Sujet Précédent Sujet Suivant

Svchost.exe

Fermé
siron -  
^^Marie^^ Messages postés 126523 Date d'inscription   Statut Membre Dernière intervention   -
Bonjour,
voila au démarrage j'ai droit à:

"svchost.exe erreur d'application
l'instruction à "0x595c17c2" emploi l'adresse mémoire "0x595c17c2"de peut pas etre "read""
que faire???
merci!

17 réponses

Réponse 1 / 17
Utilisateur anonyme
 
salut :

▶ Télécharge et install UsbFix par Chiquitine29

(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

▶ Double clic sur le raccourci UsbFix présent sur ton bureau .

▶ Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

▶ Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]

▶ Laisse travailler l'outil.

▶ Ensuite post le rapport UsbFix.txt qui apparaitra.

Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
0
Réponse 2 / 17
siron
 
je n'ai pas de clé usb ni rein d'autre à connecter c'est grave??
0
Réponse 3 / 17
Utilisateur anonyme
 
non fais sans...pas de mp3 , mp4 non plus ? appareil photo...
0
Réponse 4 / 17
siron
 
ça arrive!
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 17
Utilisateur anonyme
 
ok ;)

ne te sers pas trop du pc pendant les scans , ca peut fausser les resultats ^^
0
Réponse 6 / 17
siron
 
ça reste bloqué sur "demarrage"
0
Réponse 7 / 17
Utilisateur anonyme
 
comment ca ?
0
Réponse 8 / 17
mmmmmmmmm
 
"usbfix s'apprête à démarrer
veillez pacientez"
et voila... je patience!!! mais rien!!!
0
Réponse 9 / 17
Utilisateur anonyme
 
essaie de le faire en mode sans echec
0
Réponse 10 / 17
mmmmmmmmm
 
plus tard!!! merci a plus!!
0
Réponse 11 / 17
mmmmmmmmm
 
c'est possible que tu m'interprete ce rapport combofix avant??? merci!!

ComboFix 09-11-18.01 - HarryPotter 17/11/2009 19:11.1.1 - FAT32x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.768.472 [GMT 1:00]
Lancé depuis: d:\documents and settings\HarryPotter\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\windows\system32\i

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Legacy_SZSERVICE
-------\Service_Boonty Games

((((((((((((((((((((((((((((( Fichiers créés du 2009-10-17 au 2009-11-17 ))))))))))))))))))))))))))))))))))))
.

2009-11-17 17:07 . 2009-11-17 17:07 -------- d-----w- D:\rsit
2009-11-17 06:32 . 2009-03-30 09:32 96104 ----a-w- d:\windows\system32\drivers\avipbb.sys
2009-11-17 06:32 . 2009-03-24 15:08 55640 ----a-w- d:\windows\system32\drivers\avgntflt.sy­s
2009-11-17 06:32 . 2009-02-13 11:28 22360 ----a-w- d:\windows\system32\drivers\avgntmgr.sy­s
2009-11-17 06:32 . 2009-02-13 11:17 45416 ----a-w- d:\windows\system32\drivers\avgntdd.sys­
2009-11-17 06:32 . 2009-11-17 06:32 -------- d-----w- d:\program files\Avira
2009-11-16 18:50 . 2009-11-16 18:50 -------- d-----w- d:\program files\Malwarebytes'
2009-11-16 18:38 . 2009-09-10 13:54 38224 ----a-w- d:\windows\system32\drivers\mbamswissar­my.sys
2009-11-16 18:38 . 2009-09-10 13:53 19160 ----a-w- d:\windows\system32\drivers\mbam.sys
2009-11-16 18:38 . 2009-11-16 18:38 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2009-11-11 19:08 . 2009-11-11 19:05 267264 ----a-w- d:\windows\system32\wyvodiqu.exe
2009-11-11 19:06 . 2009-11-11 19:05 267264 ----a-w- d:\windows\system32\dihytu.exe
2009-11-11 13:02 . 2009-11-11 12:02 102400 --sh--r- d:\windows\9new.exe
2009-11-09 20:26 . 2009-11-09 20:26 -------- d-----w- d:\documents and settings\LocalService\Local Settings\Application Data\Temp
2009-10-25 21:19 . 2009-10-25 21:19 -------- d-----w- D:\FOUND.023

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-05 12:27 . 2005-10-19 23:17 56 ---ha-w- d:\windows\popcinfo.dat
2009-10-20 10:04 . 2008-04-29 16:09 1 ----a-w- d:\documents and settings\HarryPotter\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-10-17 19:39 . 2009-10-17 19:39 -------- d-----w- d:\documents and settings\All Users\Application Data\NortonInstaller
2009-10-10 15:14 . 2009-10-10 15:14 -------- d-----w- d:\program files\Microsoft Sync Framework
2009-10-10 15:13 . 2009-10-10 15:13 -------- d-----w- d:\program files\Microsoft SQL Server Compact Edition
2009-09-29 22:26 . 2009-09-29 22:26 -------- d-----w- d:\program files\Jeux.fr
2009-09-03 21:12 . 2009-09-03 21:12 152576 ----a-w- d:\documents and settings\HarryPotter\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-26 12:59 . 2009-08-26 12:59 78848 ----a-w- d:\windows\system32\drivers\SSHDRV85.sy­s
2008-03-09 20:23 . 2008-03-09 20:23 0 ----a-w- d:\program files\temp01
2005-10-29 10:37 . 2005-10-29 10:37 774144 ----a-w- d:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="d:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"TomTomHOME.exe"="d:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-08-07 247144]
"BitTorrent DNA"="d:\program files\DNA\btdna.exe" [2009-11-13 323392]
"SUPERAntiSpyware"="d:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-13 2001648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"ATICCC"="d:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2005-10-28 155648]
"AdobeCS4ServiceManager"="d:\program files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"TkBellExe"="d:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-07-04 198160]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"woociv"="d:\windows\system32\dihytu.exe" [2009-11-11 267264]
"Malwarebytes Anti-Malware (reboot)"="d:\program files\Malwarebytes'\mbam.exe" [2009-09-10 1312080]
"avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"woociv"="d:\windows\system32\dihytu.exe" [2009-11-11 267264]

d:\documents and settings\HarryPotter\Menu D‚marrer\Programmes\D‚marrage\
Yahoo! Widgets.lnk - d:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]

d:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - d:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2009-11-11 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-11-11 11:45 548352 ----a-w- d:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=d:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=d:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Program Files\\Fichiers communs\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"d:\\Program Files\\DNA\\btdna.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 pctmp;PC Tools Firewall Memory Protection Driver;d:\windows\system32\drivers\pctmp.sys [10/01/2008 18:05 40856]
R1 pctssipc;PC Tools Security Suite IPC Driver;d:\windows\system32\drivers\pctssipc.sys [10/01/2008 18:05 18328]
R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 13:53 9968]
R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [27/02/2007 12:39 74480]
R1 SSHDRV76;SSHDRV76;d:\windows\system32\drivers\SSHDRV76.sys [09/07/2009 21:28 53760]
R1 SSHDRV85;SSHDRV85;d:\windows\system32\drivers\SSHDRV85.sys [26/08/2009 13:59 78848]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;d:\program files\Avira\AntiVir Desktop\sched.exe [17/11/2009 07:32 108289]
R2 TomTomHOMEService;TomTomHOMEService;d:\program files\TomTom HOME 2\TomTomHOMEService.exe [07/08/2009 16:31 92008]
R3 SASENUM;SASENUM;d:\program files\SUPERAntiSpyware\SASENUM.SYS [16/02/2006 17:51 4096]
S2 aiahuaftuealiw;AOL Connectivity Service;d:\windows\system32\wyvodiqu.exe [11/11/2009 20:08 267264]
S2 gupdate1c987c68a1a6ad2;Google Update Service (gupdate1c987c68a1a6ad2);d:\program files\Google\Update\GoogleUpdate.exe [05/02/2009 20:18 133104]
S3 ASPI;Advanced SCSI Programming Interface Driver;d:\windows\system32\drivers\ASPI32.SYS [21/03/2008 11:21 16512]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - mbr
.
Contenu du dossier 'Tâches planifiées'

2009-11-17 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2009-02-05 19:18]

2009-11-17 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2009-02-05 19:18]

2009-10-29 d:\windows\Tasks\NSSstub.job
- d:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-10-17 16:39]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.fr/
mWindow Title =
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://www.msnjeux.com/online2/MSN_INTL_FRANCE/zuma/zylomgamesplayer.cab
DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab
DPF: {E1342154-4889-42B5-BEF6-19237577048F} - hxxp://msnfr.oberon-media.com/online2/MSN_INTL_FRANCE/zuma/oberongamesloader.cab
FF - ProfilePath - d:\documents and settings\HarryPotter\Application Data\Mozilla\Firefox\Profiles\ju8usffo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: d:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: d:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: d:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npgcplug.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npicdclient.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: d:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: d:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: d:\windows\System32\Rawflow\npicdclient.dll

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-photo_id - d:\documents and settings\HarryPotter\photo_id.exe
Notify-WgaLogon - (no file)
AddRemove-burnatonce_is1 - d:\program files\burnatonce\unins000.exe
AddRemove-Steam App 7710 - d:\program files\Steam\steam.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-17 19:27
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1220945662-1454471165-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ca,52,88,28,7e,e2,3b,cc,c1,67,08,e3,6d,b8,5d,e5,22,47,8e,7c,29,35,9c,
86,51,fd,e6,50,2f,11,c1,3d,22,1d,33,fe,e1,6f,ed,fb,b7,00,56,74,2d,31,ff,ca,\
"??"=hex:54,91,eb,dd,75,18,da,c3,ed,6e,dd,e8,34,bd,c8,e3

[HKEY_USERS\S-1-5-21-1220945662-1454471165-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:40,c3,69,56,1c,b0,e8,6b,41,db,1d,8b,81,cd,fc,51,25,e6,ef,5f,57,
78,74,5f,1b,68,99,a9,60,b1,62,26,25,03,65,8f,c7,7b,f1,e4,f9,06,8b,4b,38,83,\
"rkeysecu"=hex:b3,a6,db,3c,87,0c,3e,99,24,5e,0d,1c,06,b7,47,de
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(916)
d:\program files\SUPERAntiSpyware\SASWINLO.DLL
d:\windows\system32\Ati2evxx.dll
d:\program files\Fichiers communs\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(3948)
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
d:\program files\Fichiers communs\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Autres processus actifs ------------------------
.
d:\windows\system32\Ati2evxx.exe
d:\program files\PC Tools Firewall Plus\FWService.exe
d:\windows\system32\Ati2evxx.exe
d:\program files\Lavasoft\Ad-Aware\aawservice.exe
d:\program files\Avira\AntiVir Desktop\avguard.exe
d:\windows\System32\dllhost.exe
d:\windows\System32\CTsvcCDA.EXE
d:\program files\Java\jre6\bin\jqs.exe
d:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
d:\program files\Analog Devices\SoundMAX\SMAgent.exe
d:\windows\system32\dwwin.exe
.
**************************************************************************
.
Heure de fin: 2009-11-17 19:32 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-11-17 18:32

Avant-CF: 15 412 559 872 octets libres
Après-CF: 15 296 069 632 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Le bon qui marche" /NoExecute=OptIn
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Le mauvais qui rampe"

- - End Of File - - 276578AF88320665C5A2F93059C2BAB3
0
Réponse 12 / 17
Utilisateur anonyme
 
qui t a demandé d'utiliser combofix ?

tu te fais aider ailleurs en meme temps ??

veux-tu planter ton pc ?
0
Réponse 13 / 17
mmmmmmmmm
 
oui, on m'a demander de le faire!!!
mais on a supprimer le forum ou c'etait demandé alors maintenenat j'ai ça:

ComboFix 09-11-18.01 - HarryPotter 17/11/2009 20:43.2.1 - FAT32x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.768.406 [GMT 1:00]
Lancé depuis: d:\documents and settings\HarryPotter\Bureau\ComboFix.exe
Commutateurs utilisés :: d:\documents and settings\HarryPotter\Bureau\CFScript
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

FILE ::
"d:\windows\9new.exe"
"d:\windows\system32\dihytu.exe"
"d:\windows\system32\wyvodiqu.exe"
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\windows\9new.exe
d:\windows\system32\dihytu.exe
d:\windows\system32\wyvodiqu.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AIAHUAFTUEALIW
-------\Service_aiahuaftuealiw

((((((((((((((((((((((((((((( Fichiers créés du 2009-10-17 au 2009-11-17 ))))))))))))))))))))))))))))))))))))
.

2009-11-17 19:05 . 2009-11-17 19:05 -------- d-----w- D:\UsbFix
2009-11-17 17:07 . 2009-11-17 17:07 -------- d-----w- D:\rsit
2009-11-17 06:32 . 2009-03-30 09:32 96104 ----a-w- d:\windows\system32\drivers\avipbb.sys
2009-11-17 06:32 . 2009-03-24 15:08 55640 ----a-w- d:\windows\system32\drivers\avgntflt.sys
2009-11-17 06:32 . 2009-02-13 11:28 22360 ----a-w- d:\windows\system32\drivers\avgntmgr.sys
2009-11-17 06:32 . 2009-02-13 11:17 45416 ----a-w- d:\windows\system32\drivers\avgntdd.sys
2009-11-17 06:32 . 2009-11-17 06:32 -------- d-----w- d:\program files\Avira
2009-11-16 18:50 . 2009-11-16 18:50 -------- d-----w- d:\program files\Malwarebytes'
2009-11-16 18:38 . 2009-09-10 13:54 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2009-11-16 18:38 . 2009-09-10 13:53 19160 ----a-w- d:\windows\system32\drivers\mbam.sys
2009-11-16 18:38 . 2009-11-16 18:38 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2009-11-09 20:26 . 2009-11-09 20:26 -------- d-----w- d:\documents and settings\LocalService\Local Settings\Application Data\Temp
2009-10-25 21:19 . 2009-10-25 21:19 -------- d-----w- D:\FOUND.023

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-05 12:27 . 2005-10-19 23:17 56 ---ha-w- d:\windows\popcinfo.dat
2009-10-20 10:04 . 2008-04-29 16:09 1 ----a-w- d:\documents and settings\HarryPotter\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-10-17 19:39 . 2009-10-17 19:39 -------- d-----w- d:\documents and settings\All Users\Application Data\NortonInstaller
2009-10-10 15:14 . 2009-10-10 15:14 -------- d-----w- d:\program files\Microsoft Sync Framework
2009-10-10 15:13 . 2009-10-10 15:13 -------- d-----w- d:\program files\Microsoft SQL Server Compact Edition
2009-09-29 22:26 . 2009-09-29 22:26 -------- d-----w- d:\program files\Jeux.fr
2009-09-03 21:12 . 2009-09-03 21:12 152576 ----a-w- d:\documents and settings\HarryPotter\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-26 12:59 . 2009-08-26 12:59 78848 ----a-w- d:\windows\system32\drivers\SSHDRV85.sys
2008-03-09 20:23 . 2008-03-09 20:23 0 ----a-w- d:\program files\temp01
2005-10-29 10:37 . 2005-10-29 10:37 774144 ----a-w- d:\program files\RngInterstitial.dll
.

------- Sigcheck -------

[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . d:\windows\system32\drivers\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . d:\windows\ERDNT\cache\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . d:\windows\ServicePackFiles\i386\atapi.sys
[-] 2001-08-28 . A64013E98426E1877CB653685C5C0009 . 86656 . . [5.1.2600.0] . . d:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys

[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . d:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . d:\windows\ERDNT\cache\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . d:\windows\ServicePackFiles\i386\asyncmac.sys

[-] 2001-08-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . d:\windows\system32\drivers\beep.sys
[-] 2001-08-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . d:\windows\system32\dllcache\beep.sys
[-] 2001-08-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . d:\windows\ERDNT\cache\beep.sys

[-] 2004-08-20 . E798705E8DC7FAB596EF6BFDF167E007 . 25216 . . [5.1.2600.2180] . . d:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-20 . E798705E8DC7FAB596EF6BFDF167E007 . 25216 . . [5.1.2600.2180] . . d:\windows\ERDNT\cache\kbdclass.sys
[-] 2004-08-20 . E798705E8DC7FAB596EF6BFDF167E007 . 25216 . . [5.1.2600.2180] . . d:\windows\ServicePackFiles\i386\kbdclass.sys

[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . d:\windows\system32\drivers\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . d:\windows\ERDNT\cache\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . d:\windows\ServicePackFiles\i386\ndis.sys

[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . d:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . d:\windows\system32\drivers\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . d:\windows\system32\dllcache\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . d:\windows\ERDNT\cache\ntfs.sys
[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . d:\windows\ServicePackFiles\i386\ntfs.sys

[-] 2001-08-28 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . d:\windows\system32\drivers\null.sys
[-] 2001-08-28 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . d:\windows\system32\dllcache\null.sys
[-] 2001-08-28 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . d:\windows\ERDNT\cache\null.sys

[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . d:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . d:\windows\$hf_mig$\KB917953\SP2GDR\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . d:\windows\system32\drivers\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . d:\windows\system32\dllcache\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . d:\windows\ERDNT\cache\tcpip.sys
[-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . d:\windows\ServicePackFiles\i386\tcpip.sys

[-] 2004-08-20 . 75AC49029966BFFEA09F96C1C194F684 . 77312 . . [5.1.2600.2180] . . d:\windows\system32\browser.dll
[-] 2004-08-20 . 75AC49029966BFFEA09F96C1C194F684 . 77312 . . [5.1.2600.2180] . . d:\windows\ERDNT\cache\browser.dll
[-] 2004-08-20 . 75AC49029966BFFEA09F96C1C194F684 . 77312 . . [5.1.2600.2180] . . d:\windows\ServicePackFiles\i386\browser.dll

[-] 2004-08-20 . 259AF82A0932EEA4F316F92DB94707B6 . 13312 . . [5.1.2600.2180] . . d:\windows\system32\lsass.exe
[-] 2004-08-20 . 259AF82A0932EEA4F316F92DB94707B6 . 13312 . . [5.1.2600.2180] . . d:\windows\ERDNT\cache\lsass.exe
[-] 2004-08-20 . 259AF82A0932EEA4F316F92DB94707B6 . 13312 . . [5.1.2600.2180] . . d:\windows\ServicePackFiles\i386\lsass.exe

[-] 2005-08-22 . 0D55724D88488BBFC53BC2EA219240F3 . 197632 . . [5.1.2600.2743] . . d:\windows\$hf_mig$\KB905414\SP2GDR\netman.dll
[-] 2005-08-22 . 31748843AD5811351B115CC52CEA8D77 . 197632 . . [5.1.2600.2743] . . d:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 2005-08-22 . 0D55724D88488BBFC53BC2EA219240F3 . 197632 . . [5.1.2600.2743] . . d:\windows\system32\netman.dll
[-] 2005-08-22 . 0D55724D88488BBFC53BC2EA219240F3 . 197632 . . [5.1.2600.2743] . . d:\windows\ERDNT\cache\netman.dll
[-] 2004-08-20 . 237F77C91B70469E3AF9F7FD0A524954 . 198144 . . [5.1.2600.2180] . . d:\windows\ServicePackFiles\i386\netman.dll

[-] 2004-08-20 . 659F7B6C502051BFA37910614B225548 . 382464 . . [6.6.2600.2180] . . d:\windows\system32\qmgr.dll
[-] 2004-08-20 . 659F7B6C502051BFA37910614B225548 . 382464 . . [6.6.2600.2180] . . d:\windows\ERDNT\cache\qmgr.dll
[-] 2004-08-20 . 659F7B6C502051BFA37910614B225548 . 382464 . . [6.6.2600.2180] . . d:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2004-07-01 . C3F35AA3E4E791EA8425B5DBAE01E283 . 360960 . . [6.6.2600.1569] . . d:\windows\system32\bits\qmgr.dll

[-] 2005-07-26 . CB7D37602638369A516757E994CBB31D . 397824 . . [5.1.2600.2726] . . d:\windows\system32\rpcss.dll
[-] 2005-07-26 . CB7D37602638369A516757E994CBB31D . 397824 . . [5.1.2600.2726] . . d:\windows\$hf_mig$\KB902400\SP2GDR\rpcss.dll
[-] 2005-07-26 . CB7D37602638369A516757E994CBB31D . 397824 . . [5.1.2600.2726] . . d:\windows\ERDNT\cache\rpcss.dll
[-] 2005-07-26 . B38D431ACE730452CD1FEE4FB7ECD6E2 . 398336 . . [5.1.2600.2726] . . d:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2004-08-20 . C6FE0B727A5D13419D480150631ADC09 . 395776 . . [5.1.2600.2180] . . d:\windows\ServicePackFiles\i386\rpcss.dll

[-] 2004-08-20 . 63DCDE1A0D86EEB8924D6738FF616EAD . 108544 . . [5.1.2600.2180] . . d:\windows\system32\services.exe
[-] 2004-08-20 . 63DCDE1A0D86EEB8924D6738FF616EAD . 108544 . . [5.1.2600.2180] . . d:\windows\ERDNT\cache\services.exe
[-] 2004-08-20 . 63DCDE1A0D86EEB8924D6738FF616EAD . 108544 . . [5.1.2600.2180] . . d:\windows\ServicePackFiles\i386\services.exe

[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . d:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-11 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . d:\windows\$hf_mig$\KB896423\SP2GDR\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . d:\windows\system32\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . d:\windows\ERDNT\cache\spoolsv.exe
[-] 2004-08-20 . DF9FC62AD51CB082B0AE371919A232CB . 57856 . . [5.1.2600.2180] . . d:\windows\ServicePackFiles\i386\spoolsv.exe

[-] 2004-08-20 . 123EEA158F74D0F67A51DCDF065D1091 . 506368 . . [5.1.2600.2180] . . d:\windows\system32\winlogon.exe
[-] 2004-08-20 . 123EEA158F74D0F67A51DCDF065D1091 . 506368 . . [5.1.2600.2180] . . d:\windows\ERDNT\cache\winlogon.exe
[-] 2004-08-20 . 123EEA158F74D0F67A51DCDF065D1091 . 506368 . . [5.1.2600.2180] . . d:\windows\ServicePackFiles\i386\winlogon.exe

[-] 2006-08-25 . 5BBCD65CFD7610F36BCA96B72BBAED4B . 617472 . . [5.82] . . d:\windows\$hf_mig$\KB923191\SP2QFE\comctl32.dll
[-] 2006-08-25 . 5BBCD65CFD7610F36BCA96B72BBAED4B . 617472 . . [5.82] . . d:\windows\system32\comctl32.dll
[-] 2006-08-25 . 5BBCD65CFD7610F36BCA96B72BBAED4B . 617472 . . [5.82] . . d:\windows\system32\dllcache\comctl32.dll
[-] 2006-08-25 . 5BBCD65CFD7610F36BCA96B72BBAED4B . 617472 . . [5.82] . . d:\windows\ERDNT\cache\comctl32.dll
[-] 2004-08-20 . 7D3AA1F0E765054CB5F30114F2DB6888 . 611328 . . [5.82] . . d:\windows\ServicePackFiles\i386\comctl32.dll

[-] 2004-08-20 . CD73133EB24C572019944001FAD1B8D9 . 60416 . . [5.1.2600.2180] . . d:\windows\system32\cryptsvc.dll
[-] 2004-08-20 . CD73133EB24C572019944001FAD1B8D9 . 60416 . . [5.1.2600.2180] . . d:\windows\ERDNT\cache\cryptsvc.dll
[-] 2004-08-20 . CD73133EB24C572019944001FAD1B8D9 . 60416 . . [5.1.2600.2180] . . d:\windows\ServicePackFiles\i386\cryptsvc.dll

[-] 2005-07-26 05:39 . D9CDB9380E0EFC9E97CC589B5F484B94 . 243200 . . [2001.12.4414.308] . . d:\windows\system32\es.dll
[-] 2005-07-26 05:39 . D9CDB9380E0EFC9E97CC589B5F484B94 . 243200 . . [2001.12.4414.308] . . d:\windows\$hf_mig$\KB902400\SP2GDR\es.dll
[-] 2005-07-26 05:39 . D9CDB9380E0EFC9E97CC589B5F484B94 . 243200 . . [2001.12.4414.308] . . d:\windows\ERDNT\cache\es.dll
[-] 2005-07-26 05:29 . B56B69129181FF63BAED5EDE65DCC9B1 . 243200 . . [2001.12.4414.308] . . d:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2004-08-20 00:09 . FDE7FBE9CC9DD9484DF3E0241737C091 . 243200 . . [2001.12.4414.258] . . d:\windows\ServicePackFiles\i386\es.dll

[-] 2004-08-20 . E55DAFA1A354BD5CB69151563DC9748A . 110080 . . [5.1.2600.2180] . . d:\windows\system32\imm32.dll
[-] 2004-08-20 . E55DAFA1A354BD5CB69151563DC9748A . 110080 . . [5.1.2600.2180] . . d:\windows\ERDNT\cache\imm32.dll
[-] 2004-08-20 . E55DAFA1A354BD5CB69151563DC9748A . 110080 . . [5.1.2600.2180] . . d:\windows\ServicePackFiles\i386\imm32.dll

[-] 2007-04-16 . 62E3F0E9ABFCBCEE62C51546F622C455 . 1051136 . . [5.1.2600.3119] . . d:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 . 6F1FE2AE7B22EB9CED1BFF533C9455EA . 1049600 . . [5.1.2600.3119] . . d:\windows\system32\kernel32.dll
[-] 2007-04-16 . 6F1FE2AE7B22EB9CED1BFF533C9455EA . 1049600 . . [5.1.2600.3119] . . d:\windows\system32\dllcache\kernel32.dll
[-] 2007-04-16 . 6F1FE2AE7B22EB9CED1BFF533C9455EA . 1049600 . . [5.1.2600.3119] . . d:\windows\ERDNT\cache\kernel32.dll
[-] 2006-07-05 . FB85EF2A6713E3A58A497E093626B93C . 1050112 . . [5.1.2600.2945] . . d:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2006-07-05 . CE4AF1FA47A29ADF97CB107775CE395C . 1049088 . . [5.1.2600.2945] . . d:\windows\$hf_mig$\KB917422\SP2GDR\kernel32.dll
[-] 2004-08-20 . C88F74591579DBDE273C61312B2D3886 . 1048576 . . [5.1.2600.2180] . . d:\windows\ServicePackFiles\i386\kernel32.dll

[-] 2005-09-01 . D9BD4CCA0533401B6609E47FF74F40DC . 19968 . . [5.1.2600.2751] . . d:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . 8D9A075C065DFE1228688D10155D6624 . 19968 . . [5.1.2600.2751] . . d:\windows\$hf_mig$\KB900725\SP2GDR\linkinfo.dll
[-] 2005-09-01 . 8D9A075C065DFE1228688D10155D6624 . 19968 . . [5.1.2600.2751] . . d:\windows\system32\linkinfo.dll
[-] 2005-09-01 . 8D9A075C065DFE1228688D10155D6624 . 19968 . . [5.1.2600.2751] . . d:\windows\ERDNT\cache\linkinfo.dll
[-] 2004-08-20 . 6C411ABBEEF0CA1D991F8A8F449D2B5F . 18944 . . [5.1.2600.2180] . . d:\windows\ServicePackFiles\i386\linkinfo.dll

[-] 2004-08-20 . 3236A6A1650E6C055FD5E87D7C4A05AD . 22016 . . [5.1.2600.2180] . . d:\windows\system32\lpk.dll
[-] 2004-08-20 . 3236A6A1650E6C055FD5E87D7C4A05AD . 22016 . . [5.1.2600.2180] . . d:\windows\ERDNT\cache\lpk.dll
[-] 2004-08-20 . 3236A6A1650E6C055FD5E87D7C4A05AD . 22016 . . [5.1.2600.2180] . . d:\windows\ServicePackFiles\i386\lpk.dll

[-] 2007-10-31 . 89397AFC934A509580FF089035E71DA8 . 3590656 . . [7.00.6000.16587] . . d:\windows\system32\mshtml.dll
[-] 2007-10-31 . 89397AFC934A509580FF089035E71DA8 . 3590656 . . [7.00.6000.16587] . . d:\windows\system32\dllcache\mshtml.dll
[-] 2007-10-31 . 89397AFC934A509580FF089035E71DA8 . 3590656 . . [7.00.6000.16587] . . d:\windows\ERDNT\cache\mshtml.dll
[-] 2007-10-30 . EB4E53C96D5FB4A9A3F1EAEB782D8862 . 3593216 . . [7.00.6000.20710] . . d:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
[-] 2007-08-22 . 8DCC33B8D7E1C3ECD4DC3F9A9B8493D3 . 3079168 . . [6.00.2900.3199] . . d:\windows\ie7\mshtml.dll
[-] 2007-08-22 . 6B815842B4A9CDED3D7E9846639E69FA . 3085824 . . [6.00.2900.3199] . . d:\windows\$hf_mig$\KB939653\SP2QFE\mshtml.dll
[-] 2007-08-13 . C6EC2493346ED8888A549F59210A8ED3 . 3578368 . . [7.00.5730.13] . . d:\windows\ie7updates\KB942615-IE7\mshtml.dll
[-] 2004-08-20 . 7CA9E0D2C4DCA6B710FD57F40E597337 . 3003392 . . [6.00.2900.2180] . . d:\windows\ServicePackFiles\i386\mshtml.dll

[-] 2004-08-20 . B89F48FDFD6C3312B92D5D633C23F075 . 343040 . . [7.0.2600.2180] . . d:\windows\system32\msvcrt.dll
[-] 2004-08-20 . B89F48FDFD6C3312B92D5D633C23F075 . 343040 . . [7.0.2600.2180] . . d:\windows\ERDNT\cache\msvcrt.dll
[-] 2004-08-20 . B89F48FDFD6C3312B92D5D633C23F075 . 343040 . . [7.0.2600.2180] . . d:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2001-08-28 12:00 . E826A484EDE25C3AE19F1B8086511F4B . 267536 . . [4.20.6201] . . d:\windows\setupupd\winnt32\win9xupg\msvcrt.dll

[-] 2004-08-20 . 6FA2DDF70DC9B762EBF8920F89B6BEA3 . 247808 . . [5.1.2600.2180] . . d:\windows\system32\mswsock.dll
[-] 2004-08-20 . 6FA2DDF70DC9B762EBF8920F89B6BEA3 . 247808 . . [5.1.2600.2180] . . d:\windows\ERDNT\cache\mswsock.dll
[-] 2004-08-20 . 6FA2DDF70DC9B762EBF8920F89B6BEA3 . 247808 . . [5.1.2600.2180] . . d:\windows\ServicePackFiles\i386\mswsock.dll

[-] 2004-08-20 . D4CFAC76926C24E32B7F25A35C31BC6E . 407040 . . [5.1.2600.2180] . . d:\windows\system32\netlogon.dll
[-] 2004-08-20 . D4CFAC76926C24E32B7F25A35C31BC6E . 407040 . . [5.1.2600.2180] . . d:\windows\ERDNT\cache\netlogon.dll
[-] 2004-08-20 . D4CFAC76926C24E32B7F25A35C31BC6E . 407040 . . [5.1.2600.2180] . . d:\windows\ServicePackFiles\i386\netlogon.dll

[-] 2007-02-28 . 8E244108562E0E452EB68DFF64CB08A9 . 2184192 . . [5.1.2600.3093] . . d:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 . 7D6D19AAC51A4325F6039F083C22303C . 2182400 . . [5.1.2600.3093] . . d:\windows\system32\ntoskrnl.exe
[-] 2007-02-28 . 7D6D19AAC51A4325F6039F083C22303C . 2182400 . . [5.1.2600.3093] . . d:\windows\system32\dllcache\ntoskrnl.exe
[-] 2007-02-28 . 7D6D19AAC51A4325F6039F083C22303C . 2182400 . . [5.1.2600.3093] . . d:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2007-02-28 . 7D6D19AAC51A4325F6039F083C22303C . 2182400 . . [5.1.2600.3093] . . d:\windows\ERDNT\cache\ntoskrnl.exe
[-] 2005-03-02 . 3E2A0A4A0C0B19FC113618A9562A3B2A . 2181632 . . [5.1.2600.2622] . . d:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 63729DD0F2AAE36CC52B89C05505146C . 2181376 . . [5.1.2600.2622] . . d:\windows\$hf_mig$\KB890859\SP2GDR\ntoskrnl.exe
[-] 2004-08-20 . 7D38CE4398E6AA6339B4644FEADCC0D8 . 2183040 . . [5.1.2600.2180] . . d:\windows\ServicePackFiles\i386\ntoskrnl.exe

[-] 2004-08-20 . 29D5E58FB089C41898A81BD4C8970F22 . 17408 . . [6.00.2900.2180] . . d:\windows\system32\powrprof.dll
[-] 2004-08-20 . 29D5E58FB089C41898A81BD4C8970F22 . 17408 . . [6.00.2900.2180] . . d:\windows\ERDNT\cache\powrprof.dll
[-] 2004-08-20 . 29D5E58FB089C41898A81BD4C8970F22 . 17408 . . [6.00.2900.2180] . . d:\windows\ServicePackFiles\i386\powrprof.dll

[-] 2004-08-20 . 58D439F6EF73A2D9288B204E819F4BBD . 186368 . . [5.1.2600.2180] . . d:\windows\system32\scecli.dll
[-] 2004-08-20 . 58D439F6EF73A2D9288B204E819F4BBD . 186368 . . [5.1.2600.2180] . . d:\windows\ERDNT\cache\scecli.dll
[-] 2004-08-20 . 58D439F6EF73A2D9288B204E819F4BBD . 186368 . . [5.1.2600.2180] . . d:\windows\ServicePackFiles\i386\scecli.dll

[-] 2004-08-20 . BB695F18354B38CFF693E67EE7A30C22 . 5120 . . [5.1.2600.2180] . . d:\windows\system32\sfc.dll
[-] 2004-08-20 . BB695F18354B38CFF693E67EE7A30C22 . 5120 . . [5.1.2600.2180] . . d:\windows\ERDNT\cache\sfc.dll
[-] 2004-08-20 . BB695F18354B38CFF693E67EE7A30C22 . 5120 . . [5.1.2600.2180] . . d:\windows\ServicePackFiles\i386\sfc.dll

[-] 2004-08-20 . 2979B03D5382A602623C0535B16AB9C0 . 14336 . . [5.1.2600.2180] . . d:\windows\system32\svchost.exe
[-] 2004-08-20 . 2979B03D5382A602623C0535B16AB9C0 . 14336 . . [5.1.2600.2180] . . d:\windows\ERDNT\cache\svchost.exe
[-] 2004-08-20 . 2979B03D5382A602623C0535B16AB9C0 . 14336 . . [5.1.2600.2180] . . d:\windows\ServicePackFiles\i386\svchost.exe

[-] 2005-07-08 . C9FA05D271A0066764FE75BE38E24D69 . 249344 . . [5.1.2600.2716] . . d:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . 720DA0C9DB8996AD9B7F5164B2242DAA . 249344 . . [5.1.2600.2716] . . d:\windows\$hf_mig$\KB893756\SP2GDR\tapisrv.dll
[-] 2005-07-08 . 720DA0C9DB8996AD9B7F5164B2242DAA . 249344 . . [5.1.2600.2716] . . d:\windows\system32\tapisrv.dll
[-] 2005-07-08 . 720DA0C9DB8996AD9B7F5164B2242DAA . 249344 . . [5.1.2600.2716] . . d:\windows\ERDNT\cache\tapisrv.dll
[-] 2004-08-20 . 5CC2A233DAC03CAF99D20B87598675CD . 246272 . . [5.1.2600.2180] . . d:\windows\ServicePackFiles\i386\tapisrv.dll

[-] 2007-03-08 . 4D88AAF39ADABFE45958EA1384E2C4FF . 579072 . . [5.1.2600.3099] . . d:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . 753354F594809A9B96F73999B435A533 . 578560 . . [5.1.2600.3099] . . d:\windows\system32\user32.dll
[-] 2007-03-08 . 753354F594809A9B96F73999B435A533 . 578560 . . [5.1.2600.3099] . . d:\windows\system32\dllcache\user32.dll
[-] 2007-03-08 . 753354F594809A9B96F73999B435A533 . 578560 . . [5.1.2600.3099] . . d:\windows\ERDNT\cache\user32.dll
[-] 2005-03-02 . C34920EB988CE98910BD6B0417F334EB . 578048 . . [5.1.2600.2622] . . d:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . 0DF75FB73F705B011630159A43D7C354 . 578048 . . [5.1.2600.2622] . . d:\windows\$hf_mig$\KB890859\SP2GDR\user32.dll
[-] 2004-08-20 . 61C8C283AD063BB697AE61A155C64A5A . 578048 . . [5.1.2600.2180] . . d:\windows\ServicePackFiles\i386\user32.dll

[-] 2004-08-20 . 84717891F0734C611721F56C60B5FBC3 . 25088 . . [5.1.2600.2180] . . d:\windows\system32\userinit.exe
[-] 2004-08-20 . 84717891F0734C611721F56C60B5FBC3 . 25088 . . [5.1.2600.2180] . . d:\windows\ERDNT\cache\userinit.exe
[-] 2004-08-20 . 84717891F0734C611721F56C60B5FBC3 . 25088 . . [5.1.2600.2180] . . d:\windows\ServicePackFiles\i386\userinit.exe

[-] 2007-10-10 . BC5119C53BDD48DABC628D448A3BDCCB . 824832 . . [7.00.6000.16574] . . d:\windows\system32\wininet.dll
[-] 2007-10-10 . BC5119C53BDD48DABC628D448A3BDCCB . 824832 . . [7.00.6000.16574] . . d:\windows\system32\dllcache\wininet.dll
[-] 2007-10-10 . BC5119C53BDD48DABC628D448A3BDCCB . 824832 . . [7.00.6000.16574] . . d:\windows\ERDNT\cache\wininet.dll
[-] 2007-10-10 . 871AE10D6AE8877E9636AE5017953D52 . 825344 . . [7.00.6000.20696] . . d:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[-] 2007-08-22 . 18048557AA56DE4B1955FDF7A21F9B24 . 663040 . . [6.00.2900.3199] . . d:\windows\ie7\wininet.dll
[-] 2007-08-22 . 4F6A45B54D26708E2C2BF2C43D83EDEA . 669696 . . [6.00.2900.3199] . . d:\windows\$hf_mig$\KB939653\SP2QFE\wininet.dll
[-] 2007-08-13 . A4A0FC92358F39538A6494C42EF99FE9 . 818688 . . [7.00.5730.13] . . d:\windows\ie7updates\KB942615-IE7\wininet.dll
[-] 2004-08-20 . 4E958B97EFC3D801F49283D1820F48B7 . 660480 . . [6.00.2900.2180] . . d:\windows\ServicePackFiles\i386\wininet.dll

[-] 2004-08-20 . EED74B969B2CA1ACC558FF60FB420E28 . 82944 . . [5.1.2600.2180] . . d:\windows\system32\ws2_32.dll
[-] 2004-08-20 . EED74B969B2CA1ACC558FF60FB420E28 . 82944 . . [5.1.2600.2180] . . d:\windows\ERDNT\cache\ws2_32.dll
[-] 2004-08-20 . EED74B969B2CA1ACC558FF60FB420E28 . 82944 . . [5.1.2600.2180] . . d:\windows\ServicePackFiles\i386\ws2_32.dll

[-] 2007-06-13 . D0288319660EDCFED07C7E74C4EA38A5 . 1037312 . . [6.00.2900.3156] . . d:\windows\explorer.exe
[-] 2007-06-13 . D0288319660EDCFED07C7E74C4EA38A5 . 1037312 . . [6.00.2900.3156] . . d:\windows\system32\dllcache\explorer.exe
[-] 2007-06-13 . D0288319660EDCFED07C7E74C4EA38A5 . 1037312 . . [6.00.2900.3156] . . d:\windows\ERDNT\cache\explorer.exe
[-] 2007-06-13 . B795475444D6D57A572C14B9E1A29839 . 1037312 . . [6.00.2900.3156] . . d:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2004-08-20 . 2A7BD330924252A2FD80344FC949BB72 . 1036288 . . [6.00.2900.2180] . . d:\windows\ServicePackFiles\i386\explorer.exe

[-] 2004-08-20 . CE978404558CE2D82896AC2032F06DBF . 171008 . . [5.1.2600.2180] . . d:\windows\system32\srsvc.dll
[-] 2004-08-20 . CE978404558CE2D82896AC2032F06DBF . 171008 . . [5.1.2600.2180] . . d:\windows\ERDNT\cache\srsvc.dll
[-] 2004-08-20 . CE978404558CE2D82896AC2032F06DBF . 171008 . . [5.1.2600.2180] . . d:\windows\ServicePackFiles\i386\srsvc.dll

[-] 2004-08-20 . 8558905BA81F6EFAAF9667139BB117DD . 13824 . . [5.1.2600.2180] . . d:\windows\system32\wscntfy.exe
[-] 2004-08-20 . 8558905BA81F6EFAAF9667139BB117DD . 13824 . . [5.1.2600.2180] . . d:\windows\ERDNT\cache\wscntfy.exe
[-] 2004-08-20 . 8558905BA81F6EFAAF9667139BB117DD . 13824 . . [5.1.2600.2180] . . d:\windows\ServicePackFiles\i386\wscntfy.exe

[-] 2004-08-20 . 912591E2055E26566D1CB54092A7E8B0 . 129536 . . [5.1.2600.2180] . . d:\windows\system32\xmlprov.dll
[-] 2004-08-20 . 912591E2055E26566D1CB54092A7E8B0 . 129536 . . [5.1.2600.2180] . . d:\windows\ERDNT\cache\xmlprov.dll
[-] 2004-08-20 . 912591E2055E26566D1CB54092A7E8B0 . 129536 . . [5.1.2600.2180] . . d:\windows\ServicePackFiles\i386\xmlprov.dll

[-] 2004-08-20 . 49B1376885340BF9EA0D99F71557B59A . 55808 . . [5.1.2600.2180] . . d:\windows\system32\eventlog.dll
[-] 2004-08-20 . 49B1376885340BF9EA0D99F71557B59A . 55808 . . [5.1.2600.2180] . . d:\windows\ERDNT\cache\eventlog.dll
[-] 2004-08-20 . 49B1376885340BF9EA0D99F71557B59A . 55808 . . [5.1.2600.2180] . . d:\windows\ServicePackFiles\i386\eventlog.dll

[-] 2004-08-20 . 6D8F3AC555E3F8A569AA9B2A817698C1 . 1548288 . . [5.1.2600.2180] . . d:\windows\system32\sfcfiles.dll
[-] 2004-08-20 . 6D8F3AC555E3F8A569AA9B2A817698C1 . 1548288 . . [5.1.2600.2180] . . d:\windows\ERDNT\cache\sfcfiles.dll
[-] 2004-08-20 . 6D8F3AC555E3F8A569AA9B2A817698C1 . 1548288 . . [5.1.2600.2180] . . d:\windows\ServicePackFiles\i386\sfcfiles.dll

[-] 2004-08-20 . 64E41E8FEE655B03E3F19DED21BA5118 . 15360 . . [5.1.2600.2180] . . d:\windows\system32\ctfmon.exe
[-] 2004-08-20 . 64E41E8FEE655B03E3F19DED21BA5118 . 15360 . . [5.1.2600.2180] . . d:\windows\ERDNT\cache\ctfmon.exe
[-] 2004-08-20 . 64E41E8FEE655B03E3F19DED21BA5118 . 15360 . . [5.1.2600.2180] . . d:\windows\ServicePackFiles\i386\ctfmon.exe

[-] 2006-12-19 . D7DFBD1EFA149EC158363B974DAE0C6B . 135168 . . [6.00.2900.3051] . . d:\windows\system32\shsvcs.dll
[-] 2006-12-19 . D7DFBD1EFA149EC158363B974DAE0C6B . 135168 . . [6.00.2900.3051] . . d:\windows\system32\dllcache\shsvcs.dll
[-] 2006-12-19 . D7DFBD1EFA149EC158363B974DAE0C6B . 135168 . . [6.00.2900.3051] . . d:\windows\ERDNT\cache\shsvcs.dll
[-] 2006-12-19 . 1839CDF416A5AA8BF2EFE377F57452CC . 135680 . . [6.00.2900.3051] . . d:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[-] 2004-08-20 . ABA25E49F6589FD73F1143FDC39A6B46 . 135168 . . [6.00.2900.2180] . . d:\windows\ServicePackFiles\i386\shsvcs.dll

[-] 2004-08-20 . B6F76CE10953A141545A0D01F1776885 . 59904 . . [5.1.2600.2180] . . d:\windows\system32\regsvc.dll
[-] 2004-08-20 . B6F76CE10953A141545A0D01F1776885 . 59904 . . [5.1.2600.2180] . . d:\windows\ERDNT\cache\regsvc.dll
[-] 2004-08-20 . B6F76CE10953A141545A0D01F1776885 . 59904 . . [5.1.2600.2180] . . d:\windows\ServicePackFiles\i386\regsvc.dll

[-] 2004-08-20 . A65E74CC5831CED5762AA16033ED20EE . 193024 . . [5.1.2600.2180] . . d:\windows\system32\schedsvc.dll
[-] 2004-08-20 . A65E74CC5831CED5762AA16033ED20EE . 193024 . . [5.1.2600.2180] . . d:\windows\ERDNT\cache\schedsvc.dll
[-] 2004-08-20 . A65E74CC5831CED5762AA16033ED20EE . 193024 . . [5.1.2600.2180] . . d:\windows\ServicePackFiles\i386\schedsvc.dll

[-] 2004-08-20 . DCB185C829538971E47AFFE77BA138C3 . 71680 . . [5.1.2600.2180] . . d:\windows\system32\ssdpsrv.dll
[-] 2004-08-20 . DCB185C829538971E47AFFE77BA138C3 . 71680 . . [5.1.2600.2180] . . d:\windows\ERDNT\cache\ssdpsrv.dll
[-] 2004-08-20 . DCB185C829538971E47AFFE77BA138C3 . 71680 . . [5.1.2600.2180] . . d:\windows\ServicePackFiles\i386\ssdpsrv.dll

[-] 2004-08-20 . 78F90C3E230AD122BCB116ABAD5FEFE9 . 297984 . . [5.1.2600.2180] . . d:\windows\system32\termsrv.dll
[-] 2004-08-20 . 78F90C3E230AD122BCB116ABAD5FEFE9 . 297984 . . [5.1.2600.2180] . . d:\windows\ERDNT\cache\termsrv.dll
[-] 2004-08-20 . 78F90C3E230AD122BCB116ABAD5FEFE9 . 297984 . . [5.1.2600.2180] . . d:\windows\ServicePackFiles\i386\termsrv.dll

[-] 2004-08-20 . 7E9D138DC991BCCE6E6026CD74E69CC4 . 176640 . . [5.1.2600.2180] . . d:\windows\system32\appmgmts.dll
[-] 2004-08-20 . 7E9D138DC991BCCE6E6026CD74E69CC4 . 176640 . . [5.1.2600.2180] . . d:\windows\ERDNT\cache\appmgmts.dll
[-] 2004-08-20 . 7E9D138DC991BCCE6E6026CD74E69CC4 . 176640 . . [5.1.2600.2180] . . d:\windows\ServicePackFiles\i386\appmgmts.dll

[-] 2001-08-28 . E4ABC1212B70BB03D35E60681C447210 . 12032 . . [5.1.2600.0] . . d:\windows\system32\drivers\acpiec.sys
[-] 2001-08-28 . E4ABC1212B70BB03D35E60681C447210 . 12032 . . [5.1.2600.0] . . d:\windows\ERDNT\cache\acpiec.sys

[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . d:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . d:\windows\system32\drivers\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . d:\windows\Driver Cache\i386\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . d:\windows\ERDNT\cache\aec.sys
[-] 2004-08-04 06:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . d:\windows\ServicePackFiles\i386\aec.sys

[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . d:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . d:\windows\system32\dllcache\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . d:\windows\ERDNT\cache\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . d:\windows\ServicePackFiles\i386\ip6fw.sys

[-] 2006-11-01 19:18 . FCD58951B3B2392007E0EE34D2CF944F . 927504 . . [4.1.0.61] . . d:\windows\system32\mfc40u.dll
[-] 2006-11-01 19:18 . FCD58951B3B2392007E0EE34D2CF944F . 927504 . . [4.1.0.61] . . d:\windows\system32\dllcache\mfc40u.dll
[-] 2006-11-01 19:18 . FCD58951B3B2392007E0EE34D2CF944F . 927504 . . [4.1.0.61] . . d:\windows\ERDNT\cache\mfc40u.dll

[-] 2004-08-20 . DE71362123E81D268088E78543752576 . 33792 . . [5.1.2600.2180] . . d:\windows\system32\msgsvc.dll
[-] 2004-08-20 . DE71362123E81D268088E78543752576 . 33792 . . [5.1.2600.2180] . . d:\windows\ERDNT\cache\msgsvc.dll
[-] 2004-08-20 . DE71362123E81D268088E78543752576 . 33792 . . [5.1.2600.2180] . . d:\windows\ServicePackFiles\i386\msgsvc.dll

[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . d:\windows\system32\MsPMSNSv.dll
[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . d:\windows\ERDNT\cache\MsPMSNSv.dll
[-] 2005-01-28 12:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . d:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-20 00:09 . 535D54D2AF721A3497F058CAA2C63447 . 52736 . . [9.0.1.56] . . d:\windows\ServicePackFiles\i386\mspmsnsv.dll

[-] 2007-02-28 . 7A56A64EB50399613587E90292DD2AAB . 2061440 . . [5.1.2600.3093] . . d:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 . A1D5231403329478AE4FE2778C55C77F . 2059648 . . [5.1.2600.3093] . . d:\windows\system32\ntkrnlpa.exe
[-] 2007-02-28 . A1D5231403329478AE4FE2778C55C77F . 2059648 . . [5.1.2600.3093] . . d:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2007-02-28 . A1D5231403329478AE4FE2778C55C77F . 2059648 . . [5.1.2600.3093] . . d:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2007-02-28 . A1D5231403329478AE4FE2778C55C77F . 2059648 . . [5.1.2600.3093] . . d:\windows\ERDNT\cache\ntkrnlpa.exe
[-] 2005-03-02 . 5311776074B6C13F983DC75BAEAC9C0C . 2059008 . . [5.1.2600.2622] . . d:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2005-03-02 . 73FA9C95D235844A36968C7852C7DBDD . 2058880 . . [5.1.2600.2622] . . d:\windows\$hf_mig$\KB890859\SP2GDR\ntkrnlpa.exe
[-] 2004-08-20 . F252FAE094C54572ECE38A039F2103C4 . 2058880 . . [5.1.2600.2180] . . d:\windows\ServicePackFiles\i386\ntkrnlpa.exe

[-] 2004-08-20 00:09 . 951543FFB84012D13F4CB09DA2EACE96 . 438272 . . [5.1.2400.2180] . . d:\windows\system32\ntmssvc.dll
[-] 2004-08-20 00:09 . 951543FFB84012D13F4CB09DA2EACE96 . 438272 . . [5.1.2400.2180] . . d:\windows\ERDNT\cache\ntmssvc.dll
[-] 2004-08-20 00:09 . 951543FFB84012D13F4CB09DA2EACE96 . 438272 . . [5.1.2400.2180] . . d:\windows\ServicePackFiles\i386\ntmssvc.dll

[-] 2007-02-05 . 385DB2591BF11955F26E0A97728B1B31 . 185344 . . [5.1.2600.3077] . . d:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . 96B3C690ED82E36E04C130F916E3AE91 . 185344 . . [5.1.2600.3077] . . d:\windows\system32\upnphost.dll
[-] 2007-02-05 . 96B3C690ED82E36E04C130F916E3AE91 . 185344 . . [5.1.2600.3077] . . d:\windows\system32\dllcache\upnphost.dll
[-] 2007-02-05 . 96B3C690ED82E36E04C130F916E3AE91 . 185344 . . [5.1.2600.3077] . . d:\windows\ERDNT\cache\upnphost.dll
[-] 2004-08-20 . 0B6A726C2DE9BBB80A48459F0C318F44 . 185344 . . [5.1.2600.2180] . . d:\windows\ServicePackFiles\i386\upnphost.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-11-17_18.26.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-17 19:58 . 2009-11-17 19:58 16384 d:\windows\temp\Perflib_Perfdata_7e0.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="d:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"TomTomHOME.exe"="d:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-08-07 247144]
"BitTorrent DNA"="d:\program files\DNA\btdna.exe" [2009-11-13 323392]
"SUPERAntiSpyware"="d:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-13 2001648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"ATICCC"="d:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2005-10-28 155648]
"AdobeCS4ServiceManager"="d:\program files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"TkBellExe"="d:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-07-04 198160]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Malwarebytes Anti-Malware (reboot)"="d:\program files\Malwarebytes'\mbam.exe" [2009-09-10 1312080]
"avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

d:\documents and settings\HarryPotter\Menu D‚marrer\Programmes\D‚marrage\
Yahoo! Widgets.lnk - d:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]

d:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - d:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2009-11-11 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-11-11 11:45 548352 ----a-w- d:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=d:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=d:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Program Files\\Fichiers communs\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"d:\\Program Files\\DNA\\btdna.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 pctmp;PC Tools Firewall Memory Protection Driver;d:\windows\system32\drivers\pctmp.sys [10/01/2008 18:05 40856]
R1 pctssipc;PC Tools Security Suite IPC Driver;d:\windows\system32\drivers\pctssipc.sys [10/01/2008 18:05 18328]
R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 13:53 9968]
R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [27/02/2007 12:39 74480]
R1 SSHDRV76;SSHDRV76;d:\windows\system32\drivers\SSHDRV76.sys [09/07/2009 21:28 53760]
R1 SSHDRV85;SSHDRV85;d:\windows\system32\drivers\SSHDRV85.sys [26/08/2009 13:59 78848]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;d:\program files\Avira\AntiVir Desktop\sched.exe [17/11/2009 07:32 108289]
R2 TomTomHOMEService;TomTomHOMEService;d:\program files\TomTom HOME 2\TomTomHOMEService.exe [07/08/2009 16:31 92008]
R3 SASENUM;SASENUM;d:\program files\SUPERAntiSpyware\SASENUM.SYS [16/02/2006 17:51 4096]
S2 gupdate1c987c68a1a6ad2;Google Update Service (gupdate1c987c68a1a6ad2);d:\program files\Google\Update\GoogleUpdate.exe [05/02/2009 20:18 133104]
S3 ASPI;Advanced SCSI Programming Interface Driver;d:\windows\system32\drivers\ASPI32.SYS [21/03/2008 11:21 16512]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - mbr
.
Contenu du dossier 'Tâches planifiées'

2009-11-17 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2009-02-05 19:18]

2009-11-17 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2009-02-05 19:18]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.fr/
mWindow Title =
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://www.msnjeux.com/online2/MSN_INTL_FRANCE/zuma/zylomgamesplayer.cab
DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab
DPF: {E1342154-4889-42B5-BEF6-19237577048F} - hxxp://msnfr.oberon-media.com/online2/MSN_INTL_FRANCE/zuma/oberongamesloader.cab
FF - ProfilePath - d:\documents and settings\HarryPotter\Application Data\Mozilla\Firefox\Profiles\ju8usffo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: d:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: d:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: d:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npgcplug.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npicdclient.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: d:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: d:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: d:\windows\System32\Rawflow\npicdclient.dll

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-17 20:59
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1220945662-1454471165-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ca,52,88,28,7e,e2,3b,cc,c1,67,08,e3,6d,b8,5d,e5,22,47,8e,7c,29,35,9c,
86,51,fd,e6,50,2f,11,c1,3d,22,1d,33,fe,e1,6f,ed,fb,b7,00,56,74,2d,31,ff,ca,\
"??"=hex:54,91,eb,dd,75,18,da,c3,ed,6e,dd,e8,34,bd,c8,e3

[HKEY_USERS\S-1-5-21-1220945662-1454471165-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:40,c3,69,56,1c,b0,e8,6b,41,db,1d,8b,81,cd,fc,51,25,e6,ef,5f,57,
78,74,5f,1b,68,99,a9,60,b1,62,26,25,03,65,8f,c7,7b,f1,e4,f9,06,8b,4b,38,83,\
"rkeysecu"=hex:b3,a6,db,3c,87,0c,3e,99,24,5e,0d,1c,06,b7,47,de
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(912)
d:\program files\SUPERAntiSpyware\SASWINLO.DLL
d:\windows\system32\Ati2evxx.dll
d:\program files\Fichiers communs\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(3368)
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
d:\windows\system32\Ati2evxx.exe
d:\program files\PC Tools Firewall Plus\FWService.exe
d:\windows\system32\Ati2evxx.exe
d:\program files\Lavasoft\Ad-Aware\aawservice.exe
d:\program files\Avira\AntiVir Desktop\avguard.exe
d:\windows\System32\dllhost.exe
d:\windows\System32\CTsvcCDA.EXE
d:\program files\Java\jre6\bin\jqs.exe
d:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
d:\program files\Analog Devices\SoundMAX\SMAgent.exe
.
**************************************************************************
.
Heure de fin: 2009-11-17 21:04 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-11-17 20:04
ComboFix2.txt 2009-11-17 18:32

Avant-CF: 15 325 921 280 octets libres
Après-CF: 15 307 210 752 octets libres

- - End Of File - - CD5ABEE38FB5BD0A2C31B6F0455165B7
0
Réponse 14 / 17
mmmmmmmmm
 
je suis dsl, lol, c'est un peu le bazard pour moi tout ça!!!
0
Réponse 15 / 17
mmmmmmmmm
 
maintenait usbfix fonctionne et j'obtiens ceci:

############################## | UsbFix V6.054 |

User : HarryPotter () # DUMBLEDORE
Update on 17/11/2009 by Chiquitine29, C_XX & Chimay8
Start at: 21:11:51 | 17/11/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

AMD Sempron(TM) 2500+
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 7.0.5730.13
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.26 [ (!) Disabled | (!) Outdated ]
FW : PC Tools Firewall Plus[ Enabled ]3.0.0

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 17,74 Go (7,59 Go free) # NTFS
D:\ -> Disque fixe local # 58,57 Go (14,29 Go free) [DISQUE LOCA] # FAT32
E:\ -> Disque CD-ROM # 0 Mo (0 Mo free) [Audio CD] # CDFS
F:\ -> Disque CD-ROM
G:\ -> Disque CD-ROM
H:\ -> Disque amovible # 7,73 Go (1,31 Go free) [M450] # FAT32

############################## | Processus actifs |

D:\WINDOWS\System32\smss.exe 752
D:\WINDOWS\system32\csrss.exe 880
D:\WINDOWS\system32\winlogon.exe 912
D:\WINDOWS\system32\services.exe 956
D:\WINDOWS\system32\lsass.exe 976
D:\WINDOWS\system32\Ati2evxx.exe 1156
D:\WINDOWS\system32\svchost.exe 1188
D:\Program Files\PC Tools Firewall Plus\FWService.exe 1292
D:\WINDOWS\system32\svchost.exe 1360
D:\WINDOWS\system32\svchost.exe 1572
D:\WINDOWS\system32\Ati2evxx.exe 1688
D:\WINDOWS\System32\svchost.exe 1720
D:\WINDOWS\system32\svchost.exe 1892
D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe 1996
D:\Program Files\QuickTime\qttask.exe 1040
D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe 1216
D:\Program Files\Java\jre6\bin\jusched.exe 1244
D:\WINDOWS\system32\spoolsv.exe 1376
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe 1400
D:\Program Files\Windows Live\Messenger\msnmsgr.exe 1504
D:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe 1540
D:\Program Files\DNA\btdna.exe 1656
D:\Program Files\Avira\AntiVir Desktop\sched.exe 1696
D:\Program Files\Avira\AntiVir Desktop\avguard.exe 592
D:\WINDOWS\System32\dllhost.exe 684
D:\WINDOWS\System32\CTsvcCDA.EXE 840
D:\Program Files\Java\jre6\bin\jqs.exe 2016
D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 2236
D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe 2384
D:\WINDOWS\System32\svchost.exe 2588
D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe 2612
D:\WINDOWS\System32\alg.exe 2264
D:\WINDOWS\system32\svchost.exe 3968
D:\WINDOWS\explorer.exe 3368
D:\WINDOWS\system32\notepad.exe 3352
D:\Program Files\Mozilla Firefox\firefox.exe 3112
D:\WINDOWS\System32\wbem\wmiprvse.exe 340

################## | Fichiers # Dossiers infectieux |

D:\WINDOWS\nigzss.txt

################## | Registre # Clés infectieuses |

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

################## | Registre # Mountpoints2 |

################## | Cracks / Keygens / Serials |

################## | ! Fin du rapport # UsbFix V6.054 ! |
0
Réponse 16 / 17
Utilisateur anonyme
 
le topic n a pas ete supprimé je pense que tu l'as perdu car c'est un connaiseur qui t'a fait executer CFScript
0
Réponse 17 / 17
^^Marie^^ Messages postés 126523 Date d'inscription   Statut Membre Dernière intervention   3 279
 
Bonsoir

Continue sur ta discussion initiale et merci d'éviter les changements de pseudos
https://forums.commentcamarche.net/forum/affich-15242413-virus

+
0

Discussions similaires

SVCHOST.EXE --> Lag
Mike -
Xasher -

70 réponses
Svchost s'ouvre treize fois , normal ou pas ?
Arnold0 -
chossette9 -

6 réponses
svchost intempestif
moijdik -
fabul -

5 réponses
Infection svchost.exe !! Que faire ?
truman23 -
truman23 -

18 réponses
svchost.exe (secsvcs)
kiteroy -
Daemon -

31 réponses