Bonjour, Je me suis retrouvée sur un site douteux à cause d'un lien stupide hier et depuis mon ordi subit des bug incessants. Tout s'arrête, je ne peux plus rien faire et je suis obligée de l'éteindre pour le rallumer ! Que dois je faire s'il vous plait ?? Mon anti virus Bit defender, n'a pas le temps de finir ses analyses à chaque fois et donc impossible de virer le virus..

bonsoir si la solution mode sans echec echoue fais ceci stp • Télécharge Random's System Information Tool (RSIT) de Random/Random. (outil de diagnostic) http://images.malwareremoval.com/random/RSIT.exe • Enregistre le sur ton Bureau. • Double clique sur RSIT.exe pour lancer l'outil. • Clique sur "Continue" à l'écran Disclaimer. • Si l'outil HijackThis n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu s'il te le demande) et tu devras accepter la licence. • Une fois le scan terminé, deux rapports vont apparaître : poste les dans deux messages séparés stp Les rapports se trouvent à cet endroit: C:\rsit\info.txt C:\rsit\log.txt

Gros virus !!!!

Réponse 21 / 47

nomdemprunt12 Messages postés 36 Statut Membre

Kill'em by g3n-h@ckm@n 1.2.5.1

User : itech ()
Update on 15/02/2010 by g3n-h@ckm@n ::::: 20.00
Start at: 10:36:56 | 17/02/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7

Genuine Intel(R) CPU T1600 @ 1.66GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 6.0.2900.5512
Windows Firewall Status : Enabled
AV : BitDefender Antivirus 12.0 [ (!) Disabled | Updated ]
FW : BitDefender Firewall[ (!) Disabled ]12.0

C:\ -> Disque fixe local | 232,88 Go (126,34 Go free) | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\AccelerometerSt.Exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\All Users\Bureau\List_Kill'em\List_Kill'em.scr
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\itech\Local Settings\Temp\39.tmp\ERUNT.EXE
C:\Documents and Settings\itech\Local Settings\Temp\39.tmp\pv.exe

Detections :
==========

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Quarantined & Deleted !! : C:\Program Files\DAEMON Tools Toolbar
Quarantined & Deleted !! : C:\Program Files\FunWebProducts
Quarantined & Deleted !! : C:\WINDOWS\002981_.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET29.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET3.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET4.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET8.tmp

Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Quarantined & Deleted !! : C:\Documents and Settings\itech\application data\D2Info3
Quarantined & Deleted !! : C:\Documents and Settings\itech\application data\DofusAppId3_1
Quarantined & Deleted !! : C:\Documents and Settings\itech\Application Data\advantage
Quarantined & Deleted !! : C:\Documents and Settings\itech\Application Data\app
Quarantined & Deleted !! : C:\Documents and Settings\itech\Local Settings\Temp\dw.log
Quarantined & Deleted !! : C:\Documents and Settings\itech\Local Settings\Temp\kds.xml
Quarantined & Deleted !! : C:\Documents and Settings\itech\Local Settings\Temp\reg.xml
Quarantined & Deleted !! : C:\Documents and Settings\itech\Local Settings\Temp\VP6.reg
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\AdobeAIRInstaller.exe
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\AutoRun.exe
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\B33C11F5-3A11-4f1e-85E4-C3CABE52C369.exe
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\First15.exe
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\jre-6u15-windows-i586-iftw.exe
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\MsgPlusUninstall.exe
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\ose00000.exe
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\pacificpokersetup.exe
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\VP6Install.exe
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\wlsetup-cvr.exe
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\_is148.exe
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\_is372.exe
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\_is3D7.exe
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\Perflib_Perfdata_11c.dat
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\Perflib_Perfdata_144.dat
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\Perflib_Perfdata_198.dat
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\Perflib_Perfdata_1ac.dat
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\Perflib_Perfdata_1d8.dat
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\Perflib_Perfdata_220.dat
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\Perflib_Perfdata_330.dat
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\Perflib_Perfdata_4d0.dat
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\Perflib_Perfdata_5bc.dat
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\Perflib_Perfdata_664.dat
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\Perflib_Perfdata_690.dat
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\Perflib_Perfdata_69c.dat
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\Perflib_Perfdata_6f0.dat
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\Perflib_Perfdata_718.dat
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\Perflib_Perfdata_728.dat
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\Perflib_Perfdata_750.dat
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\Perflib_Perfdata_754.dat
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\Perflib_Perfdata_75c.dat
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\Perflib_Perfdata_8a4.dat
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\Perflib_Perfdata_920.dat
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\Perflib_Perfdata_934.dat
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\Perflib_Perfdata_944.dat
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\Perflib_Perfdata_ab8.dat
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\Perflib_Perfdata_afc.dat
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\Perflib_Perfdata_ccc.dat
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\Perflib_Perfdata_cf8.dat
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\Perflib_Perfdata_d28.dat
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\Perflib_Perfdata_db8.dat
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\Perflib_Perfdata_dc.dat
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\Perflib_Perfdata_ddc.dat
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\Perflib_Perfdata_df8.dat
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\Perflib_Perfdata_fc.dat
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\report.dat
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\ASco.dll
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\AutoRunGUI.dll
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\CmdLineExt02.dll
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\EReg2HWDetect.dll
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\sfamcc00001.dll
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\sfextra.dll
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\SIntf16.dll
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\SIntf32.dll
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\SIntfNT.dll
Quarantined & Deleted !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\VP6VFW.dll

==============
host file OK !
==============

========
Registry
========

Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Deleted : "HKCU\Software\Grand Virtual"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
========
Services
=========

Ndisuio : Start = 3
EapHost : Start = 2
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2

============
Disk Cleaned
============

=================
anti-ver blaster : OK !!
=================

================
Prefetch cleaned
================

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Réponse 22 / 47

nomdemprunt12 Messages postés 36 Statut Membre

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Réponse 23 / 47

nomdemprunt12 Messages postés 36 Statut Membre

et donc là maintenant ??

Dites moi que j'ai finit....

Réponse 24 / 47

moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274

non je vaios pas encore le dire

tu es (et était ) multi infectée...et donc pas mal de manip

1)

pour vérifier la bonne opération de killem

relances le option 1

.................

2)

traces d'infection lop

Téléchargez Lop S&D.exe sur le Bueau

https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
Certaines infections bloquent les telechargements d' outils de desinfection utilisez ce lien alternatif:
http://ww38.toofiles.com/fr/oip/documents/exe/yop4.html

Lop S&D est détecté par certains antivirus : il ne s'agit pas d'un virus (faux positif), mais d'un utilitaire destiné à mettre fin à des processus. Dans le cas d'une alerte de la part de votre antivirus, veuillez désactiver votre antivirus pendant la procédure

* Double-cliquez dessus pour lancer l'installation
* Puis double-cliquez sur le raccourci Lop S&D présent sur le Bureau
* Séléctionnez la langue souhaitée, puis choisir l'option 1 (Recherche)
* Patientez jusqu'à la fin du scan
* Postez le rapport généré sur un forum(C:\lopR.txt)

Réponse 25 / 47

nomdemprunt12 Messages postés 36 Statut Membre

d'accord... je fais tout ça ce soir en rentrant !!

je dois y aller..

et après avoir refait l'option 1, je vous renvoies le rapport ou pas ?

Réponse 26 / 47

moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274

oui

les rapports sont mes yeux sur ton pc

avant que tu partes, constates tu une amélioration ?

Réponse 27 / 47

nomdemprunt12 Messages postés 36 Statut Membre

ça marche je ferais tout ça !

bah pas vraiment... je viens d'avoir un bug pas plus tard qu'il y a 5 minutes.. un peu frustrant.. mais je perds pas espoir !

Réponse 28 / 47

nomdemprunt12 Messages postés 36 Statut Membre

List'em by g3n-h@ckm@n 1.2.5.1

User : itech ()
Update on 15/02/2010 by g3n-h@ckm@n ::::: 20.00
Start at: 21:15:24 | 17/02/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7

Genuine Intel(R) CPU T1600 @ 1.66GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 6.0.2900.5512
Windows Firewall Status : Enabled
AV : BitDefender Antivirus 12.0 [ (!) Disabled | Updated ]
FW : BitDefender Firewall[ (!) Disabled ]12.0

C:\ -> Disque fixe local | 232,88 Go (129,27 Go free) | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Bureau\List_Kill'em\List_Kill'em.scr
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\itech\Local Settings\Temp\3.tmp\pv.exe

======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
LightScribe Control Panel REG_SZ C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
DAEMON Tools Lite REG_SZ "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SoundMAXPnP REG_SZ C:\Program Files\Analog Devices\Core\smax4pnp.exe
SoundMAX REG_SZ C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
IgfxTray REG_SZ C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds REG_SZ C:\WINDOWS\system32\hkcmd.exe
Persistence REG_SZ C:\WINDOWS\system32\igfxpers.exe
AccelerometerSysTrayApplet REG_SZ C:\WINDOWS\system32\AccelerometerSt.Exe
IAAnotif REG_SZ C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
QlbCtrl.exe REG_SZ C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
Cpqset REG_SZ C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HP Software Update REG_SZ C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
PDF Complete REG_SZ C:\Program Files\PDF Complete\pdfsty.exe
hpWirelessAssistant REG_SZ C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
WatchDog REG_SZ C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
Broadcom Wireless Manager UI REG_SZ C:\WINDOWS\system32\WLTRAY.exe
BitDefender Security Center REG_SZ "C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe" /init
BDAgent REG_SZ "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
BitDefender Antiphishing Helper REG_SZ "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
Mouse Suite 98 Daemon REG_SZ ICO.EXE
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
[webwiz] REG_SZ "C:\PROGRA~1\_WEBWI~1\WEBWIZ~1.EXE"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 255 (0xff)
NoDriveAutoRun REG_DWORD 255 (0xff)
HonorAutoRunSetting REG_DWORD 0 (0x0)

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 0 (0x0)
NoCDBurning REG_DWORD 0 (0x0)
NoDriveAutoRun REG_DWORD 255 (0xff)
NoDriveTypeAutoRun REG_DWORD 255 (0xff)

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultDomainName REG_SZ ITECH-B9EADEE94
DefaultUserName REG_SZ itech
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 1 (0x1)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 0 (0x0)
AltDefaultUserName REG_SZ itech
AltDefaultDomainName REG_SZ ITECH-B9EADEE94
ChangePasswordUseKerberos REG_DWORD 1 (0x1)

===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE REG_SZ C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
C:\Program Files\uTorrent\uTorrent.exe REG_SZ C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
C:\Program Files\Skype\Phone\Skype.exe REG_SZ C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
C:\Program Files\Bonjour\mDNSResponder.exe REG_SZ C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
C:\Program Files\Simplify Media\SimplifyMedia.exe REG_SZ C:\Program Files\Simplify Media\SimplifyMedia.exe:*:Enabled:Simplify Media
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe REG_SZ C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\ma-config.com\maconfservice.exe REG_SZ C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice
C:\Program Files\GigaTribe\gigatribe.exe REG_SZ C:\Program Files\GigaTribe\gigatribe.exe:*:Enabled:GigaTribe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

===============
ActivX controls
===============
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{20A60F0D-9AFA-4515-A0FD-83BD84642501}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4871A87A-BFDD-4106-8153-FFDE2BAC2967}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}

===============
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5056b317-8d4c-43ee-8543-b9d1e234b8f4}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}

==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x2 ( OK = 2 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )

=========
Atapi.sys
=========

%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Documents and Settings\itech\Local Settings\Temp\3.tmp
## C:\> hashdeep C:\WINDOWS\System32\Drivers\atapi.sys
##
96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\System32\Drivers\atapi.sys

Sources
=======

C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
C:\WINDOWS\ServicePackFiles\i386\atapi.sys
C:\WINDOWS\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\atapi.sys
C:\WINDOWS\system32\drivers\atapi.sys

Référence :
==========

Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C

=======
Drive :
=======

D‚fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

Rapport d'analyse
233 Go total, 129 Go libre (55%), 9% fragment‚ (fragmentation du fichier 18%)

Il ne vous est pas n‚cessaire de d‚fragmenter ce volume.

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Present !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\Perflib_Perfdata_674.dat
Present !! : C:\Documents and Settings\itech\LOCAL Settings\Temp\catchme.dll

¤¤¤¤¤¤¤¤¤¤ Keys :

============

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-17 21:20:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:1d,83,a0,4b,eb,72,6e,ee,90,b8,87,3a,81,a2,04,bd,6d,8d,76,14,96,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,80,6c,d7,7a,57,a9,da,cf,f0,fa,03,74,14,e6,35,d4,d6,..
"hdf12"=hex:7e,c4,e3,8d,2a,48,ff,f1,31,9d,95,93,94,1b,37,ef,3e,4f,42,08,2f,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:74,a2,93,8c,5e,cb,27,b8,b3,2d,ed,5e,13,eb,5a,07,5b,33,04,cb,32,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1]
"hdf12"=hex:fa,2f,72,80,fe,b7,d5,b8,5d,90,19,10,82,03,f8,d5,06,52,51,60,4c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:1d,83,a0,4b,eb,72,6e,ee,90,b8,87,3a,81,a2,04,bd,6d,8d,76,14,96,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,80,6c,d7,7a,57,a9,da,cf,f0,fa,03,74,14,e6,35,d4,d6,..
"hdf12"=hex:7e,c4,e3,8d,2a,48,ff,f1,31,9d,95,93,94,1b,37,ef,3e,4f,42,08,2f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:74,a2,93,8c,5e,cb,27,b8,b3,2d,ed,5e,13,eb,5a,07,5b,33,04,cb,32,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1]
"hdf12"=hex:fa,2f,72,80,fe,b7,d5,b8,5d,90,19,10,82,03,f8,d5,06,52,51,60,4c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:1d,83,a0,4b,eb,72,6e,ee,90,b8,87,3a,81,a2,04,bd,6d,8d,76,14,96,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,80,6c,d7,7a,57,a9,da,cf,f0,fa,03,74,14,e6,35,d4,d6,..
"hdf12"=hex:7e,c4,e3,8d,2a,48,ff,f1,31,9d,95,93,94,1b,37,ef,3e,4f,42,08,2f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:74,a2,93,8c,5e,cb,27,b8,b3,2d,ed,5e,13,eb,5a,07,5b,33,04,cb,32,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1]
"hdf12"=hex:fa,2f,72,80,fe,b7,d5,b8,5d,90,19,10,82,03,f8,d5,06,52,51,60,4c,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll ACPI.sys iaStor.sys spdk.sys >>UNKNOWN [0x8ACA6938]<<
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x01D1C06C0
malicious code @ sector 0x01D1C06C3 !
PE file found in sector at 0x01D1C06D9 !

==========
Programs
==========

7-Zip
Adobe
advantage
Ahead
Analog Devices
Audacity
BitDefender
Bonjour
Broadcom
Camgoo
CCleaner
CDBurnerXP
City Interactive
Combined Community Codec Pack
ComPlus Applications
DAEMON Tools Lite
DivX
EA GAMES
Electronic Arts
Fichiers communs
Free Easy Burner
GigaTribe
Google
Hewlett-Packard
Hp
HP Optical USB Mobile Mouse
HP Webcam Application
HPQ
InstallShield Installation Information
Intel
Internet Explorer
InterVideo
Java
JRE
ma-config.com
Marvell
Messenger
Messenger Plus! Live
Microsoft
microsoft frontpage
Microsoft Games
Microsoft Office
Microsoft Visual Studio
Microsoft Works
Microsoft WSE
Microsoft.NET
Movie Maker
Mozilla Firefox
MSBuild
MSN
MSN Gaming Zone
MSXML 4.0
MSXML 6.0
MyWebSearch
NetMeeting
Online Services
OpenOffice.org 3
Outlook Express
PacificPoker
PDF Complete
Project64 1.6
Reference Assemblies
Rockstar Games
Roxio
SCM Microsystems
Services en ligne
Skype
SoundSpectrum
SpeedFan
Synaptics
trend micro
Ubisoft
Uninstall Information
uTorrent
VideoLAN
Windows Live
Windows Live SkyDrive
Windows Media Connect 2
Windows Media Player
Windows NT
WindowsUpdate
WinRAR
WorldOfGoo
xerox
Zylom Games

============
Drive C:
============

76501249bd9057dcbf8d203a4369d9
AUTOEXEC.BAT
autorun.inf
bcmwl5.log
boot.ini
Bootfont.bin
chicony.log
CONFIG.SYS
Documents and Settings
esuinst.log
esu_xpsp2.log
HSC.log
httpdwl.dat
Intel
intel_chipset.log
intel_msm.log
IO.SYS
Kill'em
Kill'em.txt
LANG.INI
List'em.txt
mcafee_wl.log
MSDOS.SYS
MSOCache
NTDETECT.COM
ntldr
orange.bmp
pagefile.sys
pdfco.log
Program Files
RECYCLER
rsit
sedinst2.log
setup.log
sunjava.log
SWSetup
syntpad.log
System Volume Information
SYSTEM.SAV
UsbFix.txt
UsbFix_Upload_Me_ITECH-B9EADEE94.zip
WhiteCap_JMC.dll
WINDOWS

¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

End of scan : 21:36:51,40

Réponse 29 / 47

moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274

ce n'est suffisant...

Attention, avant de commencer, lit attentivement la procédure, et imprime la

Télécharge ComboFix de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et DESACTIVES TOUTES LES DEFENSES, antivirus et antispyware y compris /!\

---> Double-clique sur ComboFix.exe
Un "pop-up" va apparaître qui dit que ComboFix est utilisé à vos risques et avec aucune garantie... Clique sur oui pour accepter

SURTOUT INSTALLES LA CONSOLE DE RECUPERATION
(s'il te propose de l'intaller, remets provisoirement internet)

Voici le tutoriel officiel de Bleeping Computer pour savoir l utiliser :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

Ne touche à rien(souris, clavier) tant que le scan n'est pas terminé, car tu risques de planter ton PC

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt

Réponse 30 / 47

nomdemprunt12 Messages postés 36 Statut Membre

oups avant ça je te file le second scan avec lop S&D

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Genuine Intel(R) CPU T1600 @ 1.66GHz )
BIOS : Default System BIOS
USER : itech ( Administrator )
BOOT : Normal boot
Antivirus : BitDefender Antivirus 12.0 (Not Activated)
Firewall : BitDefender Firewall 12.0 (Not Activated)
C:\ (Local Disk) - NTFS - Total:232 Go (Free:126 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 17/02/2010|21:43 )

--------------------\\ Listing des dossiers dans APPLIC~1

[13/05/2009|20:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\2DBoy
[20/12/2009|11:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[05/08/2009|13:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[31/03/2009|09:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BitDefender
[07/10/2009|18:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Canneverbe Limited
[23/06/2009|10:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DAEMON Tools Lite
[16/01/2010|20:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Fugazo
[14/03/2009|15:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
[16/02/2010|22:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ma-config.com
[31/03/2009|09:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
[16/08/2009|21:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[09/02/2010|21:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[17/02/2010|10:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[14/03/2009|14:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Roxio
[14/03/2009|15:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
[27/05/2009|18:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[14/03/2009|14:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
[16/02/2010|17:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[14/03/2009|14:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Uninstall
[27/04/2009|12:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[27/04/2009|14:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[26/11/2009|21:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

[20/12/2009|11:37] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[14/03/2009|14:07] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[15/02/2010|20:49] C:\DOCUME~1\HELPAS~1\APPLIC~1\Adobe
[15/02/2010|21:35] C:\DOCUME~1\HELPAS~1\APPLIC~1\advantage
[15/02/2010|20:49] C:\DOCUME~1\HELPAS~1\APPLIC~1\app
[15/02/2010|20:49] C:\DOCUME~1\HELPAS~1\APPLIC~1\BitDefender
[15/02/2010|21:35] C:\DOCUME~1\HELPAS~1\APPLIC~1\DAEMON Tools Lite
[15/02/2010|21:35] C:\DOCUME~1\HELPAS~1\APPLIC~1\DAEMON Tools Pro
[15/02/2010|21:35] C:\DOCUME~1\HELPAS~1\APPLIC~1\DivX
[15/02/2010|20:50] C:\DOCUME~1\HELPAS~1\APPLIC~1\Dofus 2
[15/02/2010|20:50] C:\DOCUME~1\HELPAS~1\APPLIC~1\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[15/02/2010|21:35] C:\DOCUME~1\HELPAS~1\APPLIC~1\dvdcss
[15/02/2010|20:50] C:\DOCUME~1\HELPAS~1\APPLIC~1\GigaTribe
[15/02/2010|20:50] C:\DOCUME~1\HELPAS~1\APPLIC~1\InstallShield Installation Information
[15/02/2010|20:50] C:\DOCUME~1\HELPAS~1\APPLIC~1\InterVideo
[20/12/2009|11:37] C:\DOCUME~1\HELPAS~1\APPLIC~1\Macromedia
[15/02/2010|20:50] C:\DOCUME~1\HELPAS~1\APPLIC~1\Media Player Classic
[15/02/2010|21:35] C:\DOCUME~1\HELPAS~1\APPLIC~1\Microsoft
[15/02/2010|21:35] C:\DOCUME~1\HELPAS~1\APPLIC~1\Mozilla
[15/02/2010|21:35] C:\DOCUME~1\HELPAS~1\APPLIC~1\PacificPoker
[15/02/2010|20:52] C:\DOCUME~1\HELPAS~1\APPLIC~1\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[15/02/2010|20:52] C:\DOCUME~1\HELPAS~1\APPLIC~1\Roxio

[20/12/2009|11:37] C:\DOCUME~1\itech\APPLIC~1\Adobe
[31/03/2009|09:36] C:\DOCUME~1\itech\APPLIC~1\BitDefender
[07/10/2009|18:37] C:\DOCUME~1\itech\APPLIC~1\Canneverbe_Limited
[23/06/2009|10:34] C:\DOCUME~1\itech\APPLIC~1\DAEMON Tools Lite
[23/06/2009|10:25] C:\DOCUME~1\itech\APPLIC~1\DAEMON Tools Pro
[29/01/2010|18:54] C:\DOCUME~1\itech\APPLIC~1\DivX
[20/12/2009|13:40] C:\DOCUME~1\itech\APPLIC~1\Dofus 2
[20/12/2009|13:25] C:\DOCUME~1\itech\APPLIC~1\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[31/03/2009|08:32] C:\DOCUME~1\itech\APPLIC~1\Download Manager
[02/02/2010|19:34] C:\DOCUME~1\itech\APPLIC~1\dvdcss
[02/11/2009|20:58] C:\DOCUME~1\itech\APPLIC~1\GigaTribe
[14/03/2009|14:12] C:\DOCUME~1\itech\APPLIC~1\Identities
[14/03/2009|14:27] C:\DOCUME~1\itech\APPLIC~1\InstallShield
[28/12/2009|16:03] C:\DOCUME~1\itech\APPLIC~1\InstallShield Installation Information
[17/06/2009|13:48] C:\DOCUME~1\itech\APPLIC~1\InterVideo
[26/04/2009|20:42] C:\DOCUME~1\itech\APPLIC~1\Macromedia
[26/10/2009|16:55] C:\DOCUME~1\itech\APPLIC~1\Media Player Classic
[17/02/2010|10:15] C:\DOCUME~1\itech\APPLIC~1\Microsoft
[26/04/2009|18:53] C:\DOCUME~1\itech\APPLIC~1\Mozilla
[04/08/2009|21:41] C:\DOCUME~1\itech\APPLIC~1\PacificPoker
[20/12/2009|13:25] C:\DOCUME~1\itech\APPLIC~1\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[17/08/2009|22:52] C:\DOCUME~1\itech\APPLIC~1\Roxio
[28/10/2009|19:43] C:\DOCUME~1\itech\APPLIC~1\Skype
[19/06/2009|23:02] C:\DOCUME~1\itech\APPLIC~1\skypePM
[03/05/2009|20:35] C:\DOCUME~1\itech\APPLIC~1\SoundSpectrum
[14/03/2009|14:44] C:\DOCUME~1\itech\APPLIC~1\Sun
[16/02/2010|18:04] C:\DOCUME~1\itech\APPLIC~1\uTorrent
[28/04/2009|12:19] C:\DOCUME~1\itech\APPLIC~1\vlc
[04/08/2009|22:09] C:\DOCUME~1\itech\APPLIC~1\WinRAR

[14/03/2009|14:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[17/08/2009|22:52] C:\DOCUME~1\LOCALS~1\APPLIC~1\Roxio

[14/03/2009|14:07] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[17/02/2010 21:38][--ah-----] C:\WINDOWS\tasks\SA.DAT
[02/03/2006 12:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[07/06/2009|16:01] C:\Program Files\7-Zip
[14/03/2009|14:45] C:\Program Files\Adobe
[25/06/2009|18:09] C:\Program Files\advantage
[07/10/2009|18:30] C:\Program Files\Ahead
[14/03/2009|14:16] C:\Program Files\Analog Devices
[06/05/2009|17:30] C:\Program Files\Audacity
[31/03/2009|09:01] C:\Program Files\BitDefender
[05/08/2009|13:35] C:\Program Files\Bonjour
[14/03/2009|14:29] C:\Program Files\Broadcom
[22/12/2009|12:22] C:\Program Files\Camgoo
[28/07/2009|17:54] C:\Program Files\CCleaner
[14/01/2010|18:38] C:\Program Files\CDBurnerXP
[16/01/2010|20:50] C:\Program Files\City Interactive
[26/10/2009|16:54] C:\Program Files\Combined Community Codec Pack
[14/03/2009|14:04] C:\Program Files\ComPlus Applications
[24/06/2009|10:31] C:\Program Files\DAEMON Tools Lite
[28/04/2009|15:22] C:\Program Files\DivX
[25/06/2009|16:57] C:\Program Files\EA GAMES
[09/02/2010|21:28] C:\Program Files\Electronic Arts
[20/12/2009|11:37] C:\Program Files\Fichiers communs
[07/10/2009|16:47] C:\Program Files\Free Easy Burner
[22/12/2009|13:51] C:\Program Files\GigaTribe
[06/08/2009|10:31] C:\Program Files\Google
[14/03/2009|15:15] C:\Program Files\Hewlett-Packard
[14/03/2009|14:46] C:\Program Files\Hp
[26/06/2009|12:18] C:\Program Files\HP Optical USB Mobile Mouse
[14/03/2009|14:48] C:\Program Files\HP Webcam Application
[14/03/2009|14:46] C:\Program Files\HPQ
[09/02/2010|21:28] C:\Program Files\InstallShield Installation Information
[14/03/2009|14:26] C:\Program Files\Intel
[16/02/2010|21:23] C:\Program Files\Internet Explorer
[14/03/2009|14:44] C:\Program Files\InterVideo
[13/09/2009|07:57] C:\Program Files\Java
[14/03/2009|14:50] C:\Program Files\JRE
[16/02/2010|22:10] C:\Program Files\ma-config.com
[14/03/2009|14:28] C:\Program Files\Marvell
[16/02/2010|21:26] C:\Program Files\Messenger
[15/02/2010|21:35] C:\Program Files\Messenger Plus! Live
[06/11/2009|20:17] C:\Program Files\Microsoft
[14/03/2009|14:07] C:\Program Files\microsoft frontpage
[12/05/2009|17:25] C:\Program Files\Microsoft Games
[31/03/2009|08:55] C:\Program Files\Microsoft Office
[31/03/2009|08:55] C:\Program Files\Microsoft Visual Studio
[08/11/2009|01:55] C:\Program Files\Microsoft Works
[09/02/2010|21:35] C:\Program Files\Microsoft WSE
[31/03/2009|08:54] C:\Program Files\Microsoft.NET
[16/02/2010|21:23] C:\Program Files\Movie Maker
[17/02/2010|21:40] C:\Program Files\Mozilla Firefox
[15/08/2009|02:04] C:\Program Files\MSBuild
[14/03/2009|14:03] C:\Program Files\MSN
[14/03/2009|14:04] C:\Program Files\MSN Gaming Zone
[27/04/2009|02:01] C:\Program Files\MSXML 4.0
[27/04/2009|02:04] C:\Program Files\MSXML 6.0
[29/08/2009|20:07] C:\Program Files\MyWebSearch
[16/02/2010|21:21] C:\Program Files\NetMeeting
[14/03/2009|14:04] C:\Program Files\Online Services
[14/03/2009|14:50] C:\Program Files\OpenOffice.org 3
[16/02/2010|21:32] C:\Program Files\Outlook Express
[08/07/2009|12:12] C:\Program Files\PacificPoker
[14/03/2009|14:47] C:\Program Files\PDF Complete
[04/11/2009|17:54] C:\Program Files\Project64 1.6
[15/08/2009|02:04] C:\Program Files\Reference Assemblies
[28/12/2009|16:03] C:\Program Files\Rockstar Games
[14/03/2009|14:56] C:\Program Files\Roxio
[14/03/2009|14:27] C:\Program Files\SCM Microsystems
[14/03/2009|14:06] C:\Program Files\Services en ligne
[27/05/2009|18:37] C:\Program Files\Skype
[03/05/2009|20:28] C:\Program Files\SoundSpectrum
[16/02/2010|22:01] C:\Program Files\SpeedFan
[14/03/2009|14:28] C:\Program Files\Synaptics
[16/02/2010|23:00] C:\Program Files\trend micro
[25/10/2009|11:18] C:\Program Files\Ubisoft
[14/03/2009|14:12] C:\Program Files\Uninstall Information
[18/06/2009|19:51] C:\Program Files\uTorrent
[14/03/2009|14:43] C:\Program Files\VideoLAN
[06/11/2009|20:18] C:\Program Files\Windows Live
[27/04/2009|11:22] C:\Program Files\Windows Live SkyDrive
[14/03/2009|15:14] C:\Program Files\Windows Media Connect 2
[16/02/2010|21:21] C:\Program Files\Windows Media Player
[16/02/2010|21:21] C:\Program Files\Windows NT
[14/03/2009|14:06] C:\Program Files\WindowsUpdate
[04/08/2009|22:08] C:\Program Files\WinRAR
[14/05/2009|18:00] C:\Program Files\WorldOfGoo
[14/03/2009|14:07] C:\Program Files\xerox
[26/11/2009|21:39] C:\Program Files\Zylom Games

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[14/03/2009|14:45] C:\Program Files\Fichiers communs\Adobe
[20/12/2009|11:37] C:\Program Files\Fichiers communs\Adobe AIR
[31/03/2009|09:35] C:\Program Files\Fichiers communs\BitDefender
[31/03/2009|08:55] C:\Program Files\Fichiers communs\DESIGNER
[28/04/2009|15:22] C:\Program Files\Fichiers communs\DivX Shared
[14/03/2009|14:28] C:\Program Files\Fichiers communs\InstallShield
[14/03/2009|14:44] C:\Program Files\Fichiers communs\InterVideo
[14/03/2009|15:12] C:\Program Files\Fichiers communs\Java
[14/03/2009|15:10] C:\Program Files\Fichiers communs\LightScribe
[08/11/2009|01:55] C:\Program Files\Fichiers communs\Microsoft Shared
[14/03/2009|14:05] C:\Program Files\Fichiers communs\MSSoap
[14/03/2009|14:57] C:\Program Files\Fichiers communs\ODBC
[14/03/2009|14:54] C:\Program Files\Fichiers communs\Roxio Shared
[14/03/2009|14:05] C:\Program Files\Fichiers communs\Services
[27/05/2009|18:37] C:\Program Files\Fichiers communs\Skype
[14/03/2009|14:27] C:\Program Files\Fichiers communs\SNP2UVC
[14/03/2009|14:56] C:\Program Files\Fichiers communs\Sonic Shared
[14/03/2009|14:57] C:\Program Files\Fichiers communs\SpeechEngines
[14/03/2009|14:51] C:\Program Files\Fichiers communs\SureThing Shared
[16/02/2010|21:21] C:\Program Files\Fichiers communs\System
[27/04/2009|11:14] C:\Program Files\Fichiers communs\Windows Live
[27/04/2009|14:18] C:\Program Files\Fichiers communs\WindowsLiveInstaller

--------------------\\ Process

( 57 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\itech\LOCALS~1\Temp\STANDARD.WW
C:\DOCUME~1\itech\LOCALS~1\Temp\status.txt

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-17 21:45:08
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 318

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\itech\Mes documents\Mes r‚ceptions GigaTribe\mzelle.marie\Babylon Bombs\2006 - Doin' You Nasty\03-Crack of dawn-1-.mp3

[F:1837][D:156]-> C:\DOCUME~1\itech\LOCALS~1\Temp
[F:29][D:0]-> C:\DOCUME~1\itech\Cookies
[F:11][D:4]-> C:\DOCUME~1\itech\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 17/02/2010|21:47 - Option : [1]

--------------------\\ Fin du rapport a 21:47:26

Réponse 31 / 47

nomdemprunt12 Messages postés 36 Statut Membre

oula alors avant ça j'ai des questions !

je sais pas comme desactiver unantivirus ou un antispyware...

et une console de récupération ? qu'est ce ? et surtout comme faire ça ? le logiciel va me le proposer ?

Réponse 32 / 47

moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274

je ne connais pas bitfender en particulier, mais en règle générale un clic droit sur l'icone et chercher "désactiver ou arrêter protection"
au pire si tu trouves pas laisses le
la console te sera proposée si tu ne l'as pas déjà dans le pc et donc remettre internet juste pour ca

regardes le tutorial qui est joint

Réponse 33 / 47

nomdemprunt12 Messages postés 36 Statut Membre

Promis après ça j'arrete de chouiner !

il y a un risque pour mon ordi ?? c'est dangereux ?

Réponse 34 / 47

moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274

non...en tout cas pas plus que de rester avec un pc qui plante toutes les 5 mns

suis les instruction, installes cette console, et si ta machine n'est pas trop infectée...ca ira

en plus court...t'as pas le choix en fait
(sourire)

Réponse 35 / 47

nomdemprunt12 Messages postés 36 Statut Membre

ok.. mais là j'ai un autre soucis... je viens de lire que pour la console de récup il faut les cd d'installation.. le hic est là je ne les aies pas !

Réponse 36 / 47

moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274

oui d'où l'utilite de remettre internet si il te propose de l'installer car il la téléchargera alors

Réponse 37 / 47

nomdemprunt12 Messages postés 36 Statut Membre

ComboFix 10-02-12.01 - itech 17/02/2010 22:20:45.1.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3001.2558 [GMT 1:00]
Lancé depuis: c:\documents and settings\itech\Mes documents\Téléchargements\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\020F3B40
c:\program files\MyWebSearch\bar\Cache\020F4C38
c:\program files\MyWebSearch\bar\Cache\020F5715
c:\program files\MyWebSearch\bar\Cache\020F588C.bin
c:\program files\MyWebSearch\bar\Cache\020FA16C.bin
c:\program files\MyWebSearch\bar\Cache\020FA2C4.bin
c:\program files\MyWebSearch\bar\Cache\020FA4D7.bin
c:\program files\MyWebSearch\bar\Cache\020FA67D.bin
c:\program files\MyWebSearch\bar\Cache\02103214.bin
c:\program files\MyWebSearch\bar\Cache\0210357F.bin
c:\program files\MyWebSearch\bar\Cache\02103763.bin
c:\program files\MyWebSearch\bar\Cache\021039E4.bin
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\bar\Settings\setting2.htm
c:\program files\MyWebSearch\bar\Settings\settings.dat
c:\windows\system32\oem13.inf

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-01-17 au 2010-02-17 ))))))))))))))))))))))))))))))))))))
.

2010-02-17 20:42 . 2010-02-17 20:47 -------- d-----w- C:\Lop SD
2010-02-17 20:15 . 2010-02-17 20:15 -------- d-----w- C:\Kill'em
2010-02-16 22:32 . 2010-02-16 22:32 537591 ----a-w- C:\UsbFix_Upload_Me_ITECH-B9EADEE94.zip
2010-02-16 22:00 . 2010-02-16 22:00 -------- d-----w- c:\program files\trend micro
2010-02-16 22:00 . 2010-02-16 22:00 -------- d-----w- C:\rsit
2010-02-16 21:10 . 2010-02-16 21:10 -------- d--h--w- c:\windows\PIF
2010-02-16 21:09 . 2010-02-16 21:10 -------- d-----w- c:\program files\ma-config.com
2010-02-16 21:09 . 2010-02-16 21:09 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com
2010-02-16 20:23 . 2010-02-16 20:23 -------- d-----w- c:\windows\system32\fr-fr
2010-02-16 20:23 . 2010-02-16 20:23 -------- d-----w- c:\windows\system32\fr
2010-02-16 20:23 . 2010-02-16 20:23 -------- d-----w- c:\windows\system32\bits
2010-02-16 20:23 . 2010-02-16 20:23 -------- d-----w- c:\windows\l2schemas
2010-02-16 16:32 . 2010-02-16 21:01 -------- d-----w- c:\program files\SpeedFan
2010-02-15 20:35 . 2010-02-15 20:35 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-15 19:49 . 2010-02-15 20:35 -------- d-----w- c:\documents and settings\HelpAssistant\Modèles
2010-02-15 19:49 . 2010-02-15 20:35 -------- d-s---w- c:\documents and settings\HelpAssistant
2010-02-09 20:35 . 2010-02-09 20:35 10134 ----a-r- c:\documents and settings\itech\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2010-02-09 20:35 . 2010-02-09 20:35 -------- d-----w- c:\program files\Microsoft WSE
2010-02-09 20:28 . 2010-02-09 20:28 -------- d-----w- c:\program files\Electronic Arts
2010-01-26 18:11 . 2010-02-16 16:56 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-17 21:14 . 2009-04-26 21:08 81984 ----a-w- c:\windows\system32\bdod.bin
2010-02-17 20:43 . 2006-03-02 11:00 85602 ----a-w- c:\windows\system32\perfc00C.dat
2010-02-17 20:43 . 2006-03-02 11:00 513318 ----a-w- c:\windows\system32\perfh00C.dat
2010-02-17 09:15 . 2009-03-31 07:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-16 20:38 . 2009-03-14 14:05 88864 ----a-w- c:\documents and settings\itech\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-16 20:25 . 2009-03-14 13:06 88727 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-16 17:04 . 2009-06-18 18:50 -------- d-----w- c:\documents and settings\itech\Application Data\uTorrent
2010-02-15 20:35 . 2009-04-27 13:25 -------- d-----w- c:\program files\Messenger Plus! Live
2010-02-09 20:28 . 2009-03-14 13:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-02 18:34 . 2009-05-16 12:28 -------- d-----w- c:\documents and settings\itech\Application Data\dvdcss
2010-01-29 17:54 . 2009-05-03 13:32 -------- d-----w- c:\documents and settings\itech\Application Data\DivX
2010-01-16 19:52 . 2010-01-16 19:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Fugazo
2010-01-16 19:50 . 2010-01-16 19:50 -------- d-----w- c:\program files\City Interactive
2010-01-14 17:38 . 2009-10-07 17:36 -------- d-----w- c:\program files\CDBurnerXP
2009-12-31 16:50 . 2006-03-02 11:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-28 15:03 . 2009-12-28 15:03 -------- d-----w- c:\documents and settings\itech\Application Data\InstallShield Installation Information
2009-12-28 15:03 . 2009-12-28 15:03 -------- d-----w- c:\program files\Rockstar Games
2009-12-28 15:02 . 2009-12-28 15:27 344064 ----a-w- c:\documents and settings\itech\Application Data\InstallShield Installation Information\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}\_setup.dll
2009-12-22 12:51 . 2009-06-19 12:13 -------- d-----w- c:\program files\GigaTribe
2009-12-22 11:22 . 2009-09-27 19:02 -------- d-----w- c:\program files\Camgoo
2009-12-22 05:09 . 2006-03-02 11:00 671232 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:08 . 2006-03-02 11:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-20 12:40 . 2009-12-20 12:25 -------- d-----w- c:\documents and settings\itech\Application Data\Dofus 2
2009-12-20 12:25 . 2009-12-20 12:25 -------- d-----w- c:\documents and settings\itech\Application Data\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
2009-12-20 12:25 . 2009-12-20 12:25 -------- d-----w- c:\documents and settings\itech\Application Data\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
2009-12-20 10:37 . 2009-12-20 10:37 -------- d-----w- c:\program files\Fichiers communs\Adobe AIR
2009-12-20 10:37 . 2009-12-20 10:37 38784 ----a-w- c:\documents and settings\itech\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-20 10:37 . 2009-12-20 10:37 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-17 07:41 . 2009-03-14 13:03 347648 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:09 . 2006-03-02 11:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:08 . 2006-03-02 11:00 2147328 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:08 . 2004-08-19 16:04 2025984 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2006-03-02 11:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:13 . 2006-03-02 11:00 1297920 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:13 . 2004-08-19 16:09 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:08 . 2006-03-02 11:00 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:08 . 2006-03-02 11:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:08 . 2006-03-02 11:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:08 . 2004-08-19 16:09 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:08 . 2001-08-23 17:47 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-21 15:58 . 2006-03-02 11:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-06-23 09:26 . 2009-06-23 09:26 227696 ----a-w- c:\program files\mozilla firefox\components\AdVComponent.dll
2009-11-16 18:13 . 2009-04-26 19:34 65536 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2006-03-02 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2006-03-02 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys

[-] 2006-03-02 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2006-03-02 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-14 . 16813155807C6881F4BFBF6657424659 . 25216 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-14 . 16813155807C6881F4BFBF6657424659 . 25216 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\kbdclass.sys
[-] 2008-04-14 . 16813155807C6881F4BFBF6657424659 . 25216 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2006-03-02 . E798705E8DC7FAB596EF6BFDF167E007 . 25216 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0019\DriverFiles\i386\kbdclass.sys
[-] 2004-08-19 . E798705E8DC7FAB596EF6BFDF167E007 . 25216 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2006-03-02 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB912436$\ndis.sys
[-] 2006-01-10 . AA898F84D2B59129FB92E143A2C73434 . 182528 . . [5.1.2600.2824] . . c:\windows\$NtServicePackUninstall$\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2006-03-02 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntfs.sys

[-] 2006-03-02 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2006-03-02 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\tcpip.sys
[-] 2006-03-02 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys

[-] 2008-04-14 . 06B54A7B1EF7CB16BFD0E208D343FA71 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . 06B54A7B1EF7CB16BFD0E208D343FA71 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\browser.dll
[-] 2008-04-14 . 06B54A7B1EF7CB16BFD0E208D343FA71 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2006-03-02 . 75AC49029966BFFEA09F96C1C194F684 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll

[-] 2008-04-14 . 91E6024D6D4DCDECDB36C43ECF9BBECB . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . 91E6024D6D4DCDECDB36C43ECF9BBECB . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\lsass.exe
[-] 2008-04-14 . 91E6024D6D4DCDECDB36C43ECF9BBECB . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2006-03-02 . 259AF82A0932EEA4F316F92DB94707B6 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe

[-] 2008-04-14 . BE0CB143FA427D93440DED18DB8C918B . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . BE0CB143FA427D93440DED18DB8C918B . 198144 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\netman.dll
[-] 2008-04-14 . BE0CB143FA427D93440DED18DB8C918B . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2006-03-02 . 237F77C91B70469E3AF9F7FD0A524954 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netman.dll

[-] 2008-04-14 . BAA0B6E647C1AD593E9BAE5CC31BCFFB . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . BAA0B6E647C1AD593E9BAE5CC31BCFFB . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\qmgr.dll
[-] 2008-04-14 . BAA0B6E647C1AD593E9BAE5CC31BCFFB . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . BAA0B6E647C1AD593E9BAE5CC31BCFFB . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2006-03-02 . 659F7B6C502051BFA37910614B225548 . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll

[-] 2009-02-09 . F83B964469D230F445613C44DF9FE25D . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 . 0203B1AAD358F206CB0A3C1F93CCE17A . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll
[-] 2009-02-09 . 0203B1AAD358F206CB0A3C1F93CCE17A . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 0203B1AAD358F206CB0A3C1F93CCE17A . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . BA1EF616F55210820F6462D033088497 . 401408 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2008-04-14 . 3D65EB82E1FA6DB15A33E024C9E03CAB . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 . 3D65EB82E1FA6DB15A33E024C9E03CAB . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2008-04-14 . 3D65EB82E1FA6DB15A33E024C9E03CAB . 399360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\rpcss.dll
[-] 2006-03-02 . C6FE0B727A5D13419D480150631ADC09 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572_0$\rpcss.dll

[-] 2009-02-09 . C3FB1D70CB88722267949694BA51759E . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[-] 2009-02-09 . C3FB1D70CB88722267949694BA51759E . 111104 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-09 . C3FB1D70CB88722267949694BA51759E . 111104 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-09 . 62789101F9C2401ED598AA2CDE7450C0 . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2009-02-09 . 51A24094F076961A7FF73E5F7E991D68 . 111104 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\services.exe
[-] 2008-04-14 . 54CB50058851D95E56EC70D09F70857F . 109056 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 . 54CB50058851D95E56EC70D09F70857F . 109056 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2008-04-14 . 54CB50058851D95E56EC70D09F70857F . 109056 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\services.exe
[-] 2006-03-02 . 63DCDE1A0D86EEB8924D6738FF616EAD . 108544 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572_0$\services.exe

[-] 2008-04-14 . 460E4CE148BD07218DA0B6A3D31885A9 . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 . 460E4CE148BD07218DA0B6A3D31885A9 . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\spoolsv.exe
[-] 2008-04-14 . 460E4CE148BD07218DA0B6A3D31885A9 . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
[-] 2006-03-02 . DF9FC62AD51CB082B0AE371919A232CB . 57856 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe

[-] 2008-04-14 . DD73D6B9F6B4CB630CF35B438B540174 . 512000 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . DD73D6B9F6B4CB630CF35B438B540174 . 512000 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\winlogon.exe
[-] 2008-04-14 . DD73D6B9F6B4CB630CF35B438B540174 . 512000 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2006-03-02 . 123EEA158F74D0F67A51DCDF065D1091 . 506368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 . B4AA331468315B6A174C3F0D5B3BC135 . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . B4AA331468315B6A174C3F0D5B3BC135 . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\comctl32.dll
[-] 2008-04-14 . B4AA331468315B6A174C3F0D5B3BC135 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2008-04-14 . F92E6BEA9349D49341383F8403B4DFE5 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2006-03-02 . 7D3AA1F0E765054CB5F30114F2DB6888 . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll

[-] 2008-04-14 . 7A6D0B71035E123FDDA2156A25578AD3 . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 7A6D0B71035E123FDDA2156A25578AD3 . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\cryptsvc.dll
[-] 2008-04-14 . 7A6D0B71035E123FDDA2156A25578AD3 . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2006-03-02 . CD73133EB24C572019944001FAD1B8D9 . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll

[-] 2008-07-07 20:31 . A5B1B7C76134329AA7547F6E6DA35410 . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:28 . EC16AE9B37EACF871629227A3F3913FD . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:28 . EC16AE9B37EACF871629227A3F3913FD . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:28 . EC16AE9B37EACF871629227A3F3913FD . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:24 . 157F9C595FD0D10502497DC4C1348D17 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:18 . 74ECF4DDC685BD3249CAB323405FCC49 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 02:33 . 9FD4A0615BF3E9388A46EDF8774C7294 . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 02:33 . 9FD4A0615BF3E9388A46EDF8774C7294 . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2008-04-14 02:33 . 9FD4A0615BF3E9388A46EDF8774C7294 . 246272 . . [2001.12.4414.701] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\es.dll
[-] 2006-03-02 11:00 . FDE7FBE9CC9DD9484DF3E0241737C091 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB950974_0$\es.dll

[-] 2008-04-14 . 0469B73DB32E5520F342C5E163AA3CCA . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 0469B73DB32E5520F342C5E163AA3CCA . 110080 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\imm32.dll
[-] 2008-04-14 . 0469B73DB32E5520F342C5E163AA3CCA . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2006-03-02 . E55DAFA1A354BD5CB69151563DC9748A . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll

[-] 2009-03-21 . 534040750B9E70B156A98F5D0E8F6D2A . 1051136 . . [5.1.2600.3541] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2009-03-21 . 98F08549604D090B6B2514AF845F329F . 1054720 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[-] 2009-03-21 . 98F08549604D090B6B2514AF845F329F . 1054720 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . 98F08549604D090B6B2514AF845F329F . 1054720 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . C3AF0EEE26B59484E674673E3016AAB7 . 1056768 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2009-03-21 . 2087E2764822A8D93A4CA7FA0FED35E8 . 1054208 . . [5.1.2600.3541] . . c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[-] 2008-04-14 . 3AC8886DFA5AB641417DF4D3B7F5512E . 1054720 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 . 3AC8886DFA5AB641417DF4D3B7F5512E . 1054720 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2008-04-14 . 3AC8886DFA5AB641417DF4D3B7F5512E . 1054720 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\kernel32.dll
[-] 2006-03-02 . C88F74591579DBDE273C61312B2D3886 . 1048576 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB959426_0$\kernel32.dll

[-] 2008-04-14 . 5C64008E661307C4A3C3C25D9086CDE7 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 5C64008E661307C4A3C3C25D9086CDE7 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\linkinfo.dll
[-] 2008-04-14 . 5C64008E661307C4A3C3C25D9086CDE7 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2006-03-02 . 6C411ABBEEF0CA1D991F8A8F449D2B5F . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll

[-] 2008-04-14 . 982B2C204337C3B12211E1E1D9BA8C9C . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 982B2C204337C3B12211E1E1D9BA8C9C . 22016 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\lpk.dll
[-] 2008-04-14 . 982B2C204337C3B12211E1E1D9BA8C9C . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2006-03-02 . 3236A6A1650E6C055FD5E87D7C4A05AD . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll

[-] 2008-04-14 . 3891413139EAABFEFE9B0CA49B5CD395 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 3891413139EAABFEFE9B0CA49B5CD395 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\msvcrt.dll
[-] 2008-04-14 . 3891413139EAABFEFE9B0CA49B5CD395 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2008-04-14 . D33CD21D476C3A07DD88F83850A17432 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\asms\70\msft\windows\mswincrt\msvcrt.dll
[-] 2006-03-02 . B89F48FDFD6C3312B92D5D633C23F075 . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll

[-] 2008-06-20 . 58AF8498C62E1E1DAB5AE59C6E08C180 . 247808 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . 58AF8498C62E1E1DAB5AE59C6E08C180 . 247808 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 58AF8498C62E1E1DAB5AE59C6E08C180 . 247808 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . C759B3790D3BA760C52E218EF4886DAC . 247808 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 8A52DE10680A40ECD04FA2C0FBC34190 . 247808 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 . 4138FBDEDBC6FEAD215BB4C4B102F7DE . 247808 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-04-14 . 196CCC3FDD21665DCAA9F83FFC03B41A . 247808 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-14 . 196CCC3FDD21665DCAA9F83FFC03B41A . 247808 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2008-04-14 . 196CCC3FDD21665DCAA9F83FFC03B41A . 247808 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\mswsock.dll
[-] 2006-03-02 . 6FA2DDF70DC9B762EBF8920F89B6BEA3 . 247808 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll

[-] 2009-02-06 . ECD7791E0E9246CA5F218A19F3911EB9 . 408064 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
[-] 2008-04-14 . 04821179C3171554C1BD1F9888A113E2 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 04821179C3171554C1BD1F9888A113E2 . 407040 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\netlogon.dll
[-] 2008-04-14 . 04821179C3171554C1BD1F9888A113E2 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2006-03-02 . D4CFAC76926C24E32B7F25A35C31BC6E . 407040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB968389_0$\netlogon.dll

[-] 2008-04-14 . 9F2C862E39BF8E8FC51C3F6A6BCEB415 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 9F2C862E39BF8E8FC51C3F6A6BCEB415 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\powrprof.dll
[-] 2008-04-14 . 9F2C862E39BF8E8FC51C3F6A6BCEB415 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2006-03-02 . 29D5E58FB089C41898A81BD4C8970F22 . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll

[-] 2008-04-14 . 973B36634C544948C663E8269AA1B3A3 . 187392 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . 973B36634C544948C663E8269AA1B3A3 . 187392 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\scecli.dll
[-] 2008-04-14 . 973B36634C544948C663E8269AA1B3A3 . 187392 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2006-03-02 . 58D439F6EF73A2D9288B204E819F4BBD . 186368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll

[-] 2008-04-14 . 9A4E7ECBB5B7FB86F3B926AB039F4FEC . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 9A4E7ECBB5B7FB86F3B926AB039F4FEC . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\sfc.dll
[-] 2008-04-14 . 9A4E7ECBB5B7FB86F3B926AB039F4FEC . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2006-03-02 . BB695F18354B38CFF693E67EE7A30C22 . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll

[-] 2008-04-14 . E4BDF223CD75478BF44567B4D5C2634D . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . E4BDF223CD75478BF44567B4D5C2634D . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\svchost.exe
[-] 2008-04-14 . E4BDF223CD75478BF44567B4D5C2634D . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2006-03-02 . 2979B03D5382A602623C0535B16AB9C0 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe

[-] 2008-04-14 . 8E5231171AD6595FF002E848CC54FCD7 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 8E5231171AD6595FF002E848CC54FCD7 . 249856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\tapisrv.dll
[-] 2008-04-14 . 8E5231171AD6595FF002E848CC54FCD7 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2006-03-02 . 5CC2A233DAC03CAF99D20B87598675CD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll

[-] 2008-04-14 . E853F84D3CE2FAA2A802E33CF89AC023 . 579584 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . E853F84D3CE2FAA2A802E33CF89AC023 . 579584 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\user32.dll
[-] 2008-04-14 . E853F84D3CE2FAA2A802E33CF89AC023 . 579584 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2006-03-02 . 61C8C283AD063BB697AE61A155C64A5A . 578048 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll

[-] 2008-04-14 . E74DDB12188C2FF57A78624DBF7332FC . 26624 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . E74DDB12188C2FF57A78624DBF7332FC . 26624 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\userinit.exe
[-] 2008-04-14 . E74DDB12188C2FF57A78624DBF7332FC . 26624 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2006-03-02 . 84717891F0734C611721F56C60B5FBC3 . 25088 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe

[-] 2008-04-14 . FB836F9E62D82904C983AD21296A5D9C . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . FB836F9E62D82904C983AD21296A5D9C . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\ws2_32.dll
[-] 2008-04-14 . FB836F9E62D82904C983AD21296A5D9C . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2006-03-02 . EED74B969B2CA1ACC558FF60FB420E28 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll

[-] 2008-04-14 . F2317622D29F9FF0F88AEECD5F60F0DD . 1037824 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . F2317622D29F9FF0F88AEECD5F60F0DD . 1037824 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2008-04-14 . F2317622D29F9FF0F88AEECD5F60F0DD . 1037824 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\explorer.exe
[-] 2006-03-02 . 2A7BD330924252A2FD80344FC949BB72 . 1036288 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2008-04-14 . 6ED29124A1C83BD0CF6B26BD01CA6F6F . 171520 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 6ED29124A1C83BD0CF6B26BD01CA6F6F . 171520 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\srsvc.dll
[-] 2008-04-14 . 6ED29124A1C83BD0CF6B26BD01CA6F6F . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2006-03-02 . CE978404558CE2D82896AC2032F06DBF . 171008 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB888402$\srsvc.dll
[-] 2004-11-17 . A4DEA3ABD4F94C841C9441627931BA28 . 171520 . . [5.1.2600.2567] . . c:\windows\$NtServicePackUninstall$\srsvc.dll

[-] 2008-04-14 . 02DA31AB433A6C1110A736C85701DECA . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . 02DA31AB433A6C1110A736C85701DECA . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\wscntfy.exe
[-] 2008-04-14 . 02DA31AB433A6C1110A736C85701DECA . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2006-03-02 . 8558905BA81F6EFAAF9667139BB117DD . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe

[-] 2008-04-14 . F92A87FDDA0C11C8604FBC2B864FA726 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . F92A87FDDA0C11C8604FBC2B864FA726 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\xmlprov.dll
[-] 2008-04-14 . F92A87FDDA0C11C8604FBC2B864FA726 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2006-03-02 . 912591E2055E26566D1CB54092A7E8B0 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll

[-] 2008-04-14 . 4EC800BDF80521B0207BD2301DFC7D14 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 4EC800BDF80521B0207BD2301DFC7D14 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\eventlog.dll
[-] 2008-04-14 . 4EC800BDF80521B0207BD2301DFC7D14 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2006-03-02 . 49B1376885340BF9EA0D99F71557B59A . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

[-] 2008-04-14 . E17C85D5B5CF477638433B851A98499E . 1571840 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . E17C85D5B5CF477638433B851A98499E . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\sfcfiles.dll
[-] 2008-04-14 . E17C85D5B5CF477638433B851A98499E . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2006-03-02 . 6D8F3AC555E3F8A569AA9B2A817698C1 . 1548288 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll

[-] 2008-04-14 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\ctfmon.exe
[-] 2008-04-14 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2006-03-02 . 64E41E8FEE655B03E3F19DED21BA5118 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2008-04-14 . B9F20D71E5B6CE89A7A94B38351FDBDC . 135680 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2008-04-14 . B9F20D71E5B6CE89A7A94B38351FDBDC . 135680 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\shsvcs.dll
[-] 2008-04-14 . B9F20D71E5B6CE89A7A94B38351FDBDC . 135680 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
[-] 2006-03-02 . ABA25E49F6589FD73F1143FDC39A6B46 . 135168 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll

[-] 2008-04-14 . E598D81197E2E0EC42A0C55772BB00E8 . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . E598D81197E2E0EC42A0C55772BB00E8 . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\regsvc.dll
[-] 2008-04-14 . E598D81197E2E0EC42A0C55772BB00E8 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2006-03-02 . B6F76CE10953A141545A0D01F1776885 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll

[-] 2008-04-14 . 55F5C5C1BE1A78E285033E432BA01597 . 194560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 55F5C5C1BE1A78E285033E432BA01597 . 194560 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\schedsvc.dll
[-] 2008-04-14 . 55F5C5C1BE1A78E285033E432BA01597 . 194560 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2006-03-02 . A65E74CC5831CED5762AA16033ED20EE . 193024 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll

[-] 2008-04-14 . EA9E0DB8684CEF2FD3BADD671DF5A112 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . EA9E0DB8684CEF2FD3BADD671DF5A112 . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\ssdpsrv.dll
[-] 2008-04-14 . EA9E0DB8684CEF2FD3BADD671DF5A112 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2006-03-02 . DCB185C829538971E47AFFE77BA138C3 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll

[-] 2008-04-14 . 710BC85A8C22626EE094439E3EA0D38C . 297984 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . 710BC85A8C22626EE094439E3EA0D38C . 297984 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\termsrv.dll
[-] 2008-04-14 . 710BC85A8C22626EE094439E3EA0D38C . 297984 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2006-03-02 . 78F90C3E230AD122BCB116ABAD5FEFE9 . 297984 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll

[-] 2008-04-14 . F36C9F78FC902C8DCE4D3B576BB0435A . 176640 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . F36C9F78FC902C8DCE4D3B576BB0435A . 176640 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\appmgmts.dll
[-] 2008-04-14 . F36C9F78FC902C8DCE4D3B576BB0435A . 176640 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2006-03-02 . 7E9D138DC991BCCE6E6026CD74E69CC4 . 176640 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll

[-] 2006-03-02 . E4ABC1212B70BB03D35E60681C447210 . 12032 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2004-08-03 21:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtServicePackUninstall$\aec.sys

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2006-03-02 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys

[-] 2008-04-14 02:33 . CE21FE79AD3B913A79E0C742BED6BF85 . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2008-04-14 02:33 . CE21FE79AD3B913A79E0C742BED6BF85 . 927504 . . [4.1.0.61] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\mfc40u.dll
[-] 2008-04-14 02:33 . CE21FE79AD3B913A79E0C742BED6BF85 . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2006-03-02 11:00 . E1A34560BF6CE7C703BB67EC4FA70F43 . 924432 . . [4.1.6140] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll

[-] 2008-04-14 . E67A66A3781C1A483F0F8992664CBE0D . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . E67A66A3781C1A483F0F8992664CBE0D . 33792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\msgsvc.dll
[-] 2008-04-14 . E67A66A3781C1A483F0F8992664CBE0D . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2006-03-02 . DE71362123E81D268088E78543752576 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll

[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2006-03-02 11:00 . 535D54D2AF721A3497F058CAA2C63447 . 52736 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
[-] 2005-01-28 12:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2005-01-28 12:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll

[-] 2008-04-14 02:33 . 037D92B3A7853A183FCAB77FB1D13D6C . 438272 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 02:33 . 037D92B3A7853A183FCAB77FB1D13D6C . 438272 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\ntmssvc.dll
[-] 2008-04-14 02:33 . 037D92B3A7853A183FCAB77FB1D13D6C . 438272 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2006-03-02 11:00 . 951543FFB84012D13F4CB09DA2EACE96 . 438272 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll

[-] 2008-04-14 . BD8166A495B02308F364B36249475F22 . 186368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . BD8166A495B02308F364B36249475F22 . 186368 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\upnphost.dll
[-] 2008-04-14 . BD8166A495B02308F364B36249475F22 . 186368 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2006-03-02 . 0B6A726C2DE9BBB80A48459F0C318F44 . 185344 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [2008-03-17 2289664]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1044480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-05 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-05 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-05 141848]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.Exe" [2008-06-09 82224]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1040384]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-14 177456]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2008-05-14 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-05-12 318488]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2008-05-23 197904]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-03-14 1871872]
"BitDefender Security Center"="c:\program files\BitDefender\BitDefender 2009\seccenter.exe" [2009-11-16 442368]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-11-16 782336]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-04-26 69632]
"Mouse Suite 98 Daemon"="ICO.EXE" [2004-07-14 57344]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\itech\Menu D‚marrer\Programmes\D‚marrage\
GigaTribe.lnk - c:\program files\GigaTribe\gigatribe.exe [2009-6-19 4227584]

c:\documents and settings\itech\Menu D‚marrer\Programmes\D‚marrage\
GigaTribe.lnk - c:\program files\GigaTribe\gigatribe.exe [2009-6-19 4227584]

c:\documents and settings\itech\Menu D‚marrer\Programmes\D‚marrage\
GigaTribe.lnk - c:\program files\GigaTribe\gigatribe.exe [2009-6-19 4227584]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2009-3-14 197904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\GigaTribe\\gigatribe.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2871:TCP"= 2871:TCP:Services
"2479:TCP"= 2479:TCP:Services

R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [14/03/2009 14:16 24064]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [02/07/2008 12:07 82696]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [14/03/2009 14:47 576024]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [30/06/2008 09:41 111112]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23/06/2009 10:22 721904]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [17/07/2008 12:06 118784]
S3 avshws;YouUp Simulated Hardware;c:\windows\system32\drivers\youup.sys [27/04/2009 15:57 57472]
S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [17/07/2008 10:44 104456]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [14/03/2009 14:29 193840]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [26/01/2010 17:45 243056]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Fichiers communs\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [08/04/2008 13:12 1112560]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [21/06/2007 04:40 56448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bdx REG_MULTI_SZ scan

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 16:56 451872 ----a-w- c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyServer = 192.168.30.10:80
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {8F5F244D-B13C-490E-BFA9-38C8F467B911} = 192.168.30.10
FF - ProfilePath - c:\documents and settings\itech\Application Data\Mozilla\Firefox\Profiles\u4gnfwo3.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJxdm353YYFR&fl=0&ptb=DlCN6fxBn4NpjwyFk6x43A&url=https://hp.mywebsearch.com/mywebsearch/index.html
FF - component: c:\program files\Mozilla Firefox\components\AdVComponent.dll
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-[webwiz] - c:\progra~1\_WEBWI~1\WEBWIZ~1.EXE
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-advantage_DAEM - c:\documents and settings\itech\Application Data\advantage\AdVUninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-17 22:25
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe???????????????????????|?M?|?????M?|??@

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x8AD1BFD8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74cbf28
\Driver\ACPI -> ACPI.sys @ 0xf735dcb8
\Driver\iaStor -> iaStor.sys @ 0xf726e78c
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Réseau local Broadcom 802.11b/g -> SendCompleteHandler -> 0x86674330
PacketIndicateHandler -> NDIS.sys @ 0xf7152a21
SendHandler -> NDIS.sys @ 0xf713087b
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(752)
c:\windows\System32\BCMLogon.dll
.
Heure de fin: 2010-02-17 22:28:03
ComboFix-quarantined-files.txt 2010-02-17 21:28

Avant-CF: 135 647 502 336 octets libres
Après-CF: 137 185 775 616 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

- - End Of File - - EB15D04CE5BDC91AC574EDD1FC70A649

Réponse 38 / 47

moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274

ok

tu es encore vivante ?

bon tout ce qui est dans le rapport dans la rubrique ------- Sigcheck ------- est source d'ennui
il me faut uin peu de temps pour y voir clair sur ca

de plus une infection mbr à priori traité

on va le vérifier

/!\ Il faut impérativement désactiver tous tes logiciels de protection pour utiliser ce programme/!\
* Télécharge mbr.exe de Gmer ici : http://www2.gmer.net/mbr/mbr.exe et enregistre le fichier sur le Bureau.
* Merci à Malekal pour le tutoriel
* Désactive tes protections et coupe la connexion. (Antivirus et antispywares, HIPS et autre résident)
* Double clique sur mbr.exe
* Un rapport sera généré : mbr.log
* En cas d'infection, ce message "MBR rootkit code detected" va apparaitre.
* Pour supprimer le rootkit aller dans le menu Démarrer=> Exécuter et tapez la commande en gras:
"%userprofile%\Bureau\mbr" -f
* (veuillez à bien respecter les guillemets)
* Dans le mbr.log cette ligne apparaitra "original MBR restored successfully !"
* Réactive tes protections .Poste ce rapport et supprime le ensuite.

o Pour vérifier désactive tes protections et coupe la connexion. (Antivirus et antispywares, HIPS et autre résident)
o Relance mbr.exe
o Réactive tes protections.
o Le nouveau mbr.log devrait être celui-ci :
o Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net
o device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Réponse 39 / 47

nomdemprunt12 Messages postés 36 Statut Membre

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

c'est ça le rapport ?

Réponse 40 / 47

moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274

oui c'est bon

deux questions:

- constates tu une amélioration du comportement du pc ?
- ton windows est il maison car combofix ne reconnait pas l'ensemble des fichiers énumérés apres Sigcheck, et en théorie, il faudrait tous les vérifier (un par un ) sur un antivirus en ligne....et là, y a du boulot !

Gros virus !!!!

47 réponses

Votre réponse

Discussions similaires

Newsletters