Probleme Findykill
Résolu
Nemesis
-
Nemesis -
Nemesis -
Bonjour a Tous ,
J'ai un probleme avec Findikill , voila , quand j'ouvre Findykill.exe , cela m'ouvre une premiere fenetre blanche avec ecrit en gros FINDYKILL et un peu plus bas ERADICATE BAGLE WORM , puis cela reste comme sa sans que rien ne se passe , j'ai essayé dans un autre ordinateur , et apres la fenetre blanche cela continue avec un autre fenetre etc .. , donc je voudrais comment cela se fait que sur mon ordianateur a moi cela continu pas comme les autres .
Merci d'avance pour vos réponses !!
PS : J'ai windows xp Professionnelle si sa peut servir .
J'ai un probleme avec Findikill , voila , quand j'ouvre Findykill.exe , cela m'ouvre une premiere fenetre blanche avec ecrit en gros FINDYKILL et un peu plus bas ERADICATE BAGLE WORM , puis cela reste comme sa sans que rien ne se passe , j'ai essayé dans un autre ordinateur , et apres la fenetre blanche cela continue avec un autre fenetre etc .. , donc je voudrais comment cela se fait que sur mon ordianateur a moi cela continu pas comme les autres .
Merci d'avance pour vos réponses !!
PS : J'ai windows xp Professionnelle si sa peut servir .
7 réponses
Bonsoir
Avant d'utiliser FindyKill fait ceci stp merci
1- Télécharge et installe le logiciel HijackThis :
https://www.commentcamarche.net/telecharger/securite/11747-hijackthis/
ou ici http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
ou ici https://www.clubic.com/telecharger-fiche17891-hijackthis.html
-->Clique sur le setup pour lancer l'installation : laisse toi guider et ne modifie pas les paramètres d'installation .
A la fin de l’installation, le programme se lance automatiquement : ferme le en cliquant sur la croix rouge.
Au final, tu dois avoir un raccourci sur ton bureau et aussi un cheminement comme :
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe " .
(Ne lance pas ce prg pour l'instant et fais la suite ... )
2- Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.
-> http://images.malwareremoval.com/random/RSIT.exe
! Déconnecte toi et ferme toutes tes applications en cours !
Double-clique sur " RSIT.exe " pour le lancer.
Clic droit sous VISTA (exécuter en tant que…)
-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .
* Devant l'option "List files/folders created ..." , tu choisis : 2 months
* clique ensuite sur " Continue " pour lancer l'analyse ...
-> laisse faire le scan et ne touche pas au PC ...
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-notes).
Poste le contenu de " log.txt " (c'est celui qui apparaît à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...
Important : poste un rapport, puis l'autre dans la réponse suivante ...
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum ...
( Et si "log.txt" seul, ne passe pas non plus , fais le en 2 fois ... merci ... )
( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )
Merci
Avant d'utiliser FindyKill fait ceci stp merci
1- Télécharge et installe le logiciel HijackThis :
https://www.commentcamarche.net/telecharger/securite/11747-hijackthis/
ou ici http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
ou ici https://www.clubic.com/telecharger-fiche17891-hijackthis.html
-->Clique sur le setup pour lancer l'installation : laisse toi guider et ne modifie pas les paramètres d'installation .
A la fin de l’installation, le programme se lance automatiquement : ferme le en cliquant sur la croix rouge.
Au final, tu dois avoir un raccourci sur ton bureau et aussi un cheminement comme :
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe " .
(Ne lance pas ce prg pour l'instant et fais la suite ... )
2- Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.
-> http://images.malwareremoval.com/random/RSIT.exe
! Déconnecte toi et ferme toutes tes applications en cours !
Double-clique sur " RSIT.exe " pour le lancer.
Clic droit sous VISTA (exécuter en tant que…)
-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .
* Devant l'option "List files/folders created ..." , tu choisis : 2 months
* clique ensuite sur " Continue " pour lancer l'analyse ...
-> laisse faire le scan et ne touche pas au PC ...
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-notes).
Poste le contenu de " log.txt " (c'est celui qui apparaît à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...
Important : poste un rapport, puis l'autre dans la réponse suivante ...
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum ...
( Et si "log.txt" seul, ne passe pas non plus , fais le en 2 fois ... merci ... )
( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )
Merci
Salut,
attention , cas dfficile et surtout , DOUBLON > https://forums.commentcamarche.net/forum/affich-14594909-trojan-win32-aa
A+
=)
attention , cas dfficile et surtout , DOUBLON > https://forums.commentcamarche.net/forum/affich-14594909-trojan-win32-aa
A+
=)
Voici le rapport de log.txt :
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-10-03 21:34:46
WIN_XP Service Pack 3
System drive C: has 43 GB (55%) free of 78 GB
Total RAM: 1023 MB (73% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:37:34, on 03/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\notepad.exe
J:\Logiciel\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrateur.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.plusnetwork.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: ;Tag&rename
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [NAV] "C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV\562C4DD5\16.5.0.134\InstStub.exe" /RELAUNCH /RUNONCE /PRODID NAV
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\system32\msconfig.exe /auto
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-21-1715567821-1960408961-1177238915-500\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User '?')
O4 - HKUS\S-1-5-21-1715567821-1960408961-1177238915-500\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User '?')
O4 - HKUS\S-1-5-21-1715567821-1960408961-1177238915-500\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1715567821-1960408961-1177238915-500\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (User '?')
O4 - HKUS\S-1-5-21-1715567821-1960408961-1177238915-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1715567821-1960408961-1177238915-500\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart (User '?')
O4 - HKUS\S-1-5-18\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User '?')
O4 - HKUS\.DEFAULT\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - S-1-5-21-1715567821-1960408961-1177238915-500 Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\Administrateur\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe (User '?')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\Administrateur\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\wtnjleuwvlow.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wtnjleuwvlow.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-10-03 21:34:46
WIN_XP Service Pack 3
System drive C: has 43 GB (55%) free of 78 GB
Total RAM: 1023 MB (73% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:37:34, on 03/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\notepad.exe
J:\Logiciel\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrateur.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.plusnetwork.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: ;Tag&rename
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [NAV] "C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV\562C4DD5\16.5.0.134\InstStub.exe" /RELAUNCH /RUNONCE /PRODID NAV
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\system32\msconfig.exe /auto
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-21-1715567821-1960408961-1177238915-500\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User '?')
O4 - HKUS\S-1-5-21-1715567821-1960408961-1177238915-500\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User '?')
O4 - HKUS\S-1-5-21-1715567821-1960408961-1177238915-500\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1715567821-1960408961-1177238915-500\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (User '?')
O4 - HKUS\S-1-5-21-1715567821-1960408961-1177238915-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1715567821-1960408961-1177238915-500\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart (User '?')
O4 - HKUS\S-1-5-18\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User '?')
O4 - HKUS\.DEFAULT\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - S-1-5-21-1715567821-1960408961-1177238915-500 Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\Administrateur\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe (User '?')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\Administrateur\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\wtnjleuwvlow.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wtnjleuwvlow.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
Et celui de info.txt :
info.txt logfile of random's system information tool 1.06 2009-10-03 21:37:37
======Uninstall list======
-->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Fichiers communs\Adobe\Installers\32e9033392a51340b32fdc6ad893ab7\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{BF794769-8875-4E01-B7BE-E00104604F4A}
Adobe Setup-->MsiExec.exe /I{926DEB4E-2B0A-4C5C-AE4A-BF6C06949702}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Ask.com Search Assistant 1.0.2-->C:\Program Files\Ask Search Assistant\uninst.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Atheros Communications Inc.(R) L2 Fast Ethernet Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0A755762-EED8-47AB-A446-505766F93D43}\Setup.exe" -l0x9 -removeonly
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe
Doom 3-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}
eMule-->"C:\Program Files\eMule\Uninstall.exe"
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
iTunes-->MsiExec.exe /I{EC2A8F27-4FBF-4E41-B27B-FE822511B761}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
Kaspersky Anti-Virus 2009-->MsiExec.exe /I{6580C5A3-2336-4EC5-85F1-3448C5F6208A}
Kaspersky Anti-Virus 2009-->MsiExec.exe /I{6580C5A3-2336-4EC5-85F1-3448C5F6208A}
LimeWire 5.2.13-->"C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.0 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Ma-Config.com-->MsiExec.exe /X{6C4D4FC0-467B-4BD7-8D11-50E49B2770D2}
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
Movavi VideoSuite 7-->MsiExec.exe /I{3BFD4B3C-9105-454A-A673-E023E8BC9D56}
Mozilla Firefox (3.0.14)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.14)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
Nero 8 Lite 8.3.2.1-->"C:\Program Files\Nero\unins000.exe"
Nero 9-->C:\Program Files\Fichiers communs\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M03-019A-X6AM-Z365-28EH-AX3K-LL1X-19HP"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
RocketDock 1.3.5-->"C:\Program Files\RocketDock\unins000.exe"
Security Update pour Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
StuffPlug 3-->C:\Program Files\StuffPlug3\Uninstall.exe
TaskSwitchXP-->C:\Program Files\TaskSwitchXP\uninst.exe
Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
======Hosts File======
127.0.0.1 localhost
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1 phpadsnew.abac.com
127.0.0.1 a.abnad.net
127.0.0.1 b.abnad.net
127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
Securitycenter WMI appears to be broken
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2009-10-03 21:37:37
======Uninstall list======
-->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Fichiers communs\Adobe\Installers\32e9033392a51340b32fdc6ad893ab7\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{BF794769-8875-4E01-B7BE-E00104604F4A}
Adobe Setup-->MsiExec.exe /I{926DEB4E-2B0A-4C5C-AE4A-BF6C06949702}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Ask.com Search Assistant 1.0.2-->C:\Program Files\Ask Search Assistant\uninst.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Atheros Communications Inc.(R) L2 Fast Ethernet Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0A755762-EED8-47AB-A446-505766F93D43}\Setup.exe" -l0x9 -removeonly
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe
Doom 3-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}
eMule-->"C:\Program Files\eMule\Uninstall.exe"
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
iTunes-->MsiExec.exe /I{EC2A8F27-4FBF-4E41-B27B-FE822511B761}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
Kaspersky Anti-Virus 2009-->MsiExec.exe /I{6580C5A3-2336-4EC5-85F1-3448C5F6208A}
Kaspersky Anti-Virus 2009-->MsiExec.exe /I{6580C5A3-2336-4EC5-85F1-3448C5F6208A}
LimeWire 5.2.13-->"C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.0 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Ma-Config.com-->MsiExec.exe /X{6C4D4FC0-467B-4BD7-8D11-50E49B2770D2}
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
Movavi VideoSuite 7-->MsiExec.exe /I{3BFD4B3C-9105-454A-A673-E023E8BC9D56}
Mozilla Firefox (3.0.14)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.14)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
Nero 8 Lite 8.3.2.1-->"C:\Program Files\Nero\unins000.exe"
Nero 9-->C:\Program Files\Fichiers communs\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M03-019A-X6AM-Z365-28EH-AX3K-LL1X-19HP"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
RocketDock 1.3.5-->"C:\Program Files\RocketDock\unins000.exe"
Security Update pour Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
StuffPlug 3-->C:\Program Files\StuffPlug3\Uninstall.exe
TaskSwitchXP-->C:\Program Files\TaskSwitchXP\uninst.exe
Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
======Hosts File======
127.0.0.1 localhost
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1 phpadsnew.abac.com
127.0.0.1 a.abnad.net
127.0.0.1 b.abnad.net
127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
Securitycenter WMI appears to be broken
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------
Bonsoir
Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
->Renomme le pour l’enregistrer sur ton bureau en asdehi(tout simplement pour que l’infection ne le contre pas)
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'Internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
-Attention Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programme. Risque de figer l'ordinateur
- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
!\ Ne touche à rien tant que le scan n'est pas terminé. /!\ : risque de figer l'ordinateur (plantage complet)
::Si combofix détecte quelque chose et de demande a redémarrer tu acceptes
@+
Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
->Renomme le pour l’enregistrer sur ton bureau en asdehi(tout simplement pour que l’infection ne le contre pas)
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'Internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
-Attention Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programme. Risque de figer l'ordinateur
- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
!\ Ne touche à rien tant que le scan n'est pas terminé. /!\ : risque de figer l'ordinateur (plantage complet)
::Si combofix détecte quelque chose et de demande a redémarrer tu acceptes
@+
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Rapport de log.txt :
ComboFix 09-10-01.05 - Administrateur 03/10/2009 23:57.2.2 - NTFSx86
Lancé depuis: j:\logiciel\asdehi.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Exécution préalable -------
.
c:\documents and settings\Administrateur\Application Data\Desktopicon
c:\documents and settings\Administrateur\Application Data\Desktopicon\eBayShortcuts.exe
c:\documents and settings\Administrateur\rthdcpl .exe
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\ctfmon .exe
c:\windows\system32\kr_done1
c:\windows\system32\msconfig.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-09-03 au 2009-10-03 ))))))))))))))))))))))))))))))))))))
.
2009-10-03 17:24 . 2009-10-03 17:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-03 15:00 . 2009-10-03 18:07 -------- d-----w- C:\FindyKill
2009-10-03 14:09 . 2009-10-03 19:37 -------- d-----w- C:\rsit
2009-10-03 13:49 . 2008-07-08 12:54 148496 ----a-w- c:\windows\system32\drivers\29910015.sys
2009-10-02 19:16 . 2009-10-02 19:16 -------- d-----w- c:\program files\NortonInstaller
2009-10-02 18:51 . 2009-10-03 11:48 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared
2009-09-30 17:48 . 2009-09-30 17:48 -------- d-----w- c:\program files\Trend Micro
2009-09-29 15:53 . 2009-09-29 15:53 -------- d--h--w- c:\windows\PIF
2009-09-28 21:24 . 2009-09-28 21:24 7168 ----a-w- c:\windows\system32\drivers\utm0njk3.sys
2009-09-28 17:15 . 2009-09-28 17:25 139 ----a-w- c:\windows\marke internet.reg
2009-09-28 09:49 . 2009-09-28 09:49 -------- d-----w- c:\program files\Alwil Software
2009-09-27 22:54 . 2009-09-27 23:07 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-09-27 22:54 . 2009-09-27 23:07 107547 ----a-w- c:\windows\system32\drivers\klin.dat
2009-09-27 22:53 . 2009-10-03 21:46 32 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-09-27 22:53 . 2009-10-03 21:46 32 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-27 22:53 . 2009-10-03 21:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-09-27 22:53 . 2009-09-27 22:53 -------- d-----w- c:\program files\Kaspersky Lab
2009-09-27 22:49 . 2009-09-27 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-09-27 21:42 . 2009-10-03 16:11 27136 ----a-w- c:\documents and settings\Administrateur\rthdcpl.exe
2009-09-27 21:10 . 2009-09-27 21:10 245 ----a-w- c:\windows\tmp12879515.bat
2009-09-27 21:10 . 2009-09-27 21:10 286720 --sha-r- c:\windows\system32\wtnjleuwvlow.dll
2009-09-27 21:09 . 2009-09-27 21:09 27136 ---h--w- c:\documents and settings\Administrateur\sav.exe
2009-09-27 21:09 . 2009-09-27 21:09 27136 ----a-w- c:\windows\system32\xoygnsh.exe
2009-09-27 21:09 . 2009-09-27 21:10 27136 ----a-w- c:\windows\system32\wtnjletwvl8w.exe
2009-09-27 18:45 . 2009-09-27 18:45 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings
2009-09-27 18:45 . 2009-09-27 18:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-09-27 18:44 . 2009-09-27 18:45 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-09-26 15:13 . 2009-09-26 15:37 -------- d-----w- C:\Fichiers Movavi
2009-09-26 14:57 . 2009-09-26 15:12 -------- d-----w- c:\program files\Movavi VideoSuite 7
2009-09-20 18:46 . 2009-09-26 14:55 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Downloaded Installations
2009-09-20 10:29 . 2009-09-20 10:29 -------- d-----w- c:\windows\system32\Lang
2009-09-19 12:17 . 2001-08-23 13:04 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-09-19 12:17 . 2008-04-13 07:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-09-18 20:16 . 2009-09-19 20:43 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Apple Computer
2009-09-18 20:15 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-18 20:15 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-09-18 20:14 . 2009-09-18 20:14 -------- d-----w- c:\program files\iPod
2009-09-18 20:14 . 2009-09-18 20:15 -------- d-----w- c:\program files\iTunes
2009-09-18 20:14 . 2009-09-18 20:15 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-18 20:11 . 2009-09-18 20:12 -------- d-----w- c:\program files\QuickTime
2009-09-18 20:11 . 2009-09-18 20:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-09-18 20:10 . 2009-09-18 20:10 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Apple
2009-09-18 20:10 . 2009-09-18 20:10 -------- d-----w- c:\program files\Apple Software Update
2009-09-18 20:09 . 2009-09-18 20:09 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-09-18 20:09 . 2009-09-18 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-09-18 20:08 . 2009-09-19 20:43 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Apple Computer
2009-09-17 20:37 . 2009-09-17 20:37 -------- d-----w- c:\windows\Sun
2009-09-15 06:12 . 2009-09-15 06:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-09-14 15:58 . 2009-10-03 13:11 -------- d-----w- c:\documents and settings\Administrateur\Application Data\LimeWire
2009-09-14 15:55 . 2009-09-14 15:55 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-09-14 15:55 . 2009-09-14 15:55 -------- d-----w- c:\program files\Java
2009-09-14 15:55 . 2009-09-14 15:56 -------- d-----w- c:\program files\LimeWire
2009-09-14 15:13 . 2009-09-14 15:13 -------- d-----w- c:\program files\Ask Search Assistant
2009-09-14 15:13 . 2009-09-14 15:13 -------- d-----w- c:\program files\Messenger Plus! Live
2009-09-14 15:09 . 2009-10-03 13:34 -------- d-----w- c:\documents and settings\Administrateur\Tracing
2009-09-14 15:06 . 2009-09-14 15:06 -------- d-----w- c:\program files\Microsoft
2009-09-14 15:06 . 2009-09-14 15:06 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-14 15:01 . 2009-09-14 15:01 -------- d-----w- c:\program files\Fichiers communs\Windows Live
2009-09-05 23:35 . 2009-09-05 23:47 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Adobe
2009-09-05 01:04 . 2009-09-05 01:04 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Symantec
2009-09-05 01:04 . 2009-09-05 01:04 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Nero
2009-09-05 01:04 . 2009-09-05 01:04 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Winamp
2009-09-05 01:04 . 2009-09-05 01:04 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Xentient
2009-09-05 00:52 . 2009-10-03 13:11 -------- d-----r- c:\documents and settings\Administrateur\Mes documents
2009-09-05 00:52 . 2009-09-05 00:52 -------- d-----w- c:\documents and settings\Administrateur\nro.log
2009-09-05 00:52 . 2009-09-05 00:52 -------- d-----r- c:\documents and settings\Administrateur\Favoris
2009-09-05 00:52 . 2009-09-05 00:52 -------- d-----w- c:\documents and settings\Administrateur\Contacts
2009-09-05 00:51 . 2009-10-03 21:37 -------- d-----w- c:\documents and settings\Administrateur\Bureau
2009-09-05 00:17 . 2009-09-05 00:17 -------- d-----w- c:\documents and settings\Administrateur\Application Data\vlc
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-03 21:47 . 2009-10-03 21:47 -------- d-----w- c:\program files\microsoft frontpage
2009-10-03 21:46 . 2009-09-27 22:53 32 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-10-03 21:46 . 2009-09-27 22:53 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-10-03 18:03 . 2009-08-11 20:39 -------- d-----w- c:\program files\Unlocker
2009-10-03 16:11 . 2009-08-11 20:32 -------- d-----w- c:\program files\eMule
2009-10-03 16:11 . 2008-05-02 22:57 27136 ----a-w- c:\windows\system32\ctfmon.exe
2009-10-03 16:11 . 2009-08-10 22:00 -------- d-----w- c:\program files\TaskSwitchXP
2009-10-02 13:40 . 2009-08-12 21:18 -------- d-----w- c:\program files\Bonjour
2009-09-28 16:59 . 2008-05-02 22:57 2013184 ----a-w- c:\windows\explorer.exe
2009-09-27 23:07 . 2008-01-29 15:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-09-27 22:50 . 2009-08-11 08:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-09-18 18:01 . 2008-05-02 22:57 74448 ----a-w- c:\windows\system32\perfc00C.dat
2009-09-18 18:01 . 2008-05-02 22:57 467962 ----a-w- c:\windows\system32\perfh00C.dat
2009-09-14 15:08 . 2009-08-10 22:00 -------- d-----w- c:\program files\Windows Live
2009-09-14 14:57 . 2009-08-14 19:56 -------- d-----w- c:\program files\StuffPlug3
2009-09-02 05:54 . 2009-08-11 08:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-02 05:53 . 2009-09-02 05:44 -------- d-----w- c:\program files\Doom 3
2009-09-02 05:42 . 2009-08-11 08:20 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2009-09-02 05:41 . 2009-08-30 18:39 -------- d-----w- c:\documents and settings\Administrateur\Application Data\DAEMON Tools Lite
2009-09-01 22:48 . 2009-08-10 22:01 -------- d-----w- c:\program files\Nero
2009-09-01 22:33 . 2009-08-10 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-09-01 17:21 . 2009-09-01 17:21 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Media Player Classic
2009-09-01 00:48 . 2009-09-01 00:48 -------- d-----w- c:\documents and settings\Administrateur\Application Data\dvdcss
2009-08-30 21:27 . 2009-08-30 18:42 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-08-12 21:07 . 2009-08-11 20:43 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-08-12 21:03 . 2009-08-12 21:03 -------- d-----w- c:\program files\Fichiers communs\Macrovision Shared
2009-08-11 22:01 . 2009-08-11 22:01 -------- d-----w- c:\program files\Alcohol Soft
2009-08-11 20:49 . 2009-08-11 20:49 -------- d-----w- c:\program files\RocketDock
2009-08-11 20:41 . 2009-08-11 20:41 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-08-11 20:41 . 2009-08-11 20:40 -------- d-----w- c:\program files\Winamp
2009-08-11 20:39 . 2009-08-11 20:39 -------- d-----w- c:\program files\VideoLAN
2009-08-11 20:37 . 2009-08-11 20:37 -------- d-----w- c:\program files\Satsuki Decoder Pack
2009-08-11 20:35 . 2009-08-11 20:35 -------- d-----w- c:\program files\MSECache
2009-08-11 20:27 . 2009-08-11 20:27 -------- d-----w- c:\program files\Intel
2009-08-11 09:19 . 2009-08-10 22:27 1100 ----a-w- c:\windows\system32\d3d8caps.dat
2009-08-11 09:03 . 2009-08-11 09:03 -------- d-----w- c:\program files\ma-config.com
2009-08-11 09:03 . 2009-08-11 09:03 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com
2009-08-11 08:56 . 2009-08-11 08:56 0 ----a-w- c:\windows\nsreg.dat
2009-08-11 08:25 . 2009-08-11 08:09 -------- d-----w- c:\program files\Symantec
2009-08-11 08:10 . 2009-08-11 08:10 4608 ----a-w- c:\windows\system32\drivers\symlcbrd.sys
2009-08-10 22:01 . 2009-08-10 22:01 -------- d-----w- c:\program files\Fichiers communs\Nero
2009-08-10 22:01 . 2009-08-10 22:01 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-08-10 22:00 . 2009-08-10 22:00 -------- d-----w- c:\program files\Cpu-z
2009-08-10 21:52 . 2009-08-10 21:52 21892 ----a-w- c:\windows\system32\emptyregdb.dat
2009-08-10 21:51 . 2009-08-10 21:51 -------- d-----w- c:\program files\Windows Media Connect 2
2009-08-05 14:10 . 2009-08-30 21:25 831488 ----a-w- c:\windows\RtlExUpd.dll
2009-08-04 12:31 . 2009-08-30 21:25 2170880 ----a-w- c:\windows\MicCal.exe
2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-21 14:40 . 2009-08-30 21:25 41472 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2009-07-19 16:59 . 2009-07-19 16:59 3597824 ----a-w- c:\windows\system32\SET44.tmp
2009-07-19 13:29 . 2009-08-11 08:29 6067200 ----a-w- c:\windows\system32\SET4C.tmp
2009-07-08 14:34 . 2009-08-11 20:27 53248 ----a-w- c:\windows\system32\CSVer.dll
.
------- Sigcheck -------
[-] 2008-05-02 . 06B54A7B1EF7CB16BFD0E208D343FA71 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2008-05-02 . F92E6BEA9349D49341383F8403B4DFE5 . 1054208 . . [6.0] . . c:\windows\i386\ASMS\60\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL
[-] 2008-05-02 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\i386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL
[-] 2008-05-02 . B4AA331468315B6A174C3F0D5B3BC135 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2008-05-02 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2008-05-02 . F92E6BEA9349D49341383F8403B4DFE5 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2008-05-02 . 7A6D0B71035E123FDDA2156A25578AD3 . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2008-05-02 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2008-05-02 . 16813155807C6881F4BFBF6657424659 . 25216 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2008-05-02 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2008-05-02 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\i386\NTFS.SYS
[-] 2008-05-02 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2008-05-02 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
[-] 2008-05-02 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-07-07 20:31 . A5B1B7C76134329AA7547F6E6DA35410 . 253952 . . [2001.12.4414.320] . . c:\windows\SoftwareDistribution\Download\5e54181a2d7e767daf6e7f313d7dd20b\SP2GDR\es.dll
[-] 2008-07-07 20:28 . EC16AE9B37EACF871629227A3F3913FD . 253952 . . [2001.12.4414.706] . . c:\windows\SoftwareDistribution\Download\5e54181a2d7e767daf6e7f313d7dd20b\SP3GDR\es.dll
[-] 2008-07-07 20:24 . 157F9C595FD0D10502497DC4C1348D17 . 253952 . . [2001.12.4414.706] . . c:\windows\SoftwareDistribution\Download\5e54181a2d7e767daf6e7f313d7dd20b\SP3QFE\es.dll
[-] 2008-07-07 20:18 . 74ECF4DDC685BD3249CAB323405FCC49 . 253952 . . [2001.12.4414.320] . . c:\windows\SoftwareDistribution\Download\5e54181a2d7e767daf6e7f313d7dd20b\SP2QFE\es.dll
[-] 2008-05-02 22:57 . 9FD4A0615BF3E9388A46EDF8774C7294 . 246272 . . [2001.12.4414.701] . . c:\windows\system32\es.dll
[-] 2008-05-02 . 0469B73DB32E5520F342C5E163AA3CCA . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2009-03-21 . C3AF0EEE26B59484E674673E3016AAB7 . 1056768 . . [5.1.2600.5781] . . c:\windows\SoftwareDistribution\Download\149dffda614674463c33ccf79c4404f3\SP3QFE\kernel32.dll
[-] 2009-03-21 . 534040750B9E70B156A98F5D0E8F6D2A . 1051136 . . [5.1.2600.3541] . . c:\windows\SoftwareDistribution\Download\149dffda614674463c33ccf79c4404f3\SP2GDR\kernel32.dll
[-] 2009-03-21 . 98F08549604D090B6B2514AF845F329F . 1054720 . . [5.1.2600.5781] . . c:\windows\SoftwareDistribution\Download\149dffda614674463c33ccf79c4404f3\SP3GDR\kernel32.dll
[-] 2009-03-21 . 2087E2764822A8D93A4CA7FA0FED35E8 . 1054208 . . [5.1.2600.3541] . . c:\windows\SoftwareDistribution\Download\149dffda614674463c33ccf79c4404f3\SP2QFE\kernel32.dll
[-] 2008-05-02 . 3AC8886DFA5AB641417DF4D3B7F5512E . 1054720 . . [5.1.2600.5512] . . c:\windows\system32\kernel32.dll
[-] 2008-05-02 . 5C64008E661307C4A3C3C25D9086CDE7 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2008-05-02 . 982B2C204337C3B12211E1E1D9BA8C9C . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2008-05-02 . 15A8EC8EB2CB0AF246F3238E0321C2B9 . 14848 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2009-07-19 . 0E396FC8AED9D3D550DB38152F6A4FC7 . 3597824 . . [7.00.6000.16890] . . c:\windows\SoftwareDistribution\Download\0be3474a722486e9050d650f16addaad\SP3GDR\mshtml.dll
[-] 2009-07-19 . 0E396FC8AED9D3D550DB38152F6A4FC7 . 3597824 . . [7.00.6000.16890] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2009-07-19 . 73FFE289F14EDFBB22429E88ACF17016 . 3600384 . . [7.00.6000.21089] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\mshtml.dll
[-] 2009-07-19 . 73FFE289F14EDFBB22429E88ACF17016 . 3600384 . . [7.00.6000.21089] . . c:\windows\SoftwareDistribution\Download\0be3474a722486e9050d650f16addaad\SP3QFE\mshtml.dll
[-] 2008-05-02 . EBF0440323874DDF97EF0CEC2D6DC9F4 . 3593728 . . [7.00.6000.20815] . . c:\windows\ie7updates\KB972260-IE7\mshtml.dll
[-] 2008-05-02 . EBF0440323874DDF97EF0CEC2D6DC9F4 . 3593728 . . [7.00.6000.20815] . . c:\windows\system32\mshtml.dll
[-] 2008-05-02 . 196CCC3FDD21665DCAA9F83FFC03B41A . 247808 . . [5.1.2600.5512] . . c:\windows\system32\mswsock.dll
[-] 2008-05-02 . 04821179C3171554C1BD1F9888A113E2 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2008-05-02 . BE0CB143FA427D93440DED18DB8C918B . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2009-02-10 . BEF458B8424553279E95E250D1E0CE7E . 2191232 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\284fbcf1e8e0b40c0953d6b85a551eae\SP3QFE\ntoskrnl.exe
[-] 2009-02-09 . 4183ED119200F8520F5E834498AFB927 . 2182528 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\284fbcf1e8e0b40c0953d6b85a551eae\SP2GDR\ntoskrnl.exe
[-] 2009-02-09 . B55AA66BC9269BC5257B915FFDAA790B . 2188160 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\284fbcf1e8e0b40c0953d6b85a551eae\SP2QFE\ntoskrnl.exe
[-] 2009-02-09 . AB896577F35CF5FED7A9F87D3C3205ED . 2191104 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\284fbcf1e8e0b40c0953d6b85a551eae\SP3GDR\ntoskrnl.exe
[-] 2008-05-02 . 2E36C8BE37E4E86277E559462322375C . 2486272 . . [5.1.2600.5512] . . c:\windows\system32\ntoskrnl.exe
[-] 2008-05-02 . 9F2C862E39BF8E8FC51C3F6A6BCEB415 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2008-05-02 . BAA0B6E647C1AD593E9BAE5CC31BCFFB . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2009-02-09 . F83B964469D230F445613C44DF9FE25D . 401408 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\284fbcf1e8e0b40c0953d6b85a551eae\SP3QFE\rpcss.dll
[-] 2009-02-09 . 0203B1AAD358F206CB0A3C1F93CCE17A . 401408 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\284fbcf1e8e0b40c0953d6b85a551eae\SP3GDR\rpcss.dll
[-] 2009-02-09 . 5620353B93DD08016674E4FEE280190B . 399360 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\284fbcf1e8e0b40c0953d6b85a551eae\SP2GDR\rpcss.dll
[-] 2009-02-09 . BA1EF616F55210820F6462D033088497 . 401408 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\284fbcf1e8e0b40c0953d6b85a551eae\SP2QFE\rpcss.dll
[-] 2008-05-02 . 3D65EB82E1FA6DB15A33E024C9E03CAB . 399360 . . [5.1.2600.5512] . . c:\windows\system32\rpcss.dll
[-] 2008-05-02 . 973B36634C544948C663E8269AA1B3A3 . 187392 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2009-02-09 . C3FB1D70CB88722267949694BA51759E . 111104 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\284fbcf1e8e0b40c0953d6b85a551eae\SP3GDR\services.exe
[-] 2009-02-09 . 62789101F9C2401ED598AA2CDE7450C0 . 111104 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\284fbcf1e8e0b40c0953d6b85a551eae\SP3QFE\services.exe
[-] 2009-02-09 . 9D6BF82FE50D55F20F8E10E0F6653886 . 111104 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\284fbcf1e8e0b40c0953d6b85a551eae\SP2GDR\services.exe
[-] 2009-02-09 . 51A24094F076961A7FF73E5F7E991D68 . 111104 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\284fbcf1e8e0b40c0953d6b85a551eae\SP2QFE\services.exe
[-] 2008-05-02 . D40FA5D52A7211F09CB312A7E50191CA . 111104 . . [5.1.2600.5512] . . c:\windows\system32\services.exe
[-] 2008-05-02 . 9A4E7ECBB5B7FB86F3B926AB039F4FEC . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2008-05-02 . 8E5231171AD6595FF002E848CC54FCD7 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2008-05-02 . E853F84D3CE2FAA2A802E33CF89AC023 . 579584 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2008-05-02 . E74DDB12188C2FF57A78624DBF7332FC . 26624 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2009-06-29 . 71333B8101B10CDEC4D58D949C97D3BA . 828928 . . [7.00.6000.21073] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\wininet.dll
[-] 2009-06-29 . 71333B8101B10CDEC4D58D949C97D3BA . 828928 . . [7.00.6000.21073] . . c:\windows\SoftwareDistribution\Download\0be3474a722486e9050d650f16addaad\SP3QFE\wininet.dll
[-] 2009-06-29 . 9620CC3780D7279A48D3556860813587 . 827392 . . [7.00.6000.16876] . . c:\windows\SoftwareDistribution\Download\0be3474a722486e9050d650f16addaad\SP3GDR\wininet.dll
[-] 2009-06-29 . 9620CC3780D7279A48D3556860813587 . 827392 . . [7.00.6000.16876] . . c:\windows\system32\dllcache\wininet.dll
[-] 2008-05-02 . 78D3D2B0BE6AD3E6D82CCB115CF74310 . 827392 . . [7.00.6000.20815] . . c:\windows\ie7updates\KB972260-IE7\wininet.dll
[-] 2008-05-02 . 78D3D2B0BE6AD3E6D82CCB115CF74310 . 827392 . . [7.00.6000.20815] . . c:\windows\system32\wininet.dll
[-] 2008-05-02 . 10CC430B4C85686F1E9D12F85B56C8C1 . 516096 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-05-02 . FB836F9E62D82904C983AD21296A5D9C . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2009-09-28 . D9FB8495A219D6033E285593F623C49A . 2013184 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-05-02 . D33CD21D476C3A07DD88F83850A17432 . 343040 . . [7.0.2600.5512] . . c:\windows\i386\ASMS\70\MSFT\WINDOWS\MSWINCRT\MSVCRT.DLL
[-] 2008-05-02 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\i386\ASMS\7000\MSFT\WINDOWS\MSWINCRT\MSVCRT.DLL
[-] 2008-05-02 . 3891413139EAABFEFE9B0CA49B5CD395 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2008-05-02 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2008-05-02 . D33CD21D476C3A07DD88F83850A17432 . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2008-05-02 . 6ED29124A1C83BD0CF6B26BD01CA6F6F . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2008-05-02 . 02DA31AB433A6C1110A736C85701DECA . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2008-05-02 . F92A87FDDA0C11C8604FBC2B864FA726 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2008-05-02 . 4EC800BDF80521B0207BD2301DFC7D14 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2008-05-02 . A9658459BB4F4EE00FA117C9382C0D3A . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2009-10-03 16:11 . 3EC4BBD7449A0805E0A0F7857BC6FFC3 . 27136 . . [------] . . c:\windows\system32\ctfmon.exe
[-] 2008-05-02 . 55F5C5C1BE1A78E285033E432BA01597 . 194560 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2008-05-02 . B9F20D71E5B6CE89A7A94B38351FDBDC . 135680 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
[-] 2008-05-02 . EA9E0DB8684CEF2FD3BADD671DF5A112 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2008-05-02 . 710BC85A8C22626EE094439E3EA0D38C . 297984 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2008-05-02 . F36C9F78FC902C8DCE4D3B576BB0435A . 176640 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2008-05-02 . E4ABC1212B70BB03D35E60681C447210 . 12032 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
[-] 2008-04-13 05:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2008-05-02 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2008-05-02 22:57 . CE21FE79AD3B913A79E0C742BED6BF85 . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2008-05-02 22:57 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2009-02-10 . F751E041E682F53EAF34F7FAEA78994D . 2068096 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\284fbcf1e8e0b40c0953d6b85a551eae\SP3GDR\ntkrnlpa.exe
[-] 2009-02-09 . 663D7167ED065786EC9DCFF2569A39F7 . 2059776 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\284fbcf1e8e0b40c0953d6b85a551eae\SP2GDR\ntkrnlpa.exe
[-] 2009-02-09 . 0150FE5C1E07F8AE422FEC6C8E8A0C98 . 2065024 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\284fbcf1e8e0b40c0953d6b85a551eae\SP2QFE\ntkrnlpa.exe
[-] 2009-02-09 . ED5E20AE4AC5A63A4FF43FFE704A5153 . 2068224 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\284fbcf1e8e0b40c0953d6b85a551eae\SP3QFE\ntkrnlpa.exe
[-] 2008-05-02 . 3391F4DDEA530297E720357F40AD06EB . 2364928 . . [5.1.2600.5512] . . c:\windows\system32\ntkrnlpa.exe
[-] 2008-05-02 . BD8166A495B02308F364B36249475F22 . 186368 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
c:\windows\system32\drivers\beep.sys ... manque !!
c:\windows\system32\spoolsv.exe ... manque !!
c:\windows\system32\svchost.exe ... manque !!
c:\windows\system32\regsvc.dll ... manque !!
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TaskSwitchXP"="c:\program files\TaskSwitchXP\TaskSwitchXP.exe" [2009-10-03 27136]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"eMuleAutoStart"="c:\program files\eMule\emule.exe" [2009-02-22 5668864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-14 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-08 305440]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-09-27 208616]
"NAV"="c:\program files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV\562C4DD5\16.5.0.134\InstStub.exe" [2009-10-03 983184]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-08-14 18702336]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TaskSwitchXP"="c:\program files\TaskSwitchXP\TaskSwitchXP.exe" [2009-10-03 27136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-05-02 124928]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVP"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
R1 tdisp.sys;tdisp.sys;c:\windows\system32\tdisp.sys [x]
R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-05-29 234864]
R3 utm0njk3;AVZ Kernel Driver;c:\windows\system32\Drivers\utm0njk3.sys [2009-09-28 7168]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-09-27 33808]
S0 Si3124;Si3124; [x]
S0 Si3531;Si3531; [x]
S1 is-KS1ESdrv;is-KS1ESdrv;c:\windows\system32\DRIVERS\29910015.sys [2008-07-08 148496]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - HELPSVC
.
Contenu du dossier 'Tâches planifiées'
2009-09-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.plusnetwork.com
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wtnjleuwvlow.dll
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\al1c9c9z.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.
- - - - ORPHELINS SUPPRIMES - - - -
Toolbar-ITBar7Layout - (no file)
Toolbar-ITBar7Position - (no file)
HKLM-Run-ccApp - c:\program files\Fichiers communs\Symantec Shared\ccApp.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
HKLM-Run-MSConfig - c:\windows\system32\msconfig.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-04 00:01
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(224)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\COMRes.dll
- - - - - - - > 'lsass.exe'(368)
c:\windows\system32\setupapi.dll
c:\windows\system32\scecli.dll
.
Heure de fin: 2009-10-03 0:05
ComboFix-quarantined-files.txt 2009-10-03 22:05
Avant-CF: 51 423 064 064 octets libres
Après-CF: 51 412 631 552 octets libres
341
ComboFix 09-10-01.05 - Administrateur 03/10/2009 23:57.2.2 - NTFSx86
Lancé depuis: j:\logiciel\asdehi.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Exécution préalable -------
.
c:\documents and settings\Administrateur\Application Data\Desktopicon
c:\documents and settings\Administrateur\Application Data\Desktopicon\eBayShortcuts.exe
c:\documents and settings\Administrateur\rthdcpl .exe
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\ctfmon .exe
c:\windows\system32\kr_done1
c:\windows\system32\msconfig.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-09-03 au 2009-10-03 ))))))))))))))))))))))))))))))))))))
.
2009-10-03 17:24 . 2009-10-03 17:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-03 15:00 . 2009-10-03 18:07 -------- d-----w- C:\FindyKill
2009-10-03 14:09 . 2009-10-03 19:37 -------- d-----w- C:\rsit
2009-10-03 13:49 . 2008-07-08 12:54 148496 ----a-w- c:\windows\system32\drivers\29910015.sys
2009-10-02 19:16 . 2009-10-02 19:16 -------- d-----w- c:\program files\NortonInstaller
2009-10-02 18:51 . 2009-10-03 11:48 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared
2009-09-30 17:48 . 2009-09-30 17:48 -------- d-----w- c:\program files\Trend Micro
2009-09-29 15:53 . 2009-09-29 15:53 -------- d--h--w- c:\windows\PIF
2009-09-28 21:24 . 2009-09-28 21:24 7168 ----a-w- c:\windows\system32\drivers\utm0njk3.sys
2009-09-28 17:15 . 2009-09-28 17:25 139 ----a-w- c:\windows\marke internet.reg
2009-09-28 09:49 . 2009-09-28 09:49 -------- d-----w- c:\program files\Alwil Software
2009-09-27 22:54 . 2009-09-27 23:07 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-09-27 22:54 . 2009-09-27 23:07 107547 ----a-w- c:\windows\system32\drivers\klin.dat
2009-09-27 22:53 . 2009-10-03 21:46 32 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-09-27 22:53 . 2009-10-03 21:46 32 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-27 22:53 . 2009-10-03 21:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-09-27 22:53 . 2009-09-27 22:53 -------- d-----w- c:\program files\Kaspersky Lab
2009-09-27 22:49 . 2009-09-27 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-09-27 21:42 . 2009-10-03 16:11 27136 ----a-w- c:\documents and settings\Administrateur\rthdcpl.exe
2009-09-27 21:10 . 2009-09-27 21:10 245 ----a-w- c:\windows\tmp12879515.bat
2009-09-27 21:10 . 2009-09-27 21:10 286720 --sha-r- c:\windows\system32\wtnjleuwvlow.dll
2009-09-27 21:09 . 2009-09-27 21:09 27136 ---h--w- c:\documents and settings\Administrateur\sav.exe
2009-09-27 21:09 . 2009-09-27 21:09 27136 ----a-w- c:\windows\system32\xoygnsh.exe
2009-09-27 21:09 . 2009-09-27 21:10 27136 ----a-w- c:\windows\system32\wtnjletwvl8w.exe
2009-09-27 18:45 . 2009-09-27 18:45 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings
2009-09-27 18:45 . 2009-09-27 18:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-09-27 18:44 . 2009-09-27 18:45 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-09-26 15:13 . 2009-09-26 15:37 -------- d-----w- C:\Fichiers Movavi
2009-09-26 14:57 . 2009-09-26 15:12 -------- d-----w- c:\program files\Movavi VideoSuite 7
2009-09-20 18:46 . 2009-09-26 14:55 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Downloaded Installations
2009-09-20 10:29 . 2009-09-20 10:29 -------- d-----w- c:\windows\system32\Lang
2009-09-19 12:17 . 2001-08-23 13:04 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-09-19 12:17 . 2008-04-13 07:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-09-18 20:16 . 2009-09-19 20:43 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Apple Computer
2009-09-18 20:15 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-18 20:15 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-09-18 20:14 . 2009-09-18 20:14 -------- d-----w- c:\program files\iPod
2009-09-18 20:14 . 2009-09-18 20:15 -------- d-----w- c:\program files\iTunes
2009-09-18 20:14 . 2009-09-18 20:15 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-18 20:11 . 2009-09-18 20:12 -------- d-----w- c:\program files\QuickTime
2009-09-18 20:11 . 2009-09-18 20:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-09-18 20:10 . 2009-09-18 20:10 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Apple
2009-09-18 20:10 . 2009-09-18 20:10 -------- d-----w- c:\program files\Apple Software Update
2009-09-18 20:09 . 2009-09-18 20:09 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-09-18 20:09 . 2009-09-18 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-09-18 20:08 . 2009-09-19 20:43 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Apple Computer
2009-09-17 20:37 . 2009-09-17 20:37 -------- d-----w- c:\windows\Sun
2009-09-15 06:12 . 2009-09-15 06:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-09-14 15:58 . 2009-10-03 13:11 -------- d-----w- c:\documents and settings\Administrateur\Application Data\LimeWire
2009-09-14 15:55 . 2009-09-14 15:55 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-09-14 15:55 . 2009-09-14 15:55 -------- d-----w- c:\program files\Java
2009-09-14 15:55 . 2009-09-14 15:56 -------- d-----w- c:\program files\LimeWire
2009-09-14 15:13 . 2009-09-14 15:13 -------- d-----w- c:\program files\Ask Search Assistant
2009-09-14 15:13 . 2009-09-14 15:13 -------- d-----w- c:\program files\Messenger Plus! Live
2009-09-14 15:09 . 2009-10-03 13:34 -------- d-----w- c:\documents and settings\Administrateur\Tracing
2009-09-14 15:06 . 2009-09-14 15:06 -------- d-----w- c:\program files\Microsoft
2009-09-14 15:06 . 2009-09-14 15:06 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-14 15:01 . 2009-09-14 15:01 -------- d-----w- c:\program files\Fichiers communs\Windows Live
2009-09-05 23:35 . 2009-09-05 23:47 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Adobe
2009-09-05 01:04 . 2009-09-05 01:04 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Symantec
2009-09-05 01:04 . 2009-09-05 01:04 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Nero
2009-09-05 01:04 . 2009-09-05 01:04 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Winamp
2009-09-05 01:04 . 2009-09-05 01:04 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Xentient
2009-09-05 00:52 . 2009-10-03 13:11 -------- d-----r- c:\documents and settings\Administrateur\Mes documents
2009-09-05 00:52 . 2009-09-05 00:52 -------- d-----w- c:\documents and settings\Administrateur\nro.log
2009-09-05 00:52 . 2009-09-05 00:52 -------- d-----r- c:\documents and settings\Administrateur\Favoris
2009-09-05 00:52 . 2009-09-05 00:52 -------- d-----w- c:\documents and settings\Administrateur\Contacts
2009-09-05 00:51 . 2009-10-03 21:37 -------- d-----w- c:\documents and settings\Administrateur\Bureau
2009-09-05 00:17 . 2009-09-05 00:17 -------- d-----w- c:\documents and settings\Administrateur\Application Data\vlc
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-03 21:47 . 2009-10-03 21:47 -------- d-----w- c:\program files\microsoft frontpage
2009-10-03 21:46 . 2009-09-27 22:53 32 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-10-03 21:46 . 2009-09-27 22:53 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-10-03 18:03 . 2009-08-11 20:39 -------- d-----w- c:\program files\Unlocker
2009-10-03 16:11 . 2009-08-11 20:32 -------- d-----w- c:\program files\eMule
2009-10-03 16:11 . 2008-05-02 22:57 27136 ----a-w- c:\windows\system32\ctfmon.exe
2009-10-03 16:11 . 2009-08-10 22:00 -------- d-----w- c:\program files\TaskSwitchXP
2009-10-02 13:40 . 2009-08-12 21:18 -------- d-----w- c:\program files\Bonjour
2009-09-28 16:59 . 2008-05-02 22:57 2013184 ----a-w- c:\windows\explorer.exe
2009-09-27 23:07 . 2008-01-29 15:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-09-27 22:50 . 2009-08-11 08:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-09-18 18:01 . 2008-05-02 22:57 74448 ----a-w- c:\windows\system32\perfc00C.dat
2009-09-18 18:01 . 2008-05-02 22:57 467962 ----a-w- c:\windows\system32\perfh00C.dat
2009-09-14 15:08 . 2009-08-10 22:00 -------- d-----w- c:\program files\Windows Live
2009-09-14 14:57 . 2009-08-14 19:56 -------- d-----w- c:\program files\StuffPlug3
2009-09-02 05:54 . 2009-08-11 08:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-02 05:53 . 2009-09-02 05:44 -------- d-----w- c:\program files\Doom 3
2009-09-02 05:42 . 2009-08-11 08:20 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2009-09-02 05:41 . 2009-08-30 18:39 -------- d-----w- c:\documents and settings\Administrateur\Application Data\DAEMON Tools Lite
2009-09-01 22:48 . 2009-08-10 22:01 -------- d-----w- c:\program files\Nero
2009-09-01 22:33 . 2009-08-10 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-09-01 17:21 . 2009-09-01 17:21 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Media Player Classic
2009-09-01 00:48 . 2009-09-01 00:48 -------- d-----w- c:\documents and settings\Administrateur\Application Data\dvdcss
2009-08-30 21:27 . 2009-08-30 18:42 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-08-12 21:07 . 2009-08-11 20:43 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-08-12 21:03 . 2009-08-12 21:03 -------- d-----w- c:\program files\Fichiers communs\Macrovision Shared
2009-08-11 22:01 . 2009-08-11 22:01 -------- d-----w- c:\program files\Alcohol Soft
2009-08-11 20:49 . 2009-08-11 20:49 -------- d-----w- c:\program files\RocketDock
2009-08-11 20:41 . 2009-08-11 20:41 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-08-11 20:41 . 2009-08-11 20:40 -------- d-----w- c:\program files\Winamp
2009-08-11 20:39 . 2009-08-11 20:39 -------- d-----w- c:\program files\VideoLAN
2009-08-11 20:37 . 2009-08-11 20:37 -------- d-----w- c:\program files\Satsuki Decoder Pack
2009-08-11 20:35 . 2009-08-11 20:35 -------- d-----w- c:\program files\MSECache
2009-08-11 20:27 . 2009-08-11 20:27 -------- d-----w- c:\program files\Intel
2009-08-11 09:19 . 2009-08-10 22:27 1100 ----a-w- c:\windows\system32\d3d8caps.dat
2009-08-11 09:03 . 2009-08-11 09:03 -------- d-----w- c:\program files\ma-config.com
2009-08-11 09:03 . 2009-08-11 09:03 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com
2009-08-11 08:56 . 2009-08-11 08:56 0 ----a-w- c:\windows\nsreg.dat
2009-08-11 08:25 . 2009-08-11 08:09 -------- d-----w- c:\program files\Symantec
2009-08-11 08:10 . 2009-08-11 08:10 4608 ----a-w- c:\windows\system32\drivers\symlcbrd.sys
2009-08-10 22:01 . 2009-08-10 22:01 -------- d-----w- c:\program files\Fichiers communs\Nero
2009-08-10 22:01 . 2009-08-10 22:01 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-08-10 22:00 . 2009-08-10 22:00 -------- d-----w- c:\program files\Cpu-z
2009-08-10 21:52 . 2009-08-10 21:52 21892 ----a-w- c:\windows\system32\emptyregdb.dat
2009-08-10 21:51 . 2009-08-10 21:51 -------- d-----w- c:\program files\Windows Media Connect 2
2009-08-05 14:10 . 2009-08-30 21:25 831488 ----a-w- c:\windows\RtlExUpd.dll
2009-08-04 12:31 . 2009-08-30 21:25 2170880 ----a-w- c:\windows\MicCal.exe
2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-21 14:40 . 2009-08-30 21:25 41472 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2009-07-19 16:59 . 2009-07-19 16:59 3597824 ----a-w- c:\windows\system32\SET44.tmp
2009-07-19 13:29 . 2009-08-11 08:29 6067200 ----a-w- c:\windows\system32\SET4C.tmp
2009-07-08 14:34 . 2009-08-11 20:27 53248 ----a-w- c:\windows\system32\CSVer.dll
.
------- Sigcheck -------
[-] 2008-05-02 . 06B54A7B1EF7CB16BFD0E208D343FA71 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2008-05-02 . F92E6BEA9349D49341383F8403B4DFE5 . 1054208 . . [6.0] . . c:\windows\i386\ASMS\60\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL
[-] 2008-05-02 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\i386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL
[-] 2008-05-02 . B4AA331468315B6A174C3F0D5B3BC135 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2008-05-02 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2008-05-02 . F92E6BEA9349D49341383F8403B4DFE5 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2008-05-02 . 7A6D0B71035E123FDDA2156A25578AD3 . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2008-05-02 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2008-05-02 . 16813155807C6881F4BFBF6657424659 . 25216 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2008-05-02 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2008-05-02 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\i386\NTFS.SYS
[-] 2008-05-02 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2008-05-02 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
[-] 2008-05-02 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-07-07 20:31 . A5B1B7C76134329AA7547F6E6DA35410 . 253952 . . [2001.12.4414.320] . . c:\windows\SoftwareDistribution\Download\5e54181a2d7e767daf6e7f313d7dd20b\SP2GDR\es.dll
[-] 2008-07-07 20:28 . EC16AE9B37EACF871629227A3F3913FD . 253952 . . [2001.12.4414.706] . . c:\windows\SoftwareDistribution\Download\5e54181a2d7e767daf6e7f313d7dd20b\SP3GDR\es.dll
[-] 2008-07-07 20:24 . 157F9C595FD0D10502497DC4C1348D17 . 253952 . . [2001.12.4414.706] . . c:\windows\SoftwareDistribution\Download\5e54181a2d7e767daf6e7f313d7dd20b\SP3QFE\es.dll
[-] 2008-07-07 20:18 . 74ECF4DDC685BD3249CAB323405FCC49 . 253952 . . [2001.12.4414.320] . . c:\windows\SoftwareDistribution\Download\5e54181a2d7e767daf6e7f313d7dd20b\SP2QFE\es.dll
[-] 2008-05-02 22:57 . 9FD4A0615BF3E9388A46EDF8774C7294 . 246272 . . [2001.12.4414.701] . . c:\windows\system32\es.dll
[-] 2008-05-02 . 0469B73DB32E5520F342C5E163AA3CCA . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2009-03-21 . C3AF0EEE26B59484E674673E3016AAB7 . 1056768 . . [5.1.2600.5781] . . c:\windows\SoftwareDistribution\Download\149dffda614674463c33ccf79c4404f3\SP3QFE\kernel32.dll
[-] 2009-03-21 . 534040750B9E70B156A98F5D0E8F6D2A . 1051136 . . [5.1.2600.3541] . . c:\windows\SoftwareDistribution\Download\149dffda614674463c33ccf79c4404f3\SP2GDR\kernel32.dll
[-] 2009-03-21 . 98F08549604D090B6B2514AF845F329F . 1054720 . . [5.1.2600.5781] . . c:\windows\SoftwareDistribution\Download\149dffda614674463c33ccf79c4404f3\SP3GDR\kernel32.dll
[-] 2009-03-21 . 2087E2764822A8D93A4CA7FA0FED35E8 . 1054208 . . [5.1.2600.3541] . . c:\windows\SoftwareDistribution\Download\149dffda614674463c33ccf79c4404f3\SP2QFE\kernel32.dll
[-] 2008-05-02 . 3AC8886DFA5AB641417DF4D3B7F5512E . 1054720 . . [5.1.2600.5512] . . c:\windows\system32\kernel32.dll
[-] 2008-05-02 . 5C64008E661307C4A3C3C25D9086CDE7 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2008-05-02 . 982B2C204337C3B12211E1E1D9BA8C9C . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2008-05-02 . 15A8EC8EB2CB0AF246F3238E0321C2B9 . 14848 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2009-07-19 . 0E396FC8AED9D3D550DB38152F6A4FC7 . 3597824 . . [7.00.6000.16890] . . c:\windows\SoftwareDistribution\Download\0be3474a722486e9050d650f16addaad\SP3GDR\mshtml.dll
[-] 2009-07-19 . 0E396FC8AED9D3D550DB38152F6A4FC7 . 3597824 . . [7.00.6000.16890] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2009-07-19 . 73FFE289F14EDFBB22429E88ACF17016 . 3600384 . . [7.00.6000.21089] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\mshtml.dll
[-] 2009-07-19 . 73FFE289F14EDFBB22429E88ACF17016 . 3600384 . . [7.00.6000.21089] . . c:\windows\SoftwareDistribution\Download\0be3474a722486e9050d650f16addaad\SP3QFE\mshtml.dll
[-] 2008-05-02 . EBF0440323874DDF97EF0CEC2D6DC9F4 . 3593728 . . [7.00.6000.20815] . . c:\windows\ie7updates\KB972260-IE7\mshtml.dll
[-] 2008-05-02 . EBF0440323874DDF97EF0CEC2D6DC9F4 . 3593728 . . [7.00.6000.20815] . . c:\windows\system32\mshtml.dll
[-] 2008-05-02 . 196CCC3FDD21665DCAA9F83FFC03B41A . 247808 . . [5.1.2600.5512] . . c:\windows\system32\mswsock.dll
[-] 2008-05-02 . 04821179C3171554C1BD1F9888A113E2 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2008-05-02 . BE0CB143FA427D93440DED18DB8C918B . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2009-02-10 . BEF458B8424553279E95E250D1E0CE7E . 2191232 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\284fbcf1e8e0b40c0953d6b85a551eae\SP3QFE\ntoskrnl.exe
[-] 2009-02-09 . 4183ED119200F8520F5E834498AFB927 . 2182528 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\284fbcf1e8e0b40c0953d6b85a551eae\SP2GDR\ntoskrnl.exe
[-] 2009-02-09 . B55AA66BC9269BC5257B915FFDAA790B . 2188160 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\284fbcf1e8e0b40c0953d6b85a551eae\SP2QFE\ntoskrnl.exe
[-] 2009-02-09 . AB896577F35CF5FED7A9F87D3C3205ED . 2191104 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\284fbcf1e8e0b40c0953d6b85a551eae\SP3GDR\ntoskrnl.exe
[-] 2008-05-02 . 2E36C8BE37E4E86277E559462322375C . 2486272 . . [5.1.2600.5512] . . c:\windows\system32\ntoskrnl.exe
[-] 2008-05-02 . 9F2C862E39BF8E8FC51C3F6A6BCEB415 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2008-05-02 . BAA0B6E647C1AD593E9BAE5CC31BCFFB . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2009-02-09 . F83B964469D230F445613C44DF9FE25D . 401408 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\284fbcf1e8e0b40c0953d6b85a551eae\SP3QFE\rpcss.dll
[-] 2009-02-09 . 0203B1AAD358F206CB0A3C1F93CCE17A . 401408 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\284fbcf1e8e0b40c0953d6b85a551eae\SP3GDR\rpcss.dll
[-] 2009-02-09 . 5620353B93DD08016674E4FEE280190B . 399360 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\284fbcf1e8e0b40c0953d6b85a551eae\SP2GDR\rpcss.dll
[-] 2009-02-09 . BA1EF616F55210820F6462D033088497 . 401408 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\284fbcf1e8e0b40c0953d6b85a551eae\SP2QFE\rpcss.dll
[-] 2008-05-02 . 3D65EB82E1FA6DB15A33E024C9E03CAB . 399360 . . [5.1.2600.5512] . . c:\windows\system32\rpcss.dll
[-] 2008-05-02 . 973B36634C544948C663E8269AA1B3A3 . 187392 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2009-02-09 . C3FB1D70CB88722267949694BA51759E . 111104 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\284fbcf1e8e0b40c0953d6b85a551eae\SP3GDR\services.exe
[-] 2009-02-09 . 62789101F9C2401ED598AA2CDE7450C0 . 111104 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\284fbcf1e8e0b40c0953d6b85a551eae\SP3QFE\services.exe
[-] 2009-02-09 . 9D6BF82FE50D55F20F8E10E0F6653886 . 111104 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\284fbcf1e8e0b40c0953d6b85a551eae\SP2GDR\services.exe
[-] 2009-02-09 . 51A24094F076961A7FF73E5F7E991D68 . 111104 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\284fbcf1e8e0b40c0953d6b85a551eae\SP2QFE\services.exe
[-] 2008-05-02 . D40FA5D52A7211F09CB312A7E50191CA . 111104 . . [5.1.2600.5512] . . c:\windows\system32\services.exe
[-] 2008-05-02 . 9A4E7ECBB5B7FB86F3B926AB039F4FEC . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2008-05-02 . 8E5231171AD6595FF002E848CC54FCD7 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2008-05-02 . E853F84D3CE2FAA2A802E33CF89AC023 . 579584 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2008-05-02 . E74DDB12188C2FF57A78624DBF7332FC . 26624 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2009-06-29 . 71333B8101B10CDEC4D58D949C97D3BA . 828928 . . [7.00.6000.21073] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\wininet.dll
[-] 2009-06-29 . 71333B8101B10CDEC4D58D949C97D3BA . 828928 . . [7.00.6000.21073] . . c:\windows\SoftwareDistribution\Download\0be3474a722486e9050d650f16addaad\SP3QFE\wininet.dll
[-] 2009-06-29 . 9620CC3780D7279A48D3556860813587 . 827392 . . [7.00.6000.16876] . . c:\windows\SoftwareDistribution\Download\0be3474a722486e9050d650f16addaad\SP3GDR\wininet.dll
[-] 2009-06-29 . 9620CC3780D7279A48D3556860813587 . 827392 . . [7.00.6000.16876] . . c:\windows\system32\dllcache\wininet.dll
[-] 2008-05-02 . 78D3D2B0BE6AD3E6D82CCB115CF74310 . 827392 . . [7.00.6000.20815] . . c:\windows\ie7updates\KB972260-IE7\wininet.dll
[-] 2008-05-02 . 78D3D2B0BE6AD3E6D82CCB115CF74310 . 827392 . . [7.00.6000.20815] . . c:\windows\system32\wininet.dll
[-] 2008-05-02 . 10CC430B4C85686F1E9D12F85B56C8C1 . 516096 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-05-02 . FB836F9E62D82904C983AD21296A5D9C . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2009-09-28 . D9FB8495A219D6033E285593F623C49A . 2013184 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-05-02 . D33CD21D476C3A07DD88F83850A17432 . 343040 . . [7.0.2600.5512] . . c:\windows\i386\ASMS\70\MSFT\WINDOWS\MSWINCRT\MSVCRT.DLL
[-] 2008-05-02 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\i386\ASMS\7000\MSFT\WINDOWS\MSWINCRT\MSVCRT.DLL
[-] 2008-05-02 . 3891413139EAABFEFE9B0CA49B5CD395 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2008-05-02 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2008-05-02 . D33CD21D476C3A07DD88F83850A17432 . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2008-05-02 . 6ED29124A1C83BD0CF6B26BD01CA6F6F . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2008-05-02 . 02DA31AB433A6C1110A736C85701DECA . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2008-05-02 . F92A87FDDA0C11C8604FBC2B864FA726 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2008-05-02 . 4EC800BDF80521B0207BD2301DFC7D14 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2008-05-02 . A9658459BB4F4EE00FA117C9382C0D3A . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2009-10-03 16:11 . 3EC4BBD7449A0805E0A0F7857BC6FFC3 . 27136 . . [------] . . c:\windows\system32\ctfmon.exe
[-] 2008-05-02 . 55F5C5C1BE1A78E285033E432BA01597 . 194560 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2008-05-02 . B9F20D71E5B6CE89A7A94B38351FDBDC . 135680 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
[-] 2008-05-02 . EA9E0DB8684CEF2FD3BADD671DF5A112 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2008-05-02 . 710BC85A8C22626EE094439E3EA0D38C . 297984 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2008-05-02 . F36C9F78FC902C8DCE4D3B576BB0435A . 176640 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2008-05-02 . E4ABC1212B70BB03D35E60681C447210 . 12032 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
[-] 2008-04-13 05:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2008-05-02 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2008-05-02 22:57 . CE21FE79AD3B913A79E0C742BED6BF85 . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2008-05-02 22:57 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2009-02-10 . F751E041E682F53EAF34F7FAEA78994D . 2068096 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\284fbcf1e8e0b40c0953d6b85a551eae\SP3GDR\ntkrnlpa.exe
[-] 2009-02-09 . 663D7167ED065786EC9DCFF2569A39F7 . 2059776 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\284fbcf1e8e0b40c0953d6b85a551eae\SP2GDR\ntkrnlpa.exe
[-] 2009-02-09 . 0150FE5C1E07F8AE422FEC6C8E8A0C98 . 2065024 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\284fbcf1e8e0b40c0953d6b85a551eae\SP2QFE\ntkrnlpa.exe
[-] 2009-02-09 . ED5E20AE4AC5A63A4FF43FFE704A5153 . 2068224 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\284fbcf1e8e0b40c0953d6b85a551eae\SP3QFE\ntkrnlpa.exe
[-] 2008-05-02 . 3391F4DDEA530297E720357F40AD06EB . 2364928 . . [5.1.2600.5512] . . c:\windows\system32\ntkrnlpa.exe
[-] 2008-05-02 . BD8166A495B02308F364B36249475F22 . 186368 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
c:\windows\system32\drivers\beep.sys ... manque !!
c:\windows\system32\spoolsv.exe ... manque !!
c:\windows\system32\svchost.exe ... manque !!
c:\windows\system32\regsvc.dll ... manque !!
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TaskSwitchXP"="c:\program files\TaskSwitchXP\TaskSwitchXP.exe" [2009-10-03 27136]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"eMuleAutoStart"="c:\program files\eMule\emule.exe" [2009-02-22 5668864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-14 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-08 305440]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-09-27 208616]
"NAV"="c:\program files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV\562C4DD5\16.5.0.134\InstStub.exe" [2009-10-03 983184]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-08-14 18702336]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TaskSwitchXP"="c:\program files\TaskSwitchXP\TaskSwitchXP.exe" [2009-10-03 27136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-05-02 124928]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVP"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
R1 tdisp.sys;tdisp.sys;c:\windows\system32\tdisp.sys [x]
R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-05-29 234864]
R3 utm0njk3;AVZ Kernel Driver;c:\windows\system32\Drivers\utm0njk3.sys [2009-09-28 7168]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-09-27 33808]
S0 Si3124;Si3124; [x]
S0 Si3531;Si3531; [x]
S1 is-KS1ESdrv;is-KS1ESdrv;c:\windows\system32\DRIVERS\29910015.sys [2008-07-08 148496]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - HELPSVC
.
Contenu du dossier 'Tâches planifiées'
2009-09-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.plusnetwork.com
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wtnjleuwvlow.dll
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\al1c9c9z.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.
- - - - ORPHELINS SUPPRIMES - - - -
Toolbar-ITBar7Layout - (no file)
Toolbar-ITBar7Position - (no file)
HKLM-Run-ccApp - c:\program files\Fichiers communs\Symantec Shared\ccApp.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
HKLM-Run-MSConfig - c:\windows\system32\msconfig.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-04 00:01
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(224)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\COMRes.dll
- - - - - - - > 'lsass.exe'(368)
c:\windows\system32\setupapi.dll
c:\windows\system32\scecli.dll
.
Heure de fin: 2009-10-03 0:05
ComboFix-quarantined-files.txt 2009-10-03 22:05
Avant-CF: 51 423 064 064 octets libres
Après-CF: 51 412 631 552 octets libres
341
On a pas le droit de faire sa ?? Parce que je suis nouveau , je sais pas comment sa marche =S
Re
Tu reprends tout simplement ou il est mentionné ici mais en précisant que ComboFix a été exécuté.
Lien:https://forums.commentcamarche.net/forum/affich-14594909-trojan-win32-aa
Bonne continuation
Tu reprends tout simplement ou il est mentionné ici mais en précisant que ComboFix a été exécuté.
Lien:https://forums.commentcamarche.net/forum/affich-14594909-trojan-win32-aa
Bonne continuation