/19 07:01:08 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\RDPCDD.sys -- (RDPCDD [System | Running])
DRV - [2006/11/02 10:03:00 | 00,242,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\rdpdr.sys -- (rdpdr [Disabled | Stopped])
DRV - [2008/01/19 07:01:09 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpencdd.sys -- (RDPENCDD [System | Running])
DRV - [2008/01/19 07:01:21 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpwd.sys -- (RDPWD [On_Demand | Stopped])
DRV - [2008/01/19 06:55:03 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\rspndr.sys -- (rspndr [Auto | Running])
DRV - [2006/11/02 10:50:16 | 00,076,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\sbp2port.sys -- (sbp2port [Disabled | Stopped])
DRV - [2006/11/02 07:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2008/01/19 06:49:29 | 00,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\serenum.sys -- (Serenum [On_Demand | Running])
DRV - [2008/01/19 06:49:35 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\serial.sys -- (Serial [System | Running])
DRV - [2008/01/19 06:49:16 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\sermouse.sys -- (sermouse [Disabled | Stopped])
DRV - [2006/11/02 09:51:38 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\sffdisk.sys -- (sffdisk [Disabled | Stopped])
DRV - [2006/11/02 09:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\sffp_mmc.sys -- (sffp_mmc [On_Demand | Stopped])
DRV - [2006/11/02 09:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])
DRV - [2006/11/02 09:51:40 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\sfloppy.sys -- (sfloppy [Disabled | Stopped])
DRV - [2007/06/05 12:08:56 | 00,454,520 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\Windows\System32\DRIVERS\SISGRKMD.sys -- (SiS6350 [On_Demand | Stopped])
DRV - [2007/01/24 10:08:06 | 00,056,184 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\Windows\system32\DRIVERS\SISAGPX.sys -- (SISAGP [Boot | Running])
DRV - [2007/01/22 09:09:08 | 00,046,592 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\System32\DRIVERS\SiSGB6.sys -- (SiSGbeLH [On_Demand | Running])
DRV - [2006/11/02 10:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
DRV - [2006/11/02 10:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
DRV - [2008/01/19 06:55:27 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\smb.sys -- (Smb [System | Running])
DRV - [2008/01/19 08:41:30 | 00,021,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys -- (spldr [Boot | Running])
DRV - [2008/12/16 03:42:39 | 00,288,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\srv.sys -- (srv [On_Demand | Running])
DRV - [2008/01/19 06:29:15 | 00,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\srv2.sys -- (srv2 [On_Demand | Running])
DRV - [2008/01/19 06:29:12 | 00,098,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\srvnet.sys -- (srvnet [On_Demand | Running])
DRV - [2008/01/19 08:41:14 | 00,015,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\swenum.sys -- (swenum [On_Demand | Running])
DRV - [2006/11/02 10:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
DRV - [2006/11/02 10:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
DRV - [2006/11/02 10:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
DRV - [2008/04/26 09:08:16 | 00,891,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys -- (Tcpip [Boot | Running])
DRV - [2008/04/26 09:08:16 | 00,891,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\tcpip.sys -- (Tcpip6 [On_Demand | Stopped])
DRV - [2008/01/19 06:56:07 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg [Auto | Running])
DRV - [2008/01/19 07:01:07 | 00,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdpipe.sys -- (TDPIPE [On_Demand | Stopped])
DRV - [2008/01/19 07:01:08 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdtcp.sys -- (TDTCP [On_Demand | Stopped])
DRV - [2008/01/19 06:55:58 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\tdx.sys -- (tdx [System | Running])
DRV - [2008/01/19 08:42:19 | 00,054,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\termdd.sys -- (TermDD [System | Running])
DRV - [2008/01/19 07:01:15 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\tssecsrv.sys -- (tssecsrv [On_Demand | Stopped])
DRV - [2008/01/19 06:55:41 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\tunmp.sys -- (tunmp [On_Demand | Running])
DRV - [2008/01/19 06:55:50 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\tunnel.sys -- (tunnel [On_Demand | Stopped])
DRV - [2006/11/02 10:49:59 | 00,056,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\uagp35.sys -- (uagp35 [Boot | Running])
DRV - [2008/01/19 06:28:08 | 00,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\udfs.sys -- (udfs [Disabled | Stopped])
DRV - [2006/11/02 10:50:04 | 00,058,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\uliagpkx.sys -- (uliagpkx [On_Demand | Stopped])
DRV - [2006/11/02 10:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
DRV - [2006/11/02 10:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
DRV - [2006/11/02 10:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
DRV - [2008/01/19 06:53:40 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\umbus.sys -- (umbus [On_Demand | Running])
DRV - [2009/02/09 07:37:48 | 00,007,808 | ---- | M] (Nokia) -- C:\Windows\System32\DRIVERS\usbser_lowerflt.sys -- (upperdev [On_Demand | Stopped])
DRV - [2008/01/19 06:53:23 | 00,073,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - File no
0
le not found -- -- (USBCamera [On_Demand | Stopped])
DRV - [2008/01/19 06:53:29 | 00,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\usbccgp.sys -- (usbccgp [On_Demand | Stopped])
DRV - [2006/11/02 09:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\usbcir.sys -- (usbcir [Disabled | Stopped])
DRV - [2008/01/19 06:53:21 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\usbehci.sys -- (usbehci [On_Demand | Running])
DRV - [2008/01/19 06:53:42 | 00,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\usbhub.sys -- (usbhub [On_Demand | Running])
DRV - [2008/01/19 06:53:21 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\usbohci.sys -- (usbohci [On_Demand | Running])
DRV - [2008/01/19 07:14:40 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\usbprint.sys -- (usbprint [On_Demand | Stopped])
DRV - [2008/01/19 07:14:09 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\usbscan.sys -- (usbscan [On_Demand | Stopped])
DRV - [2008/01/19 06:53:22 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\usbser.sys -- (usbser [On_Demand | Stopped])
DRV - [2008/01/19 06:53:22 | 00,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\USBSTOR.SYS -- (USBSTOR [On_Demand | Running])
DRV - [2006/11/02 09:55:05 | 00,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\usbuhci.sys -- (usbuhci [Disabled | Stopped])
DRV - [2006/11/02 09:53:56 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\vgapnp.sys -- (vga [On_Demand | Stopped])
DRV - [2008/01/19 06:52:06 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vga.sys -- (VgaSave [System | Running])
DRV - [2006/11/02 10:49:52 | 00,054,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\viaagp.sys -- (viaagp [On_Demand | Stopped])
DRV - [2006/11/02 09:30:19 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\viac7.sys -- (ViaC7 [Disabled | Stopped])
DRV - [2006/11/02 10:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
DRV - [2008/01/19 08:42:18 | 00,052,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\volmgr.sys -- (volmgr [Boot | Running])
DRV - [2008/01/19 08:43:03 | 00,294,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx [Boot | Running])
DRV - [2008/01/19 08:42:48 | 00,227,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\volsnap.sys -- (volsnap [Boot | Running])
DRV - [2006/11/02 10:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
DRV - [2006/11/02 09:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\wacompen.sys -- (WacomPen [Disabled | Stopped])
DRV - [2008/01/19 06:56:31 | 00,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\wanarp.sys -- (Wanarp [On_Demand | Stopped])
DRV - [2008/01/19 06:56:31 | 00,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\wanarp.sys -- (Wanarpv6 [System | Running])
DRV - [2006/11/02 10:49:38 | 00,019,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\wd.sys -- (Wd [Disabled | Stopped])
DRV - [2008/01/19 08:43:27 | 00,503,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\Wdf01000.sys -- (Wdf01000 [Boot | Running])
DRV - [2006/11/02 09:35:03 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\wmiacpi.sys -- (WmiAcpi [Disabled | Stopped])
DRV - [2008/01/19 07:04:19 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\wpdusb.sys -- (WpdUsb [On_Demand | Stopped])
DRV - [2008/01/19 06:56:49 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ws2ifsl.sys -- (ws2ifsl [Disabled | Stopped])
DRV - [2006/09/19 16:47:04 | 00,080,744 | ---- | M] (Wasay) -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD [On_Demand | Stopped])
DRV - [2008/01/19 06:53:04 | 00,083,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\WUDFRd.sys -- (WUDFRd [On_Demand | Running])

[color=#E56717]========== Standard Registry (All) ==========/color


[color=#E56717]========== Internet Explorer ==========/color

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fsearch%2flobby%2fsearch.asp%3f
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.hugedomains.com/domain_profile.cfm?d=cooxer&e=com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-1045278646-3694467463-1462972102-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKU\S-1-5-21-1045278646-3694467463-1462972102-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fsearch%2flobby%2fsearch.asp%3f
IE - HKU\S-1-5-21-1045278646-3694467463-1462972102-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1045278646-3694467463-1462972102-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-1045278646-3694467463-1462972102-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1045278646-3694467463-1462972102-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = https://search.yahoo.com/web{searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1045278646-3694467463-1462972102-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
IE - HKU\S-1-5-21-1045278646-3694467463-1462972102-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1045278646-3694467463-1462972102-1000\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/saautosearch.aspx
IE - HKU\S-1-5-21-1045278646-3694467463-1462972102-1000\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKU\S-1-5-21-1045278646-3694467463-1462972102-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1045278646-3694467463-1462972102-1000\S-1-5-21-1045278646-3694467463-1462972102-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========/color
0
FF - prefs.js..browser.startup.homepage: "https://www.orange.fr/portail"

FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/06 17:07:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/06 17:06:48 | 00,000,000 | ---D | M]

[2009/08/10 10:29:13 | 00,000,000 | ---D | M] -- C:\Users\bob\AppData\Roaming\mozilla\Extensions
[2009/08/10 10:29:13 | 00,000,000 | ---D | M] -- C:\Users\bob\AppData\Roaming\mozilla\Extensions\MediaCoder
[2009/08/06 10:54:07 | 00,000,000 | ---D | M] -- C:\Users\bob\AppData\Roaming\mozilla\Firefox\Profiles\evvj3jmp.default\extensions
[2009/08/06 17:07:02 | 00,000,000 | ---D | M] -- C:\Users\bob\AppData\Roaming\mozilla\Firefox\Profiles\l4r4gg60.default\extensions
[2009/08/17 16:06:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/06 17:06:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/07 12:36:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org
[2008/12/18 00:04:44 | 00,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2008/12/18 00:04:44 | 00,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2008/12/18 00:04:44 | 00,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2008/12/18 00:04:44 | 00,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2008/12/18 00:04:44 | 00,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2008/12/18 00:04:44 | 00,022,656 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/09/06 19:27:53 | 00,001,529 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2006/06/03 21:11:43 | 00,001,072 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2007/01/17 23:05:32 | 00,002,368 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2006/09/06 21:56:53 | 00,000,760 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MediaDICO-fr.xml
[2008/03/29 21:28:40 | 00,001,441 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2006/09/11 20:46:49 | 00,000,664 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml
[2009/08/17 16:00:04 | 00,000,811 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (321558 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 11018 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmes\Spybot - Search & Destroy\SDHelper.dll File not found
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKU\S-1-5-21-1045278646-3694467463-1462972102-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [avast!] C:\Programmes\Alwil Software\Avast4\ashDisp.exe File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-1045278646-3694467463-1462972102-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmes\Spybot - Search & Destroy\SDHelper.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1045278646-3694467463-1462972102-1000\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
0
O33 - MountPoints2\{1a2b7ae9-2f22-11de-a9a4-001c2557e1d0}\Shell\AutoRun\command - "" = TUBE3287[1].EXE
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2009/08/19 16:32:16 | 00,000,774 | ---- | C] () -- C:\Users\Public\Desktop\a-squared Free.lnk
[2009/08/19 15:41:19 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Users\bob\Desktop\OTL.exe
[2009/08/19 10:44:38 | 00,000,000 | ---D | C] -- C:\Program Files\bboulou
[2009/08/19 10:01:47 | 00,000,000 | ---D | C] -- C:\Kill'em
[2009/08/19 03:10:44 | 02,468,628 | -H-- | C] () -- C:\Users\bob\AppData\Local\IconCache.db
[2009/08/19 01:35:29 | 00,108,032 | ---- | C] () -- C:\Users\bob\Desktop\List_Killem.exe
[2009/08/19 01:01:36 | 00,000,054 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2009/08/19 01:01:36 | 00,000,039 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2009/08/18 14:28:44 | 00,000,000 | ---D | C] -- C:\Windows\Temp(805)
[2009/08/18 14:28:44 | 00,000,000 | ---D | C] -- C:\Users\bob\AppData\Local\temp(582)
[2009/08/18 14:28:10 | 00,000,000 | ---D | C] -- C:\$RECYCLE(0).BIN
[2009/08/18 13:51:56 | 00,000,000 | ---D | C] -- C:\Users\bob\AppData\Roaming\Lavasoft
[2009/08/18 11:41:26 | 00,000,000 | ---D | C] -- C:\_OTM
[2009/08/17 13:15:45 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/08/17 12:30:40 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/08/17 12:30:29 | 00,000,000 | ---D | C] -- C:\Users\bob\AppData\Roaming\SUPERAntiSpyware.com
[2009/08/17 12:30:29 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/08/17 12:30:01 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/08/17 01:15:02 | 00,000,514 | ---- | C] () -- C:\Users\bob\Desktop\RSIT - Raccourci.lnk
[2009/08/16 23:29:05 | 00,000,000 | ---D | C] -- C:\rsit
[2009/08/16 19:50:34 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2009/08/16 01:41:23 | 00,000,000 | ---D | C] -- C:\Users\bob\Documents\a-squared Free
[2009/08/13 16:49:28 | 00,001,692 | ---- | C] () -- C:\Users\bob\Desktop\Moovida.lnk
[2009/08/12 16:24:52 | 00,000,000 | ---D | C] -- C:\Users\bob\AppData\Roaming\Python-Eggs
[2009/08/12 16:23:25 | 00,000,000 | ---D | C] -- C:\Program Files\Moovida
[2009/08/12 00:00:38 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
[2009/08/12 00:00:37 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wkssvc.dll
[2009/08/12 00:00:35 | 02,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstscax.dll
[2009/08/12 00:00:33 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2009/08/12 00:00:28 | 10,626,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/08/12 00:00:27 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpdxm.dll
[2009/08/12 00:00:27 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/08/12 00:00:26 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/08/12 00:00:26 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/08/12 00:00:25 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/08/12 00:00:25 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2009/08/12 00:00:25 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2009/08/11 22:09:56 | 00,000,000 | ---D | C] -- C:\Users\bob\Documents\MakeDiscVideo
[2009/08/11 22:09:51 | 00,000,000 | ---D | C] -- C:\Users\bob\AppData\Local\PowerCinema
[2009/08/11 01:57:08 | 00,080,384 | ---- | C] () -- C:\Users\bob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/11 01:22:50 | 00,196,608 | ---- | C] () -- C:\Windows\SPInstall.etl
[2009/08/11 01:06:48 | 00,076,488 | ---- | C] () -- C:\Users\bob\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/08/10 10:41:36 | 00,000,099 | ---- | C] () -- C:\Users\bob\AppData\Roaming\MPUI.ini
[2009/08/10 10:24:29 | 00,000,000 | ---D | C] -- C:\Users\bob\AppData\Roaming\Broad Intelligence
[2009/08/10 10:23:23 | 00,000,000 | ---D | C] -- C:\Users\bob\AppData\Roaming\OpenCandy
[2009/08/10 10:22:46 | 00,000,000 | ---D | C] -- C:\Program Files\MediaCoder
[2009/08/08 12:33:13 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
[2009/08/06 17:06:49 | 00,001,728 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/08/06 10:54:06 | 00,000,000 | ---D | C] -- C:\Users\bob\AppData\Roaming\Mozilla
[2009/08/06 10:54:06 | 00,000,000 | ---D | C] -- C:\Users\bob\AppData\Local\Mozilla
[2009/08/06 10:54:00 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/07/28 11:54:43 | 03,583,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/07/28 11:54:43 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/07/28 11:54:42 | 06,069,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/07/28 11:54:40 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/07/28 11:54:39 | 00,827,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/07/28 11:54:39 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/07/28 11:54:39 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/07/28 11:54:38 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/07/28 11:54:37 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/07/28 11:54:37 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/07/28 11:54:37 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/07/28 11:54:37 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009/07/28 11:54:37 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/07/28 11:54:36 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/07/28 11:54:36 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/07/27 17:10:47 | 00,000,000 | ---D | C] -- C:\Users\bob\AppData\Roaming\Talkback
[2009/07/24 13:05:47 | 00,000,000 | ---D | C] -- C:\Users\bob\Documents\Retinax
[2009/07/21 16:52:58 | 00,000,000 | ---D | C] -- C:\Users\bob\AppData\Roaming\GRETECH
[2009/07/21 16:52:26 | 00,000,906 | ---- | C] () -- C:\Users\Public\Desktop\GOM Player.lnk
[2009/07/19 15:41:23 | 00,000,000 | ---D | C] -- C:\Users\bob\AppData\Roaming\Media Player Classic
[2009/07/17 01:26:44 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2009/07/17 01:26:44 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2009/07/17 01:26:44 | 00,001,853 | ---- | C] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2009/07/17 01:26:42 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2009/07/17 01:26:42 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\Windows\System32\AvastSS.scr
[2009/07/17 01:26:42 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2009/07/17 01:26:23 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2009/07/17 01:26:23 | 00,380,928 | ---- | C] () -- C:\Windows\System32\actskin4.ocx
[2009/07/17 01:26:23 | 00,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2009/07/17 01:26:21 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/07/15 09:40:06 | 00,000,906 | ---- | C] () -- C:\Users\bob\Desktop\PC Health Optimizer Free Edition.lnk
[2009/07/15 09:40:04 | 00,079,872 | ---- | C] () -- C:\Windows\System32\vbalSGrid6.oca
[2009/07/15 09:40:04 | 00,049,152 | ---- | C] () -- C:\Windows\System32\ExplorerBarXP2.oca
[2009/07/15 09:40:04 | 00,032,768 | ---- | C] () -- C:\Windows\System32\tssOfficeMenu1d.oca
[2009/07/15 09:40:04 | 00,030,720 | ---- | C] () -- C:\Windows\System32\lvbuttons.oca
[2009/07/15 09:40:04 | 00,025,600 | ---- | C] () -- C:\Windows\System32\tssPopupNotify.oca
[2009/07/15 09:40:04 | 00,018,432 | ---- | C] () -- C:\Windows\System32\vbaliml6.oca
[2009/07/15 09:40:04 | 00,016,896 | ---- | C] () -- C:\Windows\System32\hmfax.oca
[2009/07/15 09:40:01 | 00,000,000 | ---D | C] -- C:\Program Files\PC Health Optimizer Free Edition
[2009/07/14 14:52:14 | 00,001,878 | ---- | C] () -- C:\Users\bob\Desktop\coucou.lnk
[2009/07/14 01:07:13 | 00,000,000 | ---D | C] -- C:\Users\bob\Documents\GomPlayer
[2009/07/14 01:06:08 | 00,000,000 | ---D | C] -- C:\Program Files\GRETECH
[2009/07/14 00:59:43 | 00,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2009/07/14 00:59:43 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2009/07/14 00:59:43 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2009/07/14 00:59:43 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2009/07/13 02:09:37 | 01,878,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\bob\Desktop\install_flash_player.exe
[2009/06/30 15:44:08 | 00,055,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2009/02/13 19:26:30 | 00,000,028 | ---- | C] () -- C:\Windows\wazpnmp.sys
[2008/08/28 14:19:33 | 00,007,464 | ---- | C] () -- C:\Windows\wininit.ini
[2008/04/29 18:42:25 | 00,000,566 | ---- | C] () -- C:\Windows\System32\SP7302.INI
[2008/02/11 09:39:26 | 00,253,952 | ---- | C] () -- C:\Windows\System32\OnlineScannerDLLA.dll
[2008/02/11 09:39:18 | 00,237,568 | ---- | C] () -- C:\Windows\System32\OnlineScannerDLLW.dll
[2008/02/08 13:53:46 | 00,110,592 | ---- | C] () -- C:\Windows\System32\OnlineScannerLang.dll
[2007/12/20 21:29:41 | 00,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2007/12/20 21:29:41 | 00,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2007/12/10 18:34:36 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/07/27 14:49:02 | 00,225,355 | ---- | C] () -- C:\Windows\System32\lnod32apiW.dll
[2007/07/27 14:49:02 | 00,196,683 | ---- | C] () -- C:\Windows\System32\lnod32apiA.dll
[2007/07/10 23:13:19 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007/07/10 21:29:04 | 00,000,443 | ---- | C] () -- C:\Windows\generic.ini
[2007/07/10 21:29:04 | 00,000,110 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007/07/10 13:15:24 | 00,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[2007/07/10 13:15:21 | 00,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007/04/25 15:33:22 | 00,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007/04/25 15:32:50 | 00,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007/04/25 15:32:46 | 00,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007/04/25 15:30:52 | 00,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2006/12/25 14:44:48 | 00,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/02 11:23:31 | 00,000,222 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 11:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/12/05 19:25:22 | 00,139,264 | ---- | C] () -- C:\Windows\System32\lnod32umc.dll
[2005/12/05 12:37:10 | 00,106,496 | ---- | C] () -- C:\Windows\System32\lnod32upd.dll
[2001/12/26 14:12:30 | 00,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/03 21:46:38 | 00,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 14:33:56 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 20:04:36 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
0
depuit que g esseyer de couper otl je ne pe plus l ouvrire donc je n arrive pas a lenvoyer
0
Utilisateur anonyme
20 août 2009 à 17:20
ben refais le scan comme précité
0
avez vous otl?
0
Utilisateur anonyme
20 août 2009 à 18:48
non
0
OTL logfile created on: 19/08/2009 17:20:35 - Run 2
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\bob\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 63,78% Memory free
4,00 Gb Paging File | 3,36 Gb Available in Paging File | 84,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,77 Gb Total Space | 44,01 Gb Free Space | 63,07% Space Free | Partition Type: NTFS
Drive D: | 69,52 Gb Total Space | 69,43 Gb Free Space | 99,87% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC-DE-BOB
Current User Name: bob
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 60 Days
Output = Standard

[color=#E56717]========== Processes (All) ==========/color

PRC - [2008/01/19 08:33:31 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe
PRC - [2008/01/19 08:33:05 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe
PRC - [2008/01/19 08:33:37 | 00,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
PRC - [2008/01/19 08:33:05 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe
PRC - [2008/01/19 08:33:28 | 00,279,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe
PRC - [2008/01/19 08:33:14 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
PRC - [2008/01/19 08:33:14 | 00,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
PRC - [2008/01/19 08:33:37 | 00,314,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe
PRC - [2008/01/19 08:33:32 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe
PRC - [2008/01/19 08:33:32 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe
PRC - [2008/01/19 08:33:32 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe
PRC - [2007/08/13 22:53:32 | 00,610,304 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
PRC - [2008/01/19 08:33:32 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe
PRC - [2008/01/19 08:33:32 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe
PRC - [2008/01/19 08:33:32 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe
PRC - [2008/01/19 08:33:32 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe
PRC - [2008/01/19 08:33:22 | 02,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
PRC - [2008/01/19 08:33:32 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe
PRC - [2007/08/13 22:53:32 | 00,610,304 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
PRC - [2008/01/19 08:33:32 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe
PRC - [2009/02/05 22:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/02/05 22:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2008/01/19 08:33:32 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe
PRC - [2008/01/19 08:33:32 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe
PRC - [2007/04/16 17:48:12 | 00,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
PRC - [2007/01/12 20:25:28 | 00,274,520 | ---- | M] () -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe
PRC - [2007/01/17 10:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2007/01/12 14:26:10 | 00,262,247 | ---- | M] () -- C:\Program Files\Cyberlink\Shared files\RichVideo.exe
PRC - [2008/01/19 08:33:32 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe
PRC - [2008/01/19 08:33:32 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe
PRC - [2008/05/27 06:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
PRC - [2007/07/03 10:40:10 | 00,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007/01/12 20:25:28 | 00,118,870 | ---- | M] () -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe
PRC - [2008/08/14 13:39:56 | 00,809,296 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/01/19 08:33:40 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2009/03/03 03:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2009/02/05 22:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/02/05 22:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2008/01/19 08:33:08 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Dwm.exe
PRC - [2008/10/29 07:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2009/02/05 22:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/07/26 10:50:20 | 01,864,824 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
PRC - [2008/01/19 08:33:12 | 00,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe
PRC - [2009/08/19 15:41:23 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\bob\Desktop\OTL.exe
0
je c pas si sa va vous arranger mais g reussi a l envoyer sur le premier hebergeur que vous m avez envoyer les lien son o numeros 63 des raport que je vous et envoyer sur comment ca marche;
0
Utilisateur anonyme
20 août 2009 à 19:31
ok j ai trouvé un autre hebergeur :

https://www.cjoint.com/
0
jlpjlp Messages postés 51574 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 042
21 août 2009 à 08:48
ok

comment va le pc?

remets un rapport combofix
0
bj jlpjlp je c pas si il va mieux je vous et refait un combo fix,comme ça vous me dirait si tout et rentrer d en l ordre si c possible bien sur.merciComboFix 09-08-20.03 - bob 20/08/2009 11:33.1.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6001.1.1252.33.1036.18.2047.1417 [GMT 1:00]
Running from: c:\users\bob\Downloads\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\2943f6.msi
c:\windows\Installer\29441b.msi
c:\windows\Installer\30447d.msi

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_kbiwkmmhiepspo
-------\Legacy_kungsfxslbmqwm
-------\Legacy_ovfsthbtpvrrctlhcnjifitsmeiwctxncetxxb
-------\Service_kbiwkmmhiepspo
-------\Service_kungsfxslbmqwm
-------\Service_ovfsthbtpvrrctlhcnjifitsmeiwctxncetxxb


((((((((((((((((((((((((( Files Created from 2009-07-20 to 2009-08-20 )))))))))))))))))))))))))))))))
.

2009-08-20 10:38 . 2009-08-20 10:40 -------- d-----w- c:\users\bob\AppData\Local\temp
2009-08-19 09:44 . 2009-08-19 09:44 -------- d-----w- c:\program files\bboulou
2009-08-19 09:01 . 2009-08-19 16:18 -------- d-----w- C:\Kill'em
2009-08-19 00:01 . 2009-08-19 00:19 54 ----a-w- c:\windows\system32\rp_stats.dat
2009-08-19 00:01 . 2009-08-19 00:19 39 ----a-w- c:\windows\system32\rp_rules.dat
2009-08-18 13:28 . 2009-08-18 23:53 -------- d-----w- c:\windows\Temp(805)
2009-08-18 13:28 . 2009-08-18 23:49 -------- d-----w- c:\users\bob\AppData\Local\temp(582)
2009-08-18 13:28 . 2009-08-18 13:28 -------- d-----w- C:\$RECYCLE(0).BIN
2009-08-18 12:51 . 2009-08-18 12:54 -------- d-----w- c:\users\bob\AppData\Roaming\Lavasoft
2009-08-18 10:41 . 2009-08-18 10:41 -------- d-----w- C:\_OTM
2009-08-17 11:30 . 2009-08-17 11:30 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-08-17 11:30 . 2009-08-17 11:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-17 11:30 . 2009-08-17 11:30 -------- d-----w- c:\users\bob\AppData\Roaming\SUPERAntiSpyware.com
2009-08-17 11:30 . 2009-08-17 11:30 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-16 22:29 . 2009-08-18 10:08 -------- d-----w- C:\rsit
2009-08-12 16:19 . 2009-08-15 01:15 -------- d-----w- c:\users\bob\.thumbnails
2009-08-12 15:25 . 2009-05-11 11:15 251392 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstfaad.dll
2009-08-12 15:25 . 2009-05-11 11:13 32256 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstmms.dll
2009-08-12 15:25 . 2009-05-11 11:13 51200 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgsta52dec.dll
2009-08-12 15:25 . 2009-05-11 11:13 90112 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstmpeg2dec.dll
2009-08-12 15:25 . 2009-05-11 15:12 5297152 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstffmpeg.dll
2009-08-12 15:25 . 2009-05-11 11:14 155648 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstdtsdec.dll
2009-08-12 15:25 . 2009-05-11 11:11 187392 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstmad.dll
2009-08-12 15:25 . 2009-05-11 11:09 42496 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_ffmpeg-0.1.99-py2.5.egg-tmp\elisa\plugins\ffmpeg\gstreamer\libgstmpegaudioparse.dll
2009-08-12 15:23 . 2009-08-13 17:04 -------- d-----w- c:\program files\Moovida
2009-08-11 23:00 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-11 23:00 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-11 23:00 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-11 23:00 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-11 23:00 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-11 23:00 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-11 23:00 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-11 23:00 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-11 21:09 . 2009-08-18 23:54 -------- d-----w- c:\users\bob\AppData\Local\PowerCinema
2009-08-11 00:06 . 2009-08-12 15:39 76488 ----a-w- c:\users\bob\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-10 09:24 . 2009-08-10 09:47 -------- d-----w- c:\users\bob\AppData\Roaming\Broad Intelligence
2009-08-10 09:23 . 2009-08-18 23:54 -------- d-----w- c:\users\bob\AppData\Roaming\OpenCandy
2009-08-10 09:23 . 2009-08-10 09:23 12588752 ----a-w- c:\users\bob\AppData\Roaming\OpenCandy\pal_install_r83037.exe
2009-08-10 09:22 . 2009-08-10 09:47 -------- d-----w- c:\program files\MediaCoder
2009-08-06 09:54 . 2009-08-06 09:54 -------- d-----w- c:\users\bob\AppData\Local\Mozilla
2009-07-27 16:10 . 2009-07-27 16:10 -------- d-----w- c:\users\bob\AppData\Roaming\Talkback
2009-07-21 15:52 . 2009-07-21 15:52 -------- d-----w- c:\users\bob\AppData\Roaming\GRETECH

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-19 15:32 . 2009-02-26 21:48 -------- d-----w- c:\program files\a-squared Free
2009-08-18 23:54 . 2009-05-31 10:33 -------- d-----w- c:\users\bob\AppData\Roaming\gtk-2.0
2009-08-16 17:25 . 2009-05-20 15:57 -------- d-----w- c:\program files\Glary Utilities
2009-08-16 17:25 . 2008-05-05 20:28 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-08-13 16:00 . 2009-08-12 15:24 -------- d-----w- c:\users\bob\AppData\Roaming\Python-Eggs
2009-08-13 10:18 . 2009-05-02 16:16 -------- d-----w- c:\programdata\PC Suite
2009-08-12 09:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-10 18:31 . 2008-02-19 19:39 -------- d-----w- c:\users\bob\AppData\Roaming\CyberLink
2009-08-09 10:04 . 2008-12-08 16:44 -------- d-----w- c:\users\bob\AppData\Roaming\OpenOffice.org
2009-08-09 00:28 . 2006-11-02 15:45 669328 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-09 00:28 . 2006-11-02 15:45 123350 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-08 11:54 . 2008-06-06 09:41 -------- d-----w- c:\users\bob\AppData\Roaming\Nokia
2009-08-08 11:33 . 2009-08-08 11:33 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2009-08-08 11:30 . 2008-06-06 09:37 -------- d-----w- c:\programdata\Installations
2009-08-06 15:52 . 2009-07-15 08:40 -------- d-----w- c:\program files\PC Health Optimizer Free Edition
2009-08-03 12:36 . 2009-05-29 11:52 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 12:36 . 2009-02-18 00:33 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-03 01:26 . 2009-02-18 00:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-31 14:39 . 2008-05-05 20:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-21 15:52 . 2009-07-14 00:06 -------- d-----w- c:\program files\GRETECH
2009-07-19 14:41 . 2009-07-19 14:41 -------- d-----w- c:\users\bob\AppData\Roaming\Media Player Classic
2009-07-18 16:06 . 2009-07-28 10:54 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-28 10:54 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-28 10:54 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 00:26 . 2009-07-17 00:26 -------- d-----w- c:\program files\Alwil Software
2009-07-14 11:28 . 2009-06-15 14:51 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-07-11 13:53 . 2009-06-15 14:49 -------- d-sh--w- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-06-20 21:53 . 2008-12-10 20:52 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-15 15:24 . 2009-07-13 23:59 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-13 23:59 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-13 23:59 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-13 23:59 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-06-11 15:52 . 2009-08-12 15:24 123904 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_codecs-0.1.101-py2.5.egg-tmp\elisa\plugins\codecs\gstreamer\libgstflumpegdemux.dll
2009-06-11 15:52 . 2009-08-12 15:24 128000 ----a-w- c:\users\bob\AppData\Roaming\Python-Eggs\elisa_plugin_codecs-0.1.101-py2.5.egg-tmp\elisa\plugins\codecs\gstreamer\libgstfluasfdemux.dll
2009-06-02 10:38 . 2009-03-13 15:09 15688 ----a-w- c:\windows\system32\lsdelete.exe
2008-12-17 23:04 . 2009-08-06 16:06 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-17 23:04 . 2009-08-06 16:06 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-17 23:04 . 2009-08-06 16:06 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-17 23:04 . 2009-08-06 16:06 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-17 23:04 . 2009-08-06 16:06 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
"PCMService"="c:\acer\Empowering Technology\eMode\PCM\PCMService.exe"
"Acer Empowering Technology Monitor"=c:\acer\Empowering Technology\SysMonitor.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{EBF00423-765B-4BCB-9694-FD0A5747AB01}"= UDP:c:\acer\Empowering Technology\eMode\PCM\PCMService.exe:CyberLink PowerCinema Resident Program
"{E7521040-F2A1-46DE-82BC-41CE0035A1D0}"= TCP:c:\acer\Empowering Technology\eMode\PCM\PCMService.exe:CyberLink PowerCinema Resident Program
"{889A3DE1-37FF-4843-9067-0A4FE0C9B168}"= UDP:c:\program files\Moovida\moovida.exe:Moovida Media Center
"{ACAA56E4-FE6D-4843-B638-906E3533320E}"= TCP:c:\program files\Moovida\moovida.exe:Moovida Media Center

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [21/04/2009 13:02 64160]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [17/07/2009 01:26 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [17/07/2009 01:26 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [17/07/2009 01:26 51792]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [05/05/2008 21:28 809296]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\System32\drivers\SiSGB6.sys [10/07/2007 21:29 46592]
S3 SiS6350;SiS6350;c:\windows\System32\drivers\SISGRKMD.sys [10/07/2007 21:29 454520]
S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [04/03/2008 16:42 80744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-Lavasoft Ad-Aware Service


.
------- Supplementary Scan -------
.
uStart Page = hxxp://orange.fr/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.cooxer.com/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\l4r4gg60.default\
FF - prefs.js: browser.startup.homepage - hxxp://orange.fr/
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1172)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_fre.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\a-squared Free\a2service.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
.
**************************************************************************
.
Completion time: 2009-08-20 11:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-20 10:44
ComboFix2.txt 2009-08-18 13:28
ComboFix3.txt 2009-08-18 10:18
ComboFix4.txt 2009-08-17 23:06
ComboFix5.txt 2009-08-20 10:32

Pre-Run: 48 172 163 072 octets libres
Post-Run: 47 885 873 152 octets libres

232 --- E O F --- 2009-08-19 19:08
0
jlpjlp Messages postés 51574 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 042
21 août 2009 à 13:53
ok lance tool cleaner et vire tout

https://www.commentcamarche.net/telecharger/securite/22061-toolscleaner/

_________________

verifie avec a suqared si les fichiers sont encore trouvés


et

colle un scan en ligne avec un des deux suivants:

bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
0
g vista et et g vu que ct pour xp.je peut le telecharger quand meme?je prefere vous demander avant
0
jlpjlp Messages postés 51574 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 042
21 août 2009 à 16:54
oui tu peux
0
alors g fait un scan comme vous me l aver dit avec bi defender il on trouver un virus qu il on eliminer,apres g fait un scan avec asquared qui n rien retrouver,et la je fait un scan avec malwarbyt's.doije quant meme lancer tool cleaner?
0
jlpjlp Messages postés 51574 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 042
23 août 2009 à 18:58
ok bonne suite
0