Pc infecté par trojan downloader. Perdu.
typhon30
-
g!rly Messages postés 18462 Statut Contributeur -
g!rly Messages postés 18462 Statut Contributeur -
Bonjour à tous,
Mon PC a été rudement malmené par divers virus et trojans (downloader) et dialers.
J'ai utilisé a2 free et avast. Mais il reste encore pas mal de choses. Je ne sais pas faire autre chose que d'utiliser des logiciels pour en venir à bout. Quelqu'un peut-il m'aider ?
D'avance merci.
Je copie-colle le log hijack.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43, on 2007-11-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Elantech\ktp3.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\mrofinu1148.exe
C:\WINDOWS\msimn.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LaCie\Backup Software\LaCieBackup.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\WinAble\winable.exe
C:\PROGRA~1\COMMON~1\WNSXS~1\nslookup.exe
C:\Documents and Settings\Isabelle\Application Data\??stem\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.lemonde.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {B08ADC37-10DC-3F27-8F58-3EE6728303B0} - C:\WINDOWS\system32\pwik.dll (file missing)
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp3.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [msimn.exe] C:\WINDOWS\msimn.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Acus] "C:\PROGRA~1\COMMON~1\WNSXS~1\nslookup.exe" -vt yazb
O4 - HKCU\..\Run: [Krki] "C:\Documents and Settings\Isabelle\Application Data\??stem\logonui.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1109001892015
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Outlook Express\profsywu.html
--
End of file - 9645 bytes
Mon PC a été rudement malmené par divers virus et trojans (downloader) et dialers.
J'ai utilisé a2 free et avast. Mais il reste encore pas mal de choses. Je ne sais pas faire autre chose que d'utiliser des logiciels pour en venir à bout. Quelqu'un peut-il m'aider ?
D'avance merci.
Je copie-colle le log hijack.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43, on 2007-11-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Elantech\ktp3.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\mrofinu1148.exe
C:\WINDOWS\msimn.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LaCie\Backup Software\LaCieBackup.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\WinAble\winable.exe
C:\PROGRA~1\COMMON~1\WNSXS~1\nslookup.exe
C:\Documents and Settings\Isabelle\Application Data\??stem\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.lemonde.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {B08ADC37-10DC-3F27-8F58-3EE6728303B0} - C:\WINDOWS\system32\pwik.dll (file missing)
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp3.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [msimn.exe] C:\WINDOWS\msimn.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Acus] "C:\PROGRA~1\COMMON~1\WNSXS~1\nslookup.exe" -vt yazb
O4 - HKCU\..\Run: [Krki] "C:\Documents and Settings\Isabelle\Application Data\??stem\logonui.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1109001892015
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Outlook Express\profsywu.html
--
End of file - 9645 bytes
A voir également:
- Pc infecté par trojan downloader. Perdu.
- Downloader for pc - Télécharger - Téléchargement & Transfert
- Code deverouillage telephone perdu - Guide
- Reinitialiser pc - Guide
- Pc lent - Guide
- Mot de passe bios perdu - Guide
37 réponses
salut,
Télécharge combofix.exe (par sUBs) sur ton Bureau.
-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Télécharge combofix.exe (par sUBs) sur ton Bureau.
-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Bonjour g!rly, merci infiniment de m'aider. Alors voici ce que donne combofix.
ComboFix 07-11-19.4 - Isabelle 2007-11-28 12:45:35.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.149 [GMT 1:00]
Running from: C:\Documents and Settings\Isabelle\Bureau\ComboFix.exe
.
[i] ADS - svchost.exe: deleted 68 bytes in 1 streams. [/i]
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Isabelle\Application Data\HbTools_Icons
C:\Documents and Settings\Isabelle\Application Data\HbTools_Icons\meetic.ico
C:\Documents and Settings\Isabelle\Application Data\HbTools_Icons\Registryrepair.ico
C:\Documents and Settings\Isabelle\Application Data\HbTools_Icons\wallpapere1.ico
C:\Documents and Settings\Isabelle\Application Data\hidires
C:\Documents and Settings\Isabelle\Application Data\SSTEM3~1
C:\Documents and Settings\Isabelle\Application Data\STEM~1
C:\Documents and Settings\Isabelle\Application Data\STEM~1\logonui.exe
C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe
C:\Program Files\Outlook Express\profsywu.html
C:\Program Files\Temporary
C:\Program Files\WinAble
C:\Program Files\WinAble\winable.exe
C:\setup.exe
C:\WINDOWS\b111.exe
C:\WINDOWS\exefld
C:\WINDOWS\system32\wcpsvcc32.exe
C:\WINDOWS\system32\wintems.exe
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\m_hook
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-28 to 2007-11-28 ))))))))))))))))))))))))))))))))))))
.
2007-11-28 12:06 <REP> C:\WINDOWS\LastGood.Tmp
2007-11-28 12:06 44,690 --a------ C:\d8e9w3l6u1g1.exe
2007-11-28 08:33 <REP> d-------- C:\Program Files\Trend Micro
2007-11-28 08:29 812,344 --a------ C:\Program Files\HijackThisInstall.exe
2007-11-28 08:16 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-11-27 21:36 <REP> d-------- C:\Program Files\a-squared Free
2007-11-27 21:11 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-11-27 21:11 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-27 21:11 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-11-27 21:10 <REP> d-------- C:\Program Files\Alwil Software
2007-11-27 21:10 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-11-27 21:10 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-11-27 21:10 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-11-27 21:10 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-11-27 21:10 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-11-27 17:15 547,980 --a------ C:\WINDOWS\party_jpg.zip
2007-11-27 17:15 547,840 -r-hs---- C:\WINDOWS\msimn.exe
2007-11-26 07:10 <REP> d-------- C:\Documents and Settings\Isabelle\Application Data\Le Monde diplomatique
2007-11-26 07:09 <REP> d-------- C:\Program Files\LeMondediplomatique
2007-11-22 19:13 <REP> d-------- C:\Program Files\PDFCreator Toolbar
2007-11-22 19:13 <REP> d-------- C:\Program Files\PDFCreator
2007-11-22 19:13 264,097 --a------ C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_2156.exe
2007-11-22 19:13 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2007-11-22 19:13 116,224 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
2007-11-22 19:13 59,904 --a------ C:\WINDOWS\system32\MSCC2FR.DLL
2007-11-22 19:13 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL
2007-11-20 14:08 <REP> d-------- C:\Program Files\AvantGo
2007-11-20 14:08 111,376 --a------ C:\WINDOWS\system32\expat.dll
2007-11-20 11:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2007-11-20 11:22 <REP> d-------- C:\Program Files\IVT Corporation
2007-11-20 11:04 <REP> d-------- C:\Program Files\Lavalys
2007-11-19 14:08 <REP> d-------- C:\Documents and Settings\Isabelle\Application Data\Leadertech
2007-11-19 13:53 <REP> d-------- C:\Program Files\Fichiers communs\DataViz
2007-11-19 13:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DataViz
2007-11-19 13:52 <REP> d-------- C:\Program Files\Documents To Go
2007-11-19 13:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HotSync
2007-11-19 13:47 53,248 --a------ C:\WINDOWS\PalmDevC.dll
2007-11-19 13:42 <REP> d-------- C:\Program Files\Palm
2007-11-19 13:38 <REP> d-------- C:\Documents and Settings\Isabelle\Application Data\HotSync
2007-11-18 10:50 217,088 --a------ C:\Program Files\uninstaller.exe
2007-11-17 02:53 35,840 --a------ C:\WINDOWS\mrofinu1148.exe
2007-11-16 18:13 <REP> d--h----- C:\Program Files\Fichiers communs\Carlson
2007-11-15 17:55 <REP> d-------- C:\Program Files\HotPotatoes6
2007-11-15 07:30 <REP> d-------- C:\Documents and Settings\Isabelle\Application Data\OpenOffice.org2
2007-11-15 07:27 <REP> d-------- C:\Program Files\OpenOffice.org 2.3
2007-11-15 07:19 <REP> d-------- C:\Program Files\readmes
2007-11-15 07:19 <REP> d-------- C:\Program Files\licenses
2007-11-02 22:09 <REP> d-------- C:\Documents and Settings\Isabelle\Application Data\Media Player Classic
2007-11-02 13:25 <REP> d-------- C:\Program Files\Atari
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-28 08:52 39,520 ----a-w C:\Documents and Settings\Isabelle\Application Data\wklnhst.dat
2007-11-27 20:02 --------- d-----w C:\Program Files\eMule
2007-11-21 20:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-21 20:46 --------- d-----w C:\Program Files\Logitech
2007-11-21 20:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Anoto
2007-11-19 12:38 16,694 ----a-w C:\WINDOWS\system32\drivers\PalmUSBD.sys
2007-11-18 09:49 --------- d-----w C:\Program Files\Phonmap
2007-11-18 08:42 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-11-18 08:33 --------- d-----w C:\Program Files\Dialang
2007-11-18 07:40 --------- d-----w C:\Program Files\Common Files
2007-11-15 19:09 --------- d-----w C:\Program Files\Audacity
2007-11-15 06:22 --------- d-----w C:\Program Files\Java
2007-11-06 05:53 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2007-11-03 08:00 --------- d-----w C:\Program Files\Google
2007-11-02 21:08 --------- d-----w C:\Program Files\Kazaa Lite K++
2007-10-18 17:27 1,164,456 ----a-w C:\Program Files\install_flash_player.exe
2007-10-16 09:55 --------- d-----w C:\Documents and Settings\Isabelle\Application Data\Vision Objects
2007-10-16 09:42 --------- d-----w C:\Documents and Settings\Isabelle\Application Data\Anoto
2007-10-16 09:35 118,784 ------r C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2007-10-11 07:35 --------- d-----w C:\Program Files\Recovery for Word
2007-10-11 07:31 1,254,424 ----a-w C:\Program Files\wrdemo.exe
2007-10-11 07:22 --------- d-----w C:\Program Files\Ontrack
2007-10-11 07:20 36,205,940 ----a-w C:\Program Files\easyrecovery.exe
2007-10-11 06:33 --------- d-----w C:\Program Files\DivX
2007-10-02 07:05 621,181 ----a-w C:\Program Files\Phonmap5Setup.exe
2007-10-01 20:15 496,376 ----a-w C:\Program Files\ie6setup.exe
2007-10-01 20:13 14,826,288 ----a-w C:\Program Files\IE7-WindowsXP-x86-fra.exe
2007-10-01 20:12 884,096 ----a-w C:\Program Files\WGAPluginInstall.exe
2007-09-29 22:43 219,952 ----a-w C:\Program Files\utorrent.exe
2007-09-29 11:38 1,314,136 ----a-w C:\Program Files\DivXPlayer.exe
2007-09-24 20:40 0 ----a-w C:\state.dat
2007-09-21 07:50 24,536,608 ----a-w C:\Program Files\AdbeRdr810_fr_FR.exe
2007-09-18 19:26 3,858,985 ----a-w C:\Program Files\eMule0.48a-Installer.exe
2007-09-18 19:24 176,872 ----a-w C:\Program Files\instala-emule.exe
2007-09-16 11:53 5,832,400 ----a-w C:\Program Files\Firefox Setup 2.0.0.6.exe
2007-09-13 18:55 10,589,013 ----a-w C:\Program Files\vbplayer6_0_1_0_fre_1.exe
2007-09-11 18:30 73,480 ----a-w C:\Documents and Settings\Isabelle\Application Data\GDIPFONTCACHEV1.DAT
2007-09-10 20:04 67,185,957 ----a-w C:\Program Files\openofficeorg3.cab
2007-09-10 20:04 3,393,494 ----a-w C:\Program Files\openofficeorg4.cab
2007-09-10 19:55 19,165,163 ----a-w C:\Program Files\openofficeorg1.cab
2007-09-10 19:55 17,641,046 ----a-w C:\Program Files\openofficeorg2.cab
2007-09-10 19:53 4,368,384 ----a-w C:\Program Files\openofficeorg23.msi
2007-09-10 19:53 217 ----a-w C:\Program Files\setup.ini
2007-09-09 07:42 18,164,640 ----a-w C:\Program Files\aaw2007.exe
2007-09-07 08:02 5,170,176 ----a-w C:\Program Files\WindowsDefender.msi
2007-09-05 16:20 2,228,534 ----a-w C:\Program Files\audacity-win-1.2.6.exe
2007-09-02 21:59 17,929,072 ----a-w C:\Program Files\Install_Messenger.exe
2007-08-30 20:49 319,488 ----a-w C:\Program Files\setup.exe
2007-07-16 14:03 66,047 ----a-w C:\Program Files\laval.doc
2007-06-26 19:35 34,658,095 ----a-w C:\Program Files\NVE3content.exe
2007-06-26 19:34 22,396,022 ----a-w C:\Program Files\NVE2content.exe
2007-06-04 04:28 2,789,618 ----a-w C:\Program Files\eMule0.48a.zip
2007-06-02 12:27 3,116,521 ----a-w C:\Program Files\dialang.exe
2007-06-02 12:26 16,992,339 ----a-w C:\Program Files\sun_jre_installer.exe
2007-06-01 19:37 824,728 ----a-w C:\Program Files\Google_Updater.exe
2007-05-30 18:30 16,840,120 ----a-w C:\Program Files\IE7Setup_G_FR.exe
2007-05-29 19:17 1,127,307 ----a-w C:\Program Files\wrar362fr.exe
2007-05-24 11:21 10,834 ----a-w C:\Program Files\index.xhtml
2007-05-24 11:07 2,691,493 ----a-w C:\Program Files\nl_setup.exe
2007-05-12 07:00 58,313,550 ----a-w C:\Program Files\nortonsystemworks.exe
2007-05-08 06:52 466,680 ----a-w C:\Program Files\dsc00570-h.djvu
2007-05-05 11:12 28,547,568 ----a-w C:\Program Files\FileFormatConverters.exe
2007-04-20 19:24 9,357,092 ----a-w C:\Program Files\vlc-0.8.6b-win32.exe
2007-04-05 06:42 5,819,944 ----a-w C:\Program Files\Firefox Setup 2.0.0.3.exe
2007-03-30 17:18 10,147,620 ----a-w C:\Program Files\QuicktracksInstaller3027.exe
2007-03-30 17:12 5,554,688 ----a-w C:\Program Files\SmartSound Quicktracks Plugin.msi
2007-03-23 14:51 124,309,192 ----a-w C:\Program Files\RagTime_6.0.1(1601)web.zip
2007-03-02 17:44 1,126,115 ----a-w C:\Program Files\EB2install.exe
2007-02-19 15:12 4,277,864 ----a-w C:\Program Files\wz100fev.exe
2006-12-20 20:48 1,282,759 ----a-w C:\Program Files\motherboard_monitor_motherboard_monitor_5.3.7.0_francais_9626.exe
2006-11-26 15:04 1,025,896 ----a-w C:\Program Files\spamfighter_web.exe
2006-10-29 06:37 354,122 ----a-w C:\Program Files\thedancer.exe
2006-10-26 11:01 1,924,156 ----a-w C:\Program Files\SyncBack_Setup_FR.zip
2006-10-26 07:37 3,096,728 ----a-w C:\Program Files\aisbackup.exe
2006-10-25 20:46 96,061 ----a-w C:\Program Files\TutorielFileZilla.sxw
2006-10-21 08:16 4,055,034 ----a-w C:\Program Files\ohmiNotes_PC.zip
2006-10-21 07:43 10,492,602 ----a-w C:\Program Files\InstallPersoNotes.exe
2006-10-20 20:20 0 ----a-w C:\Documents and Settings\Isabelle\iphist.dat
2006-10-20 20:16 8,589,078 ----a-w C:\Program Files\instprof10.exe
2006-10-15 14:56 4,402,056 ----a-w C:\Program Files\ASDsetup.exe
2006-10-04 19:30 36,656,704 ----a-w C:\Program Files\iTunesSetup.exe
2006-09-25 17:44 5,057,248 ----a-w C:\Program Files\MediaMonkey_Setup_2_5_4.exe
2006-07-10 17:32 128,828 ----a-w C:\Program Files\Win98SE_C130.zip
2006-07-10 17:09 794,702 ----a-w C:\Program Files\UStorageWin98Driver2.0.exe
2006-06-29 11:17 3,489,238 ----a-w C:\Program Files\FileZilla_2_2_25_setup.exe
2006-06-26 20:45 4,789,792 ----a-w C:\Program Files\picasa2-current.exe
2006-02-03 08:12 611,272 ----a-w C:\Program Files\kazaa_setup.exe
2006-02-03 08:01 2,803,665 ----a-w C:\Program Files\klitekpp243f.exe
2006-02-03 07:44 4,677,596 ----a-w C:\Program Files\eMule0.47a-Installer.exe
2005-10-31 16:40 11,768,792 ----a-w C:\Program Files\GoogleEarthSetup.exe
2005-10-26 14:44 1,219,016 ----a-w C:\Program Files\Install.exe
2005-09-18 09:08 164,579 ----a-w C:\Program Files\GoogleVideoUploaderInstaller.exe
2005-09-07 13:36 226,584 ----a-w C:\Program Files\jre-1_5_0_04-windows-i586-p-iftw.exe
2005-09-03 14:55 2,541,831 ----a-w C:\Program Files\SetupCloneCD5261.exe
2005-09-03 14:43 4,577,316 ----a-w C:\Program Files\eMule0.46c-Installer.exe
2005-09-02 19:47 7,048,808 ----a-w C:\Program Files\pf600016.exe
2005-09-02 18:01 2,538,733 ----a-w C:\Program Files\winzip9_vnu.exe
2005-08-04 20:11 350,817 -c--a-w C:\Program Files\aaw-lang-pack.exe
2005-08-04 20:09 2,855,080 ----a-w C:\Program Files\aawsepersonal.exe
2005-06-28 04:29 13,450,424 ------w C:\Program Files\kav5.0trial_personalfr.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B08ADC37-10DC-3F27-8F58-3EE6728303B0}]
C:\WINDOWS\system32\pwik.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-12-09 15:38]
"LaCie Backup"="C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe" [2006-01-24 08:55]
"german.exe"="C:\WINDOWS\system32\wintems.exe" []
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-11-06 06:54]
"Acus"="C:\PROGRA~1\COMMON~1\WNSXS~1\nslookup.exe" [2007-11-18 08:40]
"Krki"="C:\Documents and Settings\Isabelle\Application Data\??stem\logonui.exe" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-12 21:05]
"AGRSMMSG"="AGRSMMSG.exe" [2005-01-17 11:12 C:\WINDOWS\AGRSMMSG.exe]
"KTPWare"="C:\Program Files\Elantech\ktp3.exe" [2004-11-17 14:38]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 16:26]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-05-19 06:05]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-16 00:15]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2005-04-11 22:49]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
"msimn.exe"="C:\WINDOWS\msimn.exe" [2007-11-27 17:15]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"SFCDisable"=dword:ffffff9d
[color=red]SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^desktop.ini]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
backup=C:\WINDOWS\pss\desktop.iniCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Isabelle^Menu Démarrer^Programmes^Démarrage^WKCALREM.LNK]
path=C:\Documents and Settings\Isabelle\Menu Démarrer\Programmes\Démarrage\WKCALREM.LNK
backup=C:\WINDOWS\pss\WKCALREM.LNKStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
C:\Program Files\IncrediMail\bin\IncMail.exe /c
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2005-04-11 22:49 127118 --------- C:\Program Files\CyberLink\PowerCinema\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot
R3 CB54G3;Wireless CB54G3/MP54G3 Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\i2220ntx.sys
R3 Ktp3;Elantech TouchPad(KTP3);C:\WINDOWS\system32\DRIVERS\Ktp3.sys
S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
S3 DSDrv4;DSDrv4;\??\C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys
S3 LVHybrid;LVHybrid service;C:\WINDOWS\system32\DRIVERS\LVHybrid.sys
S3 Phal;Phal - Logitech io2 USB driver;C:\WINDOWS\system32\Drivers\LPhalUsb.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{191dcc7d-8d31-11d9-8009-806d6172696f}]
\Shell\AutoRun\command - D:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22611b3c-8ea3-11dc-8cfe-000c76f734e6}]
\Shell\AutoRun\command - G:\start.exe
\Shell\iledefrance\command - G:\start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea2f1c00-8cb7-11d9-bf82-0011091f4734}]
\Shell\AutoRun\command - D:\Autorun.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-23 16:15:01 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-11-28 11:54:18 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-28 12:52:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2007-11-28 12:55:30 - machine was rebooted
.
--- E O F ---
ComboFix 07-11-19.4 - Isabelle 2007-11-28 12:45:35.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.149 [GMT 1:00]
Running from: C:\Documents and Settings\Isabelle\Bureau\ComboFix.exe
.
[i] ADS - svchost.exe: deleted 68 bytes in 1 streams. [/i]
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Isabelle\Application Data\HbTools_Icons
C:\Documents and Settings\Isabelle\Application Data\HbTools_Icons\meetic.ico
C:\Documents and Settings\Isabelle\Application Data\HbTools_Icons\Registryrepair.ico
C:\Documents and Settings\Isabelle\Application Data\HbTools_Icons\wallpapere1.ico
C:\Documents and Settings\Isabelle\Application Data\hidires
C:\Documents and Settings\Isabelle\Application Data\SSTEM3~1
C:\Documents and Settings\Isabelle\Application Data\STEM~1
C:\Documents and Settings\Isabelle\Application Data\STEM~1\logonui.exe
C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe
C:\Program Files\Outlook Express\profsywu.html
C:\Program Files\Temporary
C:\Program Files\WinAble
C:\Program Files\WinAble\winable.exe
C:\setup.exe
C:\WINDOWS\b111.exe
C:\WINDOWS\exefld
C:\WINDOWS\system32\wcpsvcc32.exe
C:\WINDOWS\system32\wintems.exe
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\m_hook
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-28 to 2007-11-28 ))))))))))))))))))))))))))))))))))))
.
2007-11-28 12:06 <REP> C:\WINDOWS\LastGood.Tmp
2007-11-28 12:06 44,690 --a------ C:\d8e9w3l6u1g1.exe
2007-11-28 08:33 <REP> d-------- C:\Program Files\Trend Micro
2007-11-28 08:29 812,344 --a------ C:\Program Files\HijackThisInstall.exe
2007-11-28 08:16 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-11-27 21:36 <REP> d-------- C:\Program Files\a-squared Free
2007-11-27 21:11 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-11-27 21:11 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-27 21:11 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-11-27 21:10 <REP> d-------- C:\Program Files\Alwil Software
2007-11-27 21:10 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-11-27 21:10 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-11-27 21:10 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-11-27 21:10 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-11-27 21:10 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-11-27 17:15 547,980 --a------ C:\WINDOWS\party_jpg.zip
2007-11-27 17:15 547,840 -r-hs---- C:\WINDOWS\msimn.exe
2007-11-26 07:10 <REP> d-------- C:\Documents and Settings\Isabelle\Application Data\Le Monde diplomatique
2007-11-26 07:09 <REP> d-------- C:\Program Files\LeMondediplomatique
2007-11-22 19:13 <REP> d-------- C:\Program Files\PDFCreator Toolbar
2007-11-22 19:13 <REP> d-------- C:\Program Files\PDFCreator
2007-11-22 19:13 264,097 --a------ C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_2156.exe
2007-11-22 19:13 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2007-11-22 19:13 116,224 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
2007-11-22 19:13 59,904 --a------ C:\WINDOWS\system32\MSCC2FR.DLL
2007-11-22 19:13 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL
2007-11-20 14:08 <REP> d-------- C:\Program Files\AvantGo
2007-11-20 14:08 111,376 --a------ C:\WINDOWS\system32\expat.dll
2007-11-20 11:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2007-11-20 11:22 <REP> d-------- C:\Program Files\IVT Corporation
2007-11-20 11:04 <REP> d-------- C:\Program Files\Lavalys
2007-11-19 14:08 <REP> d-------- C:\Documents and Settings\Isabelle\Application Data\Leadertech
2007-11-19 13:53 <REP> d-------- C:\Program Files\Fichiers communs\DataViz
2007-11-19 13:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DataViz
2007-11-19 13:52 <REP> d-------- C:\Program Files\Documents To Go
2007-11-19 13:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HotSync
2007-11-19 13:47 53,248 --a------ C:\WINDOWS\PalmDevC.dll
2007-11-19 13:42 <REP> d-------- C:\Program Files\Palm
2007-11-19 13:38 <REP> d-------- C:\Documents and Settings\Isabelle\Application Data\HotSync
2007-11-18 10:50 217,088 --a------ C:\Program Files\uninstaller.exe
2007-11-17 02:53 35,840 --a------ C:\WINDOWS\mrofinu1148.exe
2007-11-16 18:13 <REP> d--h----- C:\Program Files\Fichiers communs\Carlson
2007-11-15 17:55 <REP> d-------- C:\Program Files\HotPotatoes6
2007-11-15 07:30 <REP> d-------- C:\Documents and Settings\Isabelle\Application Data\OpenOffice.org2
2007-11-15 07:27 <REP> d-------- C:\Program Files\OpenOffice.org 2.3
2007-11-15 07:19 <REP> d-------- C:\Program Files\readmes
2007-11-15 07:19 <REP> d-------- C:\Program Files\licenses
2007-11-02 22:09 <REP> d-------- C:\Documents and Settings\Isabelle\Application Data\Media Player Classic
2007-11-02 13:25 <REP> d-------- C:\Program Files\Atari
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-28 08:52 39,520 ----a-w C:\Documents and Settings\Isabelle\Application Data\wklnhst.dat
2007-11-27 20:02 --------- d-----w C:\Program Files\eMule
2007-11-21 20:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-21 20:46 --------- d-----w C:\Program Files\Logitech
2007-11-21 20:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Anoto
2007-11-19 12:38 16,694 ----a-w C:\WINDOWS\system32\drivers\PalmUSBD.sys
2007-11-18 09:49 --------- d-----w C:\Program Files\Phonmap
2007-11-18 08:42 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-11-18 08:33 --------- d-----w C:\Program Files\Dialang
2007-11-18 07:40 --------- d-----w C:\Program Files\Common Files
2007-11-15 19:09 --------- d-----w C:\Program Files\Audacity
2007-11-15 06:22 --------- d-----w C:\Program Files\Java
2007-11-06 05:53 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2007-11-03 08:00 --------- d-----w C:\Program Files\Google
2007-11-02 21:08 --------- d-----w C:\Program Files\Kazaa Lite K++
2007-10-18 17:27 1,164,456 ----a-w C:\Program Files\install_flash_player.exe
2007-10-16 09:55 --------- d-----w C:\Documents and Settings\Isabelle\Application Data\Vision Objects
2007-10-16 09:42 --------- d-----w C:\Documents and Settings\Isabelle\Application Data\Anoto
2007-10-16 09:35 118,784 ------r C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2007-10-11 07:35 --------- d-----w C:\Program Files\Recovery for Word
2007-10-11 07:31 1,254,424 ----a-w C:\Program Files\wrdemo.exe
2007-10-11 07:22 --------- d-----w C:\Program Files\Ontrack
2007-10-11 07:20 36,205,940 ----a-w C:\Program Files\easyrecovery.exe
2007-10-11 06:33 --------- d-----w C:\Program Files\DivX
2007-10-02 07:05 621,181 ----a-w C:\Program Files\Phonmap5Setup.exe
2007-10-01 20:15 496,376 ----a-w C:\Program Files\ie6setup.exe
2007-10-01 20:13 14,826,288 ----a-w C:\Program Files\IE7-WindowsXP-x86-fra.exe
2007-10-01 20:12 884,096 ----a-w C:\Program Files\WGAPluginInstall.exe
2007-09-29 22:43 219,952 ----a-w C:\Program Files\utorrent.exe
2007-09-29 11:38 1,314,136 ----a-w C:\Program Files\DivXPlayer.exe
2007-09-24 20:40 0 ----a-w C:\state.dat
2007-09-21 07:50 24,536,608 ----a-w C:\Program Files\AdbeRdr810_fr_FR.exe
2007-09-18 19:26 3,858,985 ----a-w C:\Program Files\eMule0.48a-Installer.exe
2007-09-18 19:24 176,872 ----a-w C:\Program Files\instala-emule.exe
2007-09-16 11:53 5,832,400 ----a-w C:\Program Files\Firefox Setup 2.0.0.6.exe
2007-09-13 18:55 10,589,013 ----a-w C:\Program Files\vbplayer6_0_1_0_fre_1.exe
2007-09-11 18:30 73,480 ----a-w C:\Documents and Settings\Isabelle\Application Data\GDIPFONTCACHEV1.DAT
2007-09-10 20:04 67,185,957 ----a-w C:\Program Files\openofficeorg3.cab
2007-09-10 20:04 3,393,494 ----a-w C:\Program Files\openofficeorg4.cab
2007-09-10 19:55 19,165,163 ----a-w C:\Program Files\openofficeorg1.cab
2007-09-10 19:55 17,641,046 ----a-w C:\Program Files\openofficeorg2.cab
2007-09-10 19:53 4,368,384 ----a-w C:\Program Files\openofficeorg23.msi
2007-09-10 19:53 217 ----a-w C:\Program Files\setup.ini
2007-09-09 07:42 18,164,640 ----a-w C:\Program Files\aaw2007.exe
2007-09-07 08:02 5,170,176 ----a-w C:\Program Files\WindowsDefender.msi
2007-09-05 16:20 2,228,534 ----a-w C:\Program Files\audacity-win-1.2.6.exe
2007-09-02 21:59 17,929,072 ----a-w C:\Program Files\Install_Messenger.exe
2007-08-30 20:49 319,488 ----a-w C:\Program Files\setup.exe
2007-07-16 14:03 66,047 ----a-w C:\Program Files\laval.doc
2007-06-26 19:35 34,658,095 ----a-w C:\Program Files\NVE3content.exe
2007-06-26 19:34 22,396,022 ----a-w C:\Program Files\NVE2content.exe
2007-06-04 04:28 2,789,618 ----a-w C:\Program Files\eMule0.48a.zip
2007-06-02 12:27 3,116,521 ----a-w C:\Program Files\dialang.exe
2007-06-02 12:26 16,992,339 ----a-w C:\Program Files\sun_jre_installer.exe
2007-06-01 19:37 824,728 ----a-w C:\Program Files\Google_Updater.exe
2007-05-30 18:30 16,840,120 ----a-w C:\Program Files\IE7Setup_G_FR.exe
2007-05-29 19:17 1,127,307 ----a-w C:\Program Files\wrar362fr.exe
2007-05-24 11:21 10,834 ----a-w C:\Program Files\index.xhtml
2007-05-24 11:07 2,691,493 ----a-w C:\Program Files\nl_setup.exe
2007-05-12 07:00 58,313,550 ----a-w C:\Program Files\nortonsystemworks.exe
2007-05-08 06:52 466,680 ----a-w C:\Program Files\dsc00570-h.djvu
2007-05-05 11:12 28,547,568 ----a-w C:\Program Files\FileFormatConverters.exe
2007-04-20 19:24 9,357,092 ----a-w C:\Program Files\vlc-0.8.6b-win32.exe
2007-04-05 06:42 5,819,944 ----a-w C:\Program Files\Firefox Setup 2.0.0.3.exe
2007-03-30 17:18 10,147,620 ----a-w C:\Program Files\QuicktracksInstaller3027.exe
2007-03-30 17:12 5,554,688 ----a-w C:\Program Files\SmartSound Quicktracks Plugin.msi
2007-03-23 14:51 124,309,192 ----a-w C:\Program Files\RagTime_6.0.1(1601)web.zip
2007-03-02 17:44 1,126,115 ----a-w C:\Program Files\EB2install.exe
2007-02-19 15:12 4,277,864 ----a-w C:\Program Files\wz100fev.exe
2006-12-20 20:48 1,282,759 ----a-w C:\Program Files\motherboard_monitor_motherboard_monitor_5.3.7.0_francais_9626.exe
2006-11-26 15:04 1,025,896 ----a-w C:\Program Files\spamfighter_web.exe
2006-10-29 06:37 354,122 ----a-w C:\Program Files\thedancer.exe
2006-10-26 11:01 1,924,156 ----a-w C:\Program Files\SyncBack_Setup_FR.zip
2006-10-26 07:37 3,096,728 ----a-w C:\Program Files\aisbackup.exe
2006-10-25 20:46 96,061 ----a-w C:\Program Files\TutorielFileZilla.sxw
2006-10-21 08:16 4,055,034 ----a-w C:\Program Files\ohmiNotes_PC.zip
2006-10-21 07:43 10,492,602 ----a-w C:\Program Files\InstallPersoNotes.exe
2006-10-20 20:20 0 ----a-w C:\Documents and Settings\Isabelle\iphist.dat
2006-10-20 20:16 8,589,078 ----a-w C:\Program Files\instprof10.exe
2006-10-15 14:56 4,402,056 ----a-w C:\Program Files\ASDsetup.exe
2006-10-04 19:30 36,656,704 ----a-w C:\Program Files\iTunesSetup.exe
2006-09-25 17:44 5,057,248 ----a-w C:\Program Files\MediaMonkey_Setup_2_5_4.exe
2006-07-10 17:32 128,828 ----a-w C:\Program Files\Win98SE_C130.zip
2006-07-10 17:09 794,702 ----a-w C:\Program Files\UStorageWin98Driver2.0.exe
2006-06-29 11:17 3,489,238 ----a-w C:\Program Files\FileZilla_2_2_25_setup.exe
2006-06-26 20:45 4,789,792 ----a-w C:\Program Files\picasa2-current.exe
2006-02-03 08:12 611,272 ----a-w C:\Program Files\kazaa_setup.exe
2006-02-03 08:01 2,803,665 ----a-w C:\Program Files\klitekpp243f.exe
2006-02-03 07:44 4,677,596 ----a-w C:\Program Files\eMule0.47a-Installer.exe
2005-10-31 16:40 11,768,792 ----a-w C:\Program Files\GoogleEarthSetup.exe
2005-10-26 14:44 1,219,016 ----a-w C:\Program Files\Install.exe
2005-09-18 09:08 164,579 ----a-w C:\Program Files\GoogleVideoUploaderInstaller.exe
2005-09-07 13:36 226,584 ----a-w C:\Program Files\jre-1_5_0_04-windows-i586-p-iftw.exe
2005-09-03 14:55 2,541,831 ----a-w C:\Program Files\SetupCloneCD5261.exe
2005-09-03 14:43 4,577,316 ----a-w C:\Program Files\eMule0.46c-Installer.exe
2005-09-02 19:47 7,048,808 ----a-w C:\Program Files\pf600016.exe
2005-09-02 18:01 2,538,733 ----a-w C:\Program Files\winzip9_vnu.exe
2005-08-04 20:11 350,817 -c--a-w C:\Program Files\aaw-lang-pack.exe
2005-08-04 20:09 2,855,080 ----a-w C:\Program Files\aawsepersonal.exe
2005-06-28 04:29 13,450,424 ------w C:\Program Files\kav5.0trial_personalfr.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B08ADC37-10DC-3F27-8F58-3EE6728303B0}]
C:\WINDOWS\system32\pwik.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-12-09 15:38]
"LaCie Backup"="C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe" [2006-01-24 08:55]
"german.exe"="C:\WINDOWS\system32\wintems.exe" []
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-11-06 06:54]
"Acus"="C:\PROGRA~1\COMMON~1\WNSXS~1\nslookup.exe" [2007-11-18 08:40]
"Krki"="C:\Documents and Settings\Isabelle\Application Data\??stem\logonui.exe" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-12 21:05]
"AGRSMMSG"="AGRSMMSG.exe" [2005-01-17 11:12 C:\WINDOWS\AGRSMMSG.exe]
"KTPWare"="C:\Program Files\Elantech\ktp3.exe" [2004-11-17 14:38]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 16:26]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-05-19 06:05]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-16 00:15]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2005-04-11 22:49]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
"msimn.exe"="C:\WINDOWS\msimn.exe" [2007-11-27 17:15]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"SFCDisable"=dword:ffffff9d
[color=red]SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^desktop.ini]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
backup=C:\WINDOWS\pss\desktop.iniCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Isabelle^Menu Démarrer^Programmes^Démarrage^WKCALREM.LNK]
path=C:\Documents and Settings\Isabelle\Menu Démarrer\Programmes\Démarrage\WKCALREM.LNK
backup=C:\WINDOWS\pss\WKCALREM.LNKStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
C:\Program Files\IncrediMail\bin\IncMail.exe /c
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2005-04-11 22:49 127118 --------- C:\Program Files\CyberLink\PowerCinema\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot
R3 CB54G3;Wireless CB54G3/MP54G3 Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\i2220ntx.sys
R3 Ktp3;Elantech TouchPad(KTP3);C:\WINDOWS\system32\DRIVERS\Ktp3.sys
S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
S3 DSDrv4;DSDrv4;\??\C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys
S3 LVHybrid;LVHybrid service;C:\WINDOWS\system32\DRIVERS\LVHybrid.sys
S3 Phal;Phal - Logitech io2 USB driver;C:\WINDOWS\system32\Drivers\LPhalUsb.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{191dcc7d-8d31-11d9-8009-806d6172696f}]
\Shell\AutoRun\command - D:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22611b3c-8ea3-11dc-8cfe-000c76f734e6}]
\Shell\AutoRun\command - G:\start.exe
\Shell\iledefrance\command - G:\start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea2f1c00-8cb7-11d9-bf82-0011091f4734}]
\Shell\AutoRun\command - D:\Autorun.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-23 16:15:01 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-11-28 11:54:18 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-28 12:52:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2007-11-28 12:55:30 - machine was rebooted
.
--- E O F ---
post un hijack this stp
Télécharge HijackThis ici :
-> https://www.zebulon.fr/telechargements/securite/systeme/hijackthis.html
Tutoriel d´installation (images) :
-> http://pchelpbordeaux.free.fr/tuto.html
Tutoriel d´utilisation (video) :
-> http://pageperso.aol.fr/balltrap34/demohijack.htm
Post le rapport généré ici stp...
Télécharge HijackThis ici :
-> https://www.zebulon.fr/telechargements/securite/systeme/hijackthis.html
Tutoriel d´installation (images) :
-> http://pchelpbordeaux.free.fr/tuto.html
Tutoriel d´utilisation (video) :
-> http://pageperso.aol.fr/balltrap34/demohijack.htm
Post le rapport généré ici stp...
Voici le résultat :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:40:46, on 28/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Elantech\ktp3.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\msimn.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\LaCie\Backup Software\LaCieBackup.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\PROGRA~1\INCRED~1\bin\IncMail.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Isabelle\LOCALS~1\Temp\Rar$EX00.843\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.lemonde.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {B08ADC37-10DC-3F27-8F58-3EE6728303B0} - C:\WINDOWS\system32\pwik.dll (file missing)
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp3.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [msimn.exe] C:\WINDOWS\msimn.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Acus] "C:\PROGRA~1\COMMON~1\WNSXS~1\nslookup.exe" -vt yazb
O4 - HKCU\..\Run: [Krki] "C:\Documents and Settings\Isabelle\Application Data\??stem\logonui.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1109001892015
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:40:46, on 28/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Elantech\ktp3.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\msimn.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\LaCie\Backup Software\LaCieBackup.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\PROGRA~1\INCRED~1\bin\IncMail.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Isabelle\LOCALS~1\Temp\Rar$EX00.843\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.lemonde.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {B08ADC37-10DC-3F27-8F58-3EE6728303B0} - C:\WINDOWS\system32\pwik.dll (file missing)
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp3.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [msimn.exe] C:\WINDOWS\msimn.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Acus] "C:\PROGRA~1\COMMON~1\WNSXS~1\nslookup.exe" -vt yazb
O4 - HKCU\..\Run: [Krki] "C:\Documents and Settings\Isabelle\Application Data\??stem\logonui.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1109001892015
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
re,
rends toi sur ce site et fais analyser ces fichiers : tu les upload en appuyant sur parcourir
C:\WINDOWS\system32\wintems.exe
C:\PROGRA~1\COMMON~1\WNSXS~1\nslookup.exe
C:\Documents and Settings\Isabelle\Application Data\??stemlogonui.exe"
le site :
https://www.virustotal.com/gui/
et poste les rapports ici stp
ps : si tu ne les trouve pas fais ceci :
tu peux les rechercher par la recherche windows
et si tu ne les trouve vraiment pas
Affiche tous les fichiers et dossiers :
Pour cela :
Clique sur démarrer/panneau de configuration/option des dossiers/affichage
Cocher afficher les dossiers cacher
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décocher masquer les extensions dont le type est connu
Puis fais «Ok» pour valider les changements.
Et appliquer
@+
rends toi sur ce site et fais analyser ces fichiers : tu les upload en appuyant sur parcourir
C:\WINDOWS\system32\wintems.exe
C:\PROGRA~1\COMMON~1\WNSXS~1\nslookup.exe
C:\Documents and Settings\Isabelle\Application Data\??stemlogonui.exe"
le site :
https://www.virustotal.com/gui/
et poste les rapports ici stp
ps : si tu ne les trouve pas fais ceci :
tu peux les rechercher par la recherche windows
et si tu ne les trouve vraiment pas
Affiche tous les fichiers et dossiers :
Pour cela :
Clique sur démarrer/panneau de configuration/option des dossiers/affichage
Cocher afficher les dossiers cacher
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décocher masquer les extensions dont le type est connu
Puis fais «Ok» pour valider les changements.
Et appliquer
@+
Salut G!rly !
Voici les procédures.
Pour le fichier WINTEMS, voici ce que ça donne. Il n'envoie rien. En fait c'est un fichier sous quarantaine dans le dossier qoobox.
0 bytes size received /
Pour le reste, voilà le résultat.
LOGONUI.EXE
Fichier logonui.exe reçu le 2007.11.28 16:40:55 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 0/32 (0%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 4.
L'heure estimée de démarrage est entre 47 et 68 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Formaté
Impression des résultats Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.
Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2007.11.28.1 2007.11.28 -
AntiVir 7.6.0.34 2007.11.28 -
Authentium 4.93.8 2007.11.28 -
Avast 4.7.1074.0 2007.11.27 -
AVG 7.5.0.503 2007.11.28 -
BitDefender 7.2 2007.11.28 -
CAT-QuickHeal 9.00 2007.11.27 -
ClamAV 0.91.2 2007.11.28 -
DrWeb 4.44.0.09170 2007.11.28 -
eSafe 7.0.15.0 2007.11.28 -
eTrust-Vet 31.3.5333 2007.11.28 -
Ewido 4.0 2007.11.28 -
FileAdvisor 1 2007.11.28 -
Fortinet 3.14.0.0 2007.11.28 -
F-Prot 4.4.2.54 2007.11.28 -
F-Secure 6.70.13030.0 2007.11.28 -
Ikarus T3.1.1.12 2007.11.28 -
Kaspersky 7.0.0.125 2007.11.28 -
McAfee 5172 2007.11.27 -
Microsoft 1.3007 2007.11.28 -
NOD32v2 2691 2007.11.28 -
Norman 5.80.02 2007.11.28 -
Panda 9.0.0.4 2007.11.26 -
Prevx1 V2 2007.11.28 -
Rising 20.20.21.00 2007.11.28 -
Sophos 4.23.0 2007.11.28 -
Sunbelt 2.2.907.0 2007.11.27 -
Symantec 10 2007.11.28 -
TheHacker 6.2.9.144 2007.11.28 -
VBA32 3.12.2.5 2007.11.27 -
VirusBuster 4.3.26:9 2007.11.28 -
Webwasher-Gateway 6.0.1 2007.11.28 -
Information additionnelle
File size: 515584 bytes
MD5: 064fdfd20a1df642d36cde1393d44651
SHA1: f2be261744930f75392d238498ebccf542d9a745
NSLOOKUP.EXE
Fichier nslookup.exe reçu le 2007.11.28 16:34:32 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 0/32 (0%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 17.
L'heure estimée de démarrage est entre 89 et 127 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Formaté
Impression des résultats Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.
Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2007.11.28.1 2007.11.28 -
AntiVir 7.6.0.34 2007.11.28 -
Authentium 4.93.8 2007.11.28 -
Avast 4.7.1074.0 2007.11.27 -
AVG 7.5.0.503 2007.11.28 -
BitDefender 7.2 2007.11.28 -
CAT-QuickHeal 9.00 2007.11.27 -
ClamAV 0.91.2 2007.11.28 -
DrWeb 4.44.0.09170 2007.11.28 -
eSafe 7.0.15.0 2007.11.28 -
eTrust-Vet 31.3.5333 2007.11.28 -
Ewido 4.0 2007.11.28 -
FileAdvisor 1 2007.11.28 -
Fortinet 3.14.0.0 2007.11.28 -
F-Prot 4.4.2.54 2007.11.28 -
F-Secure 6.70.13030.0 2007.11.28 -
Ikarus T3.1.1.12 2007.11.28 -
Kaspersky 7.0.0.125 2007.11.28 -
McAfee 5172 2007.11.27 -
Microsoft 1.3007 2007.11.28 -
NOD32v2 2691 2007.11.28 -
Norman 5.80.02 2007.11.28 -
Panda 9.0.0.4 2007.11.26 -
Prevx1 V2 2007.11.28 -
Rising 20.20.21.00 2007.11.28 -
Sophos 4.23.0 2007.11.28 -
Sunbelt 2.2.907.0 2007.11.27 -
Symantec 10 2007.11.28 -
TheHacker 6.2.9.144 2007.11.28 -
VBA32 3.12.2.5 2007.11.27 -
VirusBuster 4.3.26:9 2007.11.28 -
Webwasher-Gateway 6.0.1 2007.11.28 -
Information additionnelle
File size: 79360 bytes
MD5: 758bced6b825fd1794b0aac205fe7c73
SHA1: 690677e33612ecb55745ce2bc1b0b364a7784e53
Voici les procédures.
Pour le fichier WINTEMS, voici ce que ça donne. Il n'envoie rien. En fait c'est un fichier sous quarantaine dans le dossier qoobox.
0 bytes size received /
Pour le reste, voilà le résultat.
LOGONUI.EXE
Fichier logonui.exe reçu le 2007.11.28 16:40:55 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 0/32 (0%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 4.
L'heure estimée de démarrage est entre 47 et 68 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Formaté
Impression des résultats Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.
Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2007.11.28.1 2007.11.28 -
AntiVir 7.6.0.34 2007.11.28 -
Authentium 4.93.8 2007.11.28 -
Avast 4.7.1074.0 2007.11.27 -
AVG 7.5.0.503 2007.11.28 -
BitDefender 7.2 2007.11.28 -
CAT-QuickHeal 9.00 2007.11.27 -
ClamAV 0.91.2 2007.11.28 -
DrWeb 4.44.0.09170 2007.11.28 -
eSafe 7.0.15.0 2007.11.28 -
eTrust-Vet 31.3.5333 2007.11.28 -
Ewido 4.0 2007.11.28 -
FileAdvisor 1 2007.11.28 -
Fortinet 3.14.0.0 2007.11.28 -
F-Prot 4.4.2.54 2007.11.28 -
F-Secure 6.70.13030.0 2007.11.28 -
Ikarus T3.1.1.12 2007.11.28 -
Kaspersky 7.0.0.125 2007.11.28 -
McAfee 5172 2007.11.27 -
Microsoft 1.3007 2007.11.28 -
NOD32v2 2691 2007.11.28 -
Norman 5.80.02 2007.11.28 -
Panda 9.0.0.4 2007.11.26 -
Prevx1 V2 2007.11.28 -
Rising 20.20.21.00 2007.11.28 -
Sophos 4.23.0 2007.11.28 -
Sunbelt 2.2.907.0 2007.11.27 -
Symantec 10 2007.11.28 -
TheHacker 6.2.9.144 2007.11.28 -
VBA32 3.12.2.5 2007.11.27 -
VirusBuster 4.3.26:9 2007.11.28 -
Webwasher-Gateway 6.0.1 2007.11.28 -
Information additionnelle
File size: 515584 bytes
MD5: 064fdfd20a1df642d36cde1393d44651
SHA1: f2be261744930f75392d238498ebccf542d9a745
NSLOOKUP.EXE
Fichier nslookup.exe reçu le 2007.11.28 16:34:32 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 0/32 (0%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 17.
L'heure estimée de démarrage est entre 89 et 127 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Formaté
Impression des résultats Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.
Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2007.11.28.1 2007.11.28 -
AntiVir 7.6.0.34 2007.11.28 -
Authentium 4.93.8 2007.11.28 -
Avast 4.7.1074.0 2007.11.27 -
AVG 7.5.0.503 2007.11.28 -
BitDefender 7.2 2007.11.28 -
CAT-QuickHeal 9.00 2007.11.27 -
ClamAV 0.91.2 2007.11.28 -
DrWeb 4.44.0.09170 2007.11.28 -
eSafe 7.0.15.0 2007.11.28 -
eTrust-Vet 31.3.5333 2007.11.28 -
Ewido 4.0 2007.11.28 -
FileAdvisor 1 2007.11.28 -
Fortinet 3.14.0.0 2007.11.28 -
F-Prot 4.4.2.54 2007.11.28 -
F-Secure 6.70.13030.0 2007.11.28 -
Ikarus T3.1.1.12 2007.11.28 -
Kaspersky 7.0.0.125 2007.11.28 -
McAfee 5172 2007.11.27 -
Microsoft 1.3007 2007.11.28 -
NOD32v2 2691 2007.11.28 -
Norman 5.80.02 2007.11.28 -
Panda 9.0.0.4 2007.11.26 -
Prevx1 V2 2007.11.28 -
Rising 20.20.21.00 2007.11.28 -
Sophos 4.23.0 2007.11.28 -
Sunbelt 2.2.907.0 2007.11.27 -
Symantec 10 2007.11.28 -
TheHacker 6.2.9.144 2007.11.28 -
VBA32 3.12.2.5 2007.11.27 -
VirusBuster 4.3.26:9 2007.11.28 -
Webwasher-Gateway 6.0.1 2007.11.28 -
Information additionnelle
File size: 79360 bytes
MD5: 758bced6b825fd1794b0aac205fe7c73
SHA1: 690677e33612ecb55745ce2bc1b0b364a7784e53
Voici le log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:51:47, on 28/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Elantech\ktp3.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\msimn.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LaCie\Backup Software\LaCieBackup.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
C:\Program Files\Palm\Hotsync.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
c:\d8e9w3l6u1g1.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Isabelle\LOCALS~1\Temp\Rar$EX00.390\HijackThis.exe
C:\DOCUME~1\Isabelle\LOCALS~1\Temp\Rar$EX16.984\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.lemonde.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {B08ADC37-10DC-3F27-8F58-3EE6728303B0} - C:\WINDOWS\system32\pwik.dll (file missing)
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp3.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [msimn.exe] C:\WINDOWS\msimn.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Krki] "C:\Documents and Settings\Isabelle\Application Data\??stem\logonui.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1109001892015
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:51:47, on 28/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Elantech\ktp3.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\msimn.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LaCie\Backup Software\LaCieBackup.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
C:\Program Files\Palm\Hotsync.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
c:\d8e9w3l6u1g1.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Isabelle\LOCALS~1\Temp\Rar$EX00.390\HijackThis.exe
C:\DOCUME~1\Isabelle\LOCALS~1\Temp\Rar$EX16.984\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.lemonde.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {B08ADC37-10DC-3F27-8F58-3EE6728303B0} - C:\WINDOWS\system32\pwik.dll (file missing)
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp3.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [msimn.exe] C:\WINDOWS\msimn.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Krki] "C:\Documents and Settings\Isabelle\Application Data\??stem\logonui.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1109001892015
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
re,
Téléchargez MSNFix.zip (de !aur3n7) sur votre bureau:
http://sosvirus.changelog.fr/MSNFix.zip
Décompressez-le (clic droit >> Extraire ici) et double cliquer sur le fichier MSNFix.bat.
- Exécutez l'option R.
-- Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage
Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
- Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.txt
@+
Téléchargez MSNFix.zip (de !aur3n7) sur votre bureau:
http://sosvirus.changelog.fr/MSNFix.zip
Décompressez-le (clic droit >> Extraire ici) et double cliquer sur le fichier MSNFix.bat.
- Exécutez l'option R.
-- Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage
Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
- Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.txt
@+
G!rly, voici le rapport.
Je dois partir maintenant et je pourrais reprendre ce soir tard et demain. En attendant merci. J'attends de vos nouvelles.
MSNFix 1.593
C:\Documents and Settings\Isabelle\Bureau\MSNFix
Fix exécuté le 28/11/2007 - 19:32:12.44 By Isabelle
mode normal
************************ Recherche les fichiers présents
... C:\DOCUME~1\ALLUSE~1\MENUDM~1\carlton
... C:\Program Files\Fichiers communs\Carlson\carlton
... C:\d8e9w3l6u1g1.exe
... C:\WINDOWS\mrofinu*.exe
... C:\WINDOWS\mrofinu*.exe.tmp
... C:\WINDOWS\msimn.exe
... C:\WINDOWS\system32\ban_list.txt
... C:\WINDOWS\system32\microsoft\backup.ftp
... C:\WINDOWS\system32\microsoft\backup.tftp
... C:\WINDOWS\party_jpg.zip
************************ MSNCHK ***** /!\ beta test /!\
[!] C:\WINDOWS\party_jpg.zip is INFECTED
************************ Recherche les dossiers présents
... C:\Program Files\Fichiers communs\Carlson\
... C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP\
... C:\Temp\
************************ Suppression des fichiers
.. OK ... C:\DOCUME~1\ALLUSE~1\MENUDM~1\carlton
.. OK ... C:\Program Files\Fichiers communs\Carlson\carlton
/!\ ... C:\d8e9w3l6u1g1.exe
.. OK ... C:\WINDOWS\mrofinu*.exe
.. OK ... C:\WINDOWS\mrofinu*.exe.tmp
/!\ ... C:\WINDOWS\msimn.exe
.. OK ... C:\WINDOWS\system32\ban_list.txt
.. OK ... C:\WINDOWS\system32\microsoft\backup.ftp
.. OK ... C:\WINDOWS\system32\microsoft\backup.tftp
.. OK ... C:\1148.exe
/!\ ... C:\d8e9w3l6u1g1.exe
.. OK ... C:\WINDOWS\party_jpg.zip
************************ Suppression des dossiers
.. OK ... C:\Program Files\Fichiers communs\Carlson\
.. OK ... C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP\
.. OK ... C:\Temp\
************************ Nettoyage du registre
Les fichiers encore présents seront supprimés au prochain redémarrage
************************ Suppression des fichiers
.. OK ... C:\d8e9w3l6u1g1.exe
.. OK ... C:\WINDOWS\msimn.exe
.. OK ... C:\d8e9w3l6u1g1.exe
************************ Fichiers suspects
/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention
[C:\PROGRA~1\aaw-lang-pack.exe] C4A96CB2D7C1EC6915153A1A0392F7B5
[C:\PROGRA~1\aaw2007.exe] 9D71389BDF08044315F3D115AF8130CE
[C:\PROGRA~1\aawsepersonal.exe] 6286CF12EEAE984D381773F097BAF981
[C:\PROGRA~1\AdbeRdr810_fr_FR.exe] 7E94C7AB6BD90B3E138A1506D4910D97
[C:\PROGRA~1\aisbackup.exe] F0D6C59A0E19962CB45558BA8937BF17
[C:\PROGRA~1\ASDsetup.exe] 2B54BB1C0F7AC685BDC32367C8F6ED1A
[C:\PROGRA~1\audacity-win-1.2.6.exe] D59F24B86431EEB25281BCE7817783F1
[C:\PROGRA~1\dialang.exe] 37260B8518E91CEB353775A318A4C960
[C:\PROGRA~1\DivXPlayer.exe] FC9CB40815EF33398B40A60FEF3E00D4
[C:\PROGRA~1\easyrecovery.exe] 0573B35986C042A64912C8AD9E1FB781
[C:\PROGRA~1\EB2install.exe] 6E570BF2A9E3C64692DAC6F5DDBD51DE
[C:\PROGRA~1\eMule0.46c-Installer.exe] CAF23332AA330686E9763BD308B4916E
[C:\PROGRA~1\eMule0.47a-Installer.exe] 22713312EE56B681797ED50429049774
[C:\PROGRA~1\eMule0.48a-Installer.exe] D930C6056C47759CBDD749C06B95C866
[C:\PROGRA~1\FileFormatConverters.exe] A33B5C172163A89243C2B934C16056C2
[C:\PROGRA~1\FileZilla_2_2_25_setup.exe] B651E0AB520AB381FF57A79427F07A44
[C:\PROGRA~1\Firefox Setup 2.0.0.3.exe] 04C03F2F8E9998A47F6D28D69F50EB17
[C:\PROGRA~1\Firefox Setup 2.0.0.6.exe] 2628E1F9FA78C57E8F20213EA71BA498
[C:\PROGRA~1\GoogleEarthSetup.exe] 5A8A3EC6F831DE08D54242A8FA4AF86E
[C:\PROGRA~1\GoogleVideoUploaderInstaller.exe] 85BDCAE514B36F9BC7D6B2A45BBE8719
[C:\PROGRA~1\Google_Updater.exe] 56D9C75A48D02165072704637EE25A2D
[C:\PROGRA~1\HijackThisInstall.exe] AB1C4DEAB684B0D883CFAA82C7BC6D19
[C:\PROGRA~1\ie6setup.exe] DB769481D92B750A30A6C51B6414EA1C
[C:\PROGRA~1\IE7-WindowsXP-x86-fra.exe] DACBEA5283B89B5D33CF5917E61A8516
[C:\PROGRA~1\IE7Setup_G_FR.exe] E3D79E1369C2A0C14F9BDCFD518091CD
[C:\PROGRA~1\incredimail_install.exe] CC77F065A05BA0479D57E9F81116507C
[C:\PROGRA~1\instala-emule.exe] 0515429C0641BCDE056069558F51BFC3
[C:\PROGRA~1\Install.exe] 84F62940C96ABA8EC1DF610D1697C911
[C:\PROGRA~1\InstallPersoNotes.exe] D1B4302AB013EF090D3D14A4A800AF22
[C:\PROGRA~1\install_flash_player.exe] 4D512CEA917DD1CF010AAAB2E6D286BE
[C:\PROGRA~1\Install_Messenger.exe] 76418EBB03D9F719AAE56BCB220F2BEC
[C:\PROGRA~1\instmsia.exe] 43F7305C2E5DD4A8F3C5ABEB2FFE4833
[C:\PROGRA~1\instmsiw.exe] 61A5FB191AE2AE876DB31DCCE75E4183
[C:\PROGRA~1\instprof10.exe] 93BBFD32AB566AAE4F607D15EE9BF9C4
[C:\PROGRA~1\IRTSetup.exe] 663D6557CE92E868578336AC7B370C85
[C:\PROGRA~1\iTunesSetup.exe] 2BB31B876ECD61A05DC940768B658F73
[C:\PROGRA~1\jre-1_5_0_04-windows-i586-p-iftw.exe] 0C4EA1A665324F489BACA90703DF981A
[C:\PROGRA~1\kav5.0trial_personalfr.exe] DF49F4675FB03B5AFE75E3684FD855BC
[C:\PROGRA~1\kazaa_setup.exe] 6813AE1ACA2FD285A40B9C8C9C501A65
[C:\PROGRA~1\klitekpp243f.exe] FD8BE39C6B39C2B18E8BBB8016F3D351
[C:\PROGRA~1\lame.exe] 5A29378593BEDA73D0003B256671102B
[C:\PROGRA~1\MediaMonkey_Setup_2_5_4.exe] 8D34A73AD4893725783B58023D357A2D
[C:\PROGRA~1\motherboard_monitor_motherboard_monitor_5.3.7.0_francais_9626.exe] 1545866C07DBE796036E3BB8206A453A
[C:\PROGRA~1\nl_setup.exe] 83F86202DD5DC23BD9493CF7ECA69757
[C:\PROGRA~1\nortonsystemworks.exe] 9C6CF46A8BAA48DA948D48EF35371F27
[C:\PROGRA~1\NVE2content.exe] 8D1E119C0CB050C32CC8D457A27A0BA6
[C:\PROGRA~1\NVE3content.exe] 5CA7B7C89FEF33B58963F1A09D415E9B
[C:\PROGRA~1\pf600016.exe] 9BEED42ABDB28FC462B95F16AD41C7CD
[C:\PROGRA~1\Phonmap5Setup.exe] C5B65B408F49583839150F096EC2C54E
[C:\PROGRA~1\photoways.exe] 9F6FA3A5864155C6B30E606EB9096F94
[C:\PROGRA~1\picasa2-current.exe] 946A097C3EE574A8CE5276075CC0B3A4
[C:\PROGRA~1\PPVIEWER.EXE] 7232DB42C7B1A3E2A61C34C280973BB3
[C:\PROGRA~1\QuicktracksInstaller3027.exe] 6B9508C8A0FF80788B4E2F91FF2970F4
[C:\PROGRA~1\RealPlayer10-5GOLD_fr.exe] B97584710FA72366CBC2A89DF3CBD568
[C:\PROGRA~1\setup.exe] 6864430A2C353D4C9DA2C20CBB37484C
[C:\PROGRA~1\SetupCloneCD5261.exe] D1AED91EE386688872D259A0CA437511
[C:\PROGRA~1\showshifter_showshifter_3.11_francais_11024.exe] 1DFAE197F5746DC20A943FC0C50EFA6C
[C:\PROGRA~1\spamfighter_web.exe] B2CEB0A5B3846BB55963CF1C9CB87230
[C:\PROGRA~1\sun_jre_installer.exe] F3E884D9FFD04582D32F58E2894DAD76
[C:\PROGRA~1\thedancer.exe] 0D7762CAA70984E39C8530BB4934DEDA
[C:\PROGRA~1\uninstaller.exe] 7BAAD2C2BEABDB62B9BB17D8E7DCF389
[C:\PROGRA~1\URLAUNCH.EXE] 8DB8C1D8E4612E61B22DD51D974D5E4D
[C:\PROGRA~1\UStorageWin98Driver2.0.exe] 956B948A3DB9FDFCF4013D10375C8DDF
[C:\PROGRA~1\utorrent.exe] 8DF7F16F3DA69893CEF9F74DDDB767FD
[C:\PROGRA~1\vbplayer6_0_1_0_fre_1.exe] 028405D80CDFE569318FC3F0D2154327
[C:\PROGRA~1\vlc-0.8.1-win32.exe] 32E60BBF82E3C0C23365AFE785F675F1
[C:\PROGRA~1\vlc-0.8.6b-win32.exe] 224440D395EBC2B3111D525A194ED060
[C:\PROGRA~1\WGAPluginInstall.exe] 110D2017AC5EE20DE0052C06455CAF8D
[C:\PROGRA~1\winzip9_vnu.exe] F9CDE7E6D23646BBDFF25FB2D3C9862B
[C:\PROGRA~1\wrar362fr.exe] A0460C8D5EF4899A858524C1982E152C
[C:\PROGRA~1\wrdemo.exe] C0C10BCA6F854B99A78E8CBD34143D0C
[C:\PROGRA~1\wz100fev.exe] E43B3BB18637AE63D712A19BBC467CEE
[color=#FF0000][b]==>[/b][/color] SVP merci d'envoyer le fichier [b] C:\DOCUME~1\Isabelle\Bureau\Upload_Me.zip [/b] sur http://upload.changelog.fr
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 28112007_193810.39.zip
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
Je dois partir maintenant et je pourrais reprendre ce soir tard et demain. En attendant merci. J'attends de vos nouvelles.
MSNFix 1.593
C:\Documents and Settings\Isabelle\Bureau\MSNFix
Fix exécuté le 28/11/2007 - 19:32:12.44 By Isabelle
mode normal
************************ Recherche les fichiers présents
... C:\DOCUME~1\ALLUSE~1\MENUDM~1\carlton
... C:\Program Files\Fichiers communs\Carlson\carlton
... C:\d8e9w3l6u1g1.exe
... C:\WINDOWS\mrofinu*.exe
... C:\WINDOWS\mrofinu*.exe.tmp
... C:\WINDOWS\msimn.exe
... C:\WINDOWS\system32\ban_list.txt
... C:\WINDOWS\system32\microsoft\backup.ftp
... C:\WINDOWS\system32\microsoft\backup.tftp
... C:\WINDOWS\party_jpg.zip
************************ MSNCHK ***** /!\ beta test /!\
[!] C:\WINDOWS\party_jpg.zip is INFECTED
************************ Recherche les dossiers présents
... C:\Program Files\Fichiers communs\Carlson\
... C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP\
... C:\Temp\
************************ Suppression des fichiers
.. OK ... C:\DOCUME~1\ALLUSE~1\MENUDM~1\carlton
.. OK ... C:\Program Files\Fichiers communs\Carlson\carlton
/!\ ... C:\d8e9w3l6u1g1.exe
.. OK ... C:\WINDOWS\mrofinu*.exe
.. OK ... C:\WINDOWS\mrofinu*.exe.tmp
/!\ ... C:\WINDOWS\msimn.exe
.. OK ... C:\WINDOWS\system32\ban_list.txt
.. OK ... C:\WINDOWS\system32\microsoft\backup.ftp
.. OK ... C:\WINDOWS\system32\microsoft\backup.tftp
.. OK ... C:\1148.exe
/!\ ... C:\d8e9w3l6u1g1.exe
.. OK ... C:\WINDOWS\party_jpg.zip
************************ Suppression des dossiers
.. OK ... C:\Program Files\Fichiers communs\Carlson\
.. OK ... C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP\
.. OK ... C:\Temp\
************************ Nettoyage du registre
Les fichiers encore présents seront supprimés au prochain redémarrage
************************ Suppression des fichiers
.. OK ... C:\d8e9w3l6u1g1.exe
.. OK ... C:\WINDOWS\msimn.exe
.. OK ... C:\d8e9w3l6u1g1.exe
************************ Fichiers suspects
/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention
[C:\PROGRA~1\aaw-lang-pack.exe] C4A96CB2D7C1EC6915153A1A0392F7B5
[C:\PROGRA~1\aaw2007.exe] 9D71389BDF08044315F3D115AF8130CE
[C:\PROGRA~1\aawsepersonal.exe] 6286CF12EEAE984D381773F097BAF981
[C:\PROGRA~1\AdbeRdr810_fr_FR.exe] 7E94C7AB6BD90B3E138A1506D4910D97
[C:\PROGRA~1\aisbackup.exe] F0D6C59A0E19962CB45558BA8937BF17
[C:\PROGRA~1\ASDsetup.exe] 2B54BB1C0F7AC685BDC32367C8F6ED1A
[C:\PROGRA~1\audacity-win-1.2.6.exe] D59F24B86431EEB25281BCE7817783F1
[C:\PROGRA~1\dialang.exe] 37260B8518E91CEB353775A318A4C960
[C:\PROGRA~1\DivXPlayer.exe] FC9CB40815EF33398B40A60FEF3E00D4
[C:\PROGRA~1\easyrecovery.exe] 0573B35986C042A64912C8AD9E1FB781
[C:\PROGRA~1\EB2install.exe] 6E570BF2A9E3C64692DAC6F5DDBD51DE
[C:\PROGRA~1\eMule0.46c-Installer.exe] CAF23332AA330686E9763BD308B4916E
[C:\PROGRA~1\eMule0.47a-Installer.exe] 22713312EE56B681797ED50429049774
[C:\PROGRA~1\eMule0.48a-Installer.exe] D930C6056C47759CBDD749C06B95C866
[C:\PROGRA~1\FileFormatConverters.exe] A33B5C172163A89243C2B934C16056C2
[C:\PROGRA~1\FileZilla_2_2_25_setup.exe] B651E0AB520AB381FF57A79427F07A44
[C:\PROGRA~1\Firefox Setup 2.0.0.3.exe] 04C03F2F8E9998A47F6D28D69F50EB17
[C:\PROGRA~1\Firefox Setup 2.0.0.6.exe] 2628E1F9FA78C57E8F20213EA71BA498
[C:\PROGRA~1\GoogleEarthSetup.exe] 5A8A3EC6F831DE08D54242A8FA4AF86E
[C:\PROGRA~1\GoogleVideoUploaderInstaller.exe] 85BDCAE514B36F9BC7D6B2A45BBE8719
[C:\PROGRA~1\Google_Updater.exe] 56D9C75A48D02165072704637EE25A2D
[C:\PROGRA~1\HijackThisInstall.exe] AB1C4DEAB684B0D883CFAA82C7BC6D19
[C:\PROGRA~1\ie6setup.exe] DB769481D92B750A30A6C51B6414EA1C
[C:\PROGRA~1\IE7-WindowsXP-x86-fra.exe] DACBEA5283B89B5D33CF5917E61A8516
[C:\PROGRA~1\IE7Setup_G_FR.exe] E3D79E1369C2A0C14F9BDCFD518091CD
[C:\PROGRA~1\incredimail_install.exe] CC77F065A05BA0479D57E9F81116507C
[C:\PROGRA~1\instala-emule.exe] 0515429C0641BCDE056069558F51BFC3
[C:\PROGRA~1\Install.exe] 84F62940C96ABA8EC1DF610D1697C911
[C:\PROGRA~1\InstallPersoNotes.exe] D1B4302AB013EF090D3D14A4A800AF22
[C:\PROGRA~1\install_flash_player.exe] 4D512CEA917DD1CF010AAAB2E6D286BE
[C:\PROGRA~1\Install_Messenger.exe] 76418EBB03D9F719AAE56BCB220F2BEC
[C:\PROGRA~1\instmsia.exe] 43F7305C2E5DD4A8F3C5ABEB2FFE4833
[C:\PROGRA~1\instmsiw.exe] 61A5FB191AE2AE876DB31DCCE75E4183
[C:\PROGRA~1\instprof10.exe] 93BBFD32AB566AAE4F607D15EE9BF9C4
[C:\PROGRA~1\IRTSetup.exe] 663D6557CE92E868578336AC7B370C85
[C:\PROGRA~1\iTunesSetup.exe] 2BB31B876ECD61A05DC940768B658F73
[C:\PROGRA~1\jre-1_5_0_04-windows-i586-p-iftw.exe] 0C4EA1A665324F489BACA90703DF981A
[C:\PROGRA~1\kav5.0trial_personalfr.exe] DF49F4675FB03B5AFE75E3684FD855BC
[C:\PROGRA~1\kazaa_setup.exe] 6813AE1ACA2FD285A40B9C8C9C501A65
[C:\PROGRA~1\klitekpp243f.exe] FD8BE39C6B39C2B18E8BBB8016F3D351
[C:\PROGRA~1\lame.exe] 5A29378593BEDA73D0003B256671102B
[C:\PROGRA~1\MediaMonkey_Setup_2_5_4.exe] 8D34A73AD4893725783B58023D357A2D
[C:\PROGRA~1\motherboard_monitor_motherboard_monitor_5.3.7.0_francais_9626.exe] 1545866C07DBE796036E3BB8206A453A
[C:\PROGRA~1\nl_setup.exe] 83F86202DD5DC23BD9493CF7ECA69757
[C:\PROGRA~1\nortonsystemworks.exe] 9C6CF46A8BAA48DA948D48EF35371F27
[C:\PROGRA~1\NVE2content.exe] 8D1E119C0CB050C32CC8D457A27A0BA6
[C:\PROGRA~1\NVE3content.exe] 5CA7B7C89FEF33B58963F1A09D415E9B
[C:\PROGRA~1\pf600016.exe] 9BEED42ABDB28FC462B95F16AD41C7CD
[C:\PROGRA~1\Phonmap5Setup.exe] C5B65B408F49583839150F096EC2C54E
[C:\PROGRA~1\photoways.exe] 9F6FA3A5864155C6B30E606EB9096F94
[C:\PROGRA~1\picasa2-current.exe] 946A097C3EE574A8CE5276075CC0B3A4
[C:\PROGRA~1\PPVIEWER.EXE] 7232DB42C7B1A3E2A61C34C280973BB3
[C:\PROGRA~1\QuicktracksInstaller3027.exe] 6B9508C8A0FF80788B4E2F91FF2970F4
[C:\PROGRA~1\RealPlayer10-5GOLD_fr.exe] B97584710FA72366CBC2A89DF3CBD568
[C:\PROGRA~1\setup.exe] 6864430A2C353D4C9DA2C20CBB37484C
[C:\PROGRA~1\SetupCloneCD5261.exe] D1AED91EE386688872D259A0CA437511
[C:\PROGRA~1\showshifter_showshifter_3.11_francais_11024.exe] 1DFAE197F5746DC20A943FC0C50EFA6C
[C:\PROGRA~1\spamfighter_web.exe] B2CEB0A5B3846BB55963CF1C9CB87230
[C:\PROGRA~1\sun_jre_installer.exe] F3E884D9FFD04582D32F58E2894DAD76
[C:\PROGRA~1\thedancer.exe] 0D7762CAA70984E39C8530BB4934DEDA
[C:\PROGRA~1\uninstaller.exe] 7BAAD2C2BEABDB62B9BB17D8E7DCF389
[C:\PROGRA~1\URLAUNCH.EXE] 8DB8C1D8E4612E61B22DD51D974D5E4D
[C:\PROGRA~1\UStorageWin98Driver2.0.exe] 956B948A3DB9FDFCF4013D10375C8DDF
[C:\PROGRA~1\utorrent.exe] 8DF7F16F3DA69893CEF9F74DDDB767FD
[C:\PROGRA~1\vbplayer6_0_1_0_fre_1.exe] 028405D80CDFE569318FC3F0D2154327
[C:\PROGRA~1\vlc-0.8.1-win32.exe] 32E60BBF82E3C0C23365AFE785F675F1
[C:\PROGRA~1\vlc-0.8.6b-win32.exe] 224440D395EBC2B3111D525A194ED060
[C:\PROGRA~1\WGAPluginInstall.exe] 110D2017AC5EE20DE0052C06455CAF8D
[C:\PROGRA~1\winzip9_vnu.exe] F9CDE7E6D23646BBDFF25FB2D3C9862B
[C:\PROGRA~1\wrar362fr.exe] A0460C8D5EF4899A858524C1982E152C
[C:\PROGRA~1\wrdemo.exe] C0C10BCA6F854B99A78E8CBD34143D0C
[C:\PROGRA~1\wz100fev.exe] E43B3BB18637AE63D712A19BBC467CEE
[color=#FF0000][b]==>[/b][/color] SVP merci d'envoyer le fichier [b] C:\DOCUME~1\Isabelle\Bureau\Upload_Me.zip [/b] sur http://upload.changelog.fr
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 28112007_193810.39.zip
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
ComboFix 07-11-19.4 - Isabelle 2007-11-28 23:14:19.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.130 [GMT 1:00]
Running from: C:\Documents and Settings\Isabelle\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2007-10-28 to 2007-11-28 ))))))))))))))))))))))))))))))))))))
.
2007-11-28 20:27 <REP> d-------- C:\Program Files\iTunes
2007-11-28 20:27 <REP> d-------- C:\Program Files\iPod
2007-11-28 20:23 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2007-11-28 20:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-11-28 08:33 <REP> d-------- C:\Program Files\Trend Micro
2007-11-28 08:29 812,344 --a------ C:\Program Files\HijackThisInstall.exe
2007-11-28 08:16 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-11-27 21:36 <REP> d-------- C:\Program Files\a-squared Free
2007-11-27 21:11 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-11-27 21:11 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-27 21:11 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-11-27 21:10 <REP> d-------- C:\Program Files\Alwil Software
2007-11-27 21:10 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-11-27 21:10 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-11-27 21:10 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-11-27 21:10 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-11-27 21:10 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-11-26 07:10 <REP> d-------- C:\Documents and Settings\Isabelle\Application Data\Le Monde diplomatique
2007-11-26 07:09 <REP> d-------- C:\Program Files\LeMondediplomatique
2007-11-22 19:13 <REP> d-------- C:\Program Files\PDFCreator Toolbar
2007-11-22 19:13 <REP> d-------- C:\Program Files\PDFCreator
2007-11-22 19:13 264,097 --a------ C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_2156.exe
2007-11-22 19:13 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2007-11-22 19:13 116,224 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
2007-11-22 19:13 59,904 --a------ C:\WINDOWS\system32\MSCC2FR.DLL
2007-11-22 19:13 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL
2007-11-20 14:08 <REP> d-------- C:\Program Files\AvantGo
2007-11-20 14:08 111,376 --a------ C:\WINDOWS\system32\expat.dll
2007-11-20 11:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2007-11-20 11:22 <REP> d-------- C:\Program Files\IVT Corporation
2007-11-20 11:04 <REP> d-------- C:\Program Files\Lavalys
2007-11-19 14:08 <REP> d-------- C:\Documents and Settings\Isabelle\Application Data\Leadertech
2007-11-19 13:53 <REP> d-------- C:\Program Files\Fichiers communs\DataViz
2007-11-19 13:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DataViz
2007-11-19 13:52 <REP> d-------- C:\Program Files\Documents To Go
2007-11-19 13:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HotSync
2007-11-19 13:47 53,248 --a------ C:\WINDOWS\PalmDevC.dll
2007-11-19 13:42 <REP> d-------- C:\Program Files\Palm
2007-11-19 13:38 <REP> d-------- C:\Documents and Settings\Isabelle\Application Data\HotSync
2007-11-18 10:50 217,088 --a------ C:\Program Files\uninstaller.exe
2007-11-15 17:55 <REP> d-------- C:\Program Files\HotPotatoes6
2007-11-15 07:30 <REP> d-------- C:\Documents and Settings\Isabelle\Application Data\OpenOffice.org2
2007-11-15 07:27 <REP> d-------- C:\Program Files\OpenOffice.org 2.3
2007-11-15 07:19 <REP> d-------- C:\Program Files\readmes
2007-11-15 07:19 <REP> d-------- C:\Program Files\licenses
2007-11-14 23:43 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-11-14 23:43 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-11-02 22:09 <REP> d-------- C:\Documents and Settings\Isabelle\Application Data\Media Player Classic
2007-11-02 13:25 <REP> d-------- C:\Program Files\Atari
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-28 19:26 --------- d-----w C:\Program Files\QuickTime
2007-11-28 19:24 --------- d-----w C:\Program Files\Apple Software Update
2007-11-28 18:32 39,538 ----a-w C:\Documents and Settings\Isabelle\Application Data\wklnhst.dat
2007-11-28 15:14 46,080 ----a-w C:\WINDOWS\system32\ftp.exe
2007-11-27 20:02 --------- d-----w C:\Program Files\eMule
2007-11-21 20:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-21 20:46 --------- d-----w C:\Program Files\Logitech
2007-11-21 20:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Anoto
2007-11-19 12:38 16,694 ----a-w C:\WINDOWS\system32\drivers\PalmUSBD.sys
2007-11-18 09:49 --------- d-----w C:\Program Files\Phonmap
2007-11-18 08:42 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-11-18 08:33 --------- d-----w C:\Program Files\Dialang
2007-11-18 07:40 --------- d-----w C:\Program Files\Common Files
2007-11-15 19:09 --------- d-----w C:\Program Files\Audacity
2007-11-15 06:22 --------- d-----w C:\Program Files\Java
2007-11-06 05:53 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2007-11-03 08:00 --------- d-----w C:\Program Files\Google
2007-11-02 21:08 --------- d-----w C:\Program Files\Kazaa Lite K++
2007-10-18 17:27 1,164,456 ----a-w C:\Program Files\install_flash_player.exe
2007-10-16 09:55 --------- d-----w C:\Documents and Settings\Isabelle\Application Data\Vision Objects
2007-10-16 09:42 --------- d-----w C:\Documents and Settings\Isabelle\Application Data\Anoto
2007-10-16 09:35 118,784 ------r C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2007-10-11 07:35 --------- d-----w C:\Program Files\Recovery for Word
2007-10-11 07:31 1,254,424 ----a-w C:\Program Files\wrdemo.exe
2007-10-11 07:22 --------- d-----w C:\Program Files\Ontrack
2007-10-11 07:20 36,205,940 ----a-w C:\Program Files\easyrecovery.exe
2007-10-11 06:33 --------- d-----w C:\Program Files\DivX
2007-10-02 07:05 621,181 ----a-w C:\Program Files\Phonmap5Setup.exe
2007-10-01 20:15 496,376 ----a-w C:\Program Files\ie6setup.exe
2007-10-01 20:13 14,826,288 ----a-w C:\Program Files\IE7-WindowsXP-x86-fra.exe
2007-10-01 20:12 884,096 ----a-w C:\Program Files\WGAPluginInstall.exe
2007-09-29 22:43 219,952 ----a-w C:\Program Files\utorrent.exe
2007-09-29 11:38 1,314,136 ----a-w C:\Program Files\DivXPlayer.exe
2007-09-24 20:40 0 ----a-w C:\state.dat
2007-09-21 07:50 24,536,608 ----a-w C:\Program Files\AdbeRdr810_fr_FR.exe
2007-09-18 19:26 3,858,985 ----a-w C:\Program Files\eMule0.48a-Installer.exe
2007-09-18 19:24 176,872 ----a-w C:\Program Files\instala-emule.exe
2007-09-16 11:53 5,832,400 ----a-w C:\Program Files\Firefox Setup 2.0.0.6.exe
2007-09-13 18:55 10,589,013 ----a-w C:\Program Files\vbplayer6_0_1_0_fre_1.exe
2007-09-11 18:30 73,480 ----a-w C:\Documents and Settings\Isabelle\Application Data\GDIPFONTCACHEV1.DAT
2007-09-10 20:04 67,185,957 ----a-w C:\Program Files\openofficeorg3.cab
2007-09-10 20:04 3,393,494 ----a-w C:\Program Files\openofficeorg4.cab
2007-09-10 19:55 19,165,163 ----a-w C:\Program Files\openofficeorg1.cab
2007-09-10 19:55 17,641,046 ----a-w C:\Program Files\openofficeorg2.cab
2007-09-10 19:53 4,368,384 ----a-w C:\Program Files\openofficeorg23.msi
2007-09-10 19:53 217 ----a-w C:\Program Files\setup.ini
2007-09-09 07:42 18,164,640 ----a-w C:\Program Files\aaw2007.exe
2007-09-07 08:02 5,170,176 ----a-w C:\Program Files\WindowsDefender.msi
2007-09-05 16:20 2,228,534 ----a-w C:\Program Files\audacity-win-1.2.6.exe
2007-09-02 21:59 17,929,072 ----a-w C:\Program Files\Install_Messenger.exe
2007-08-30 20:49 319,488 ----a-w C:\Program Files\setup.exe
2007-07-16 14:03 66,047 ----a-w C:\Program Files\laval.doc
2007-06-26 19:35 34,658,095 ----a-w C:\Program Files\NVE3content.exe
2007-06-26 19:34 22,396,022 ----a-w C:\Program Files\NVE2content.exe
2007-06-04 04:28 2,789,618 ----a-w C:\Program Files\eMule0.48a.zip
2007-06-02 12:27 3,116,521 ----a-w C:\Program Files\dialang.exe
2007-06-02 12:26 16,992,339 ----a-w C:\Program Files\sun_jre_installer.exe
2007-06-01 19:37 824,728 ----a-w C:\Program Files\Google_Updater.exe
2007-05-30 18:30 16,840,120 ----a-w C:\Program Files\IE7Setup_G_FR.exe
2007-05-29 19:17 1,127,307 ----a-w C:\Program Files\wrar362fr.exe
2007-05-24 11:21 10,834 ----a-w C:\Program Files\index.xhtml
2007-05-24 11:07 2,691,493 ----a-w C:\Program Files\nl_setup.exe
2007-05-12 07:00 58,313,550 ----a-w C:\Program Files\nortonsystemworks.exe
2007-05-08 06:52 466,680 ----a-w C:\Program Files\dsc00570-h.djvu
2007-05-05 11:12 28,547,568 ----a-w C:\Program Files\FileFormatConverters.exe
2007-04-20 19:24 9,357,092 ----a-w C:\Program Files\vlc-0.8.6b-win32.exe
2007-04-05 06:42 5,819,944 ----a-w C:\Program Files\Firefox Setup 2.0.0.3.exe
2007-03-30 17:18 10,147,620 ----a-w C:\Program Files\QuicktracksInstaller3027.exe
2007-03-30 17:12 5,554,688 ----a-w C:\Program Files\SmartSound Quicktracks Plugin.msi
2007-03-23 14:51 124,309,192 ----a-w C:\Program Files\RagTime_6.0.1(1601)web.zip
2007-03-02 17:44 1,126,115 ----a-w C:\Program Files\EB2install.exe
2007-02-19 15:12 4,277,864 ----a-w C:\Program Files\wz100fev.exe
2006-12-20 20:48 1,282,759 ----a-w C:\Program Files\motherboard_monitor_motherboard_monitor_5.3.7.0_francais_9626.exe
2006-11-26 15:04 1,025,896 ----a-w C:\Program Files\spamfighter_web.exe
2006-10-29 06:37 354,122 ----a-w C:\Program Files\thedancer.exe
2006-10-26 11:01 1,924,156 ----a-w C:\Program Files\SyncBack_Setup_FR.zip
2006-10-26 07:37 3,096,728 ----a-w C:\Program Files\aisbackup.exe
2006-10-25 20:46 96,061 ----a-w C:\Program Files\TutorielFileZilla.sxw
2006-10-21 08:16 4,055,034 ----a-w C:\Program Files\ohmiNotes_PC.zip
2006-10-21 07:43 10,492,602 ----a-w C:\Program Files\InstallPersoNotes.exe
2006-10-20 20:20 0 ----a-w C:\Documents and Settings\Isabelle\iphist.dat
2006-10-20 20:16 8,589,078 ----a-w C:\Program Files\instprof10.exe
2006-10-15 14:56 4,402,056 ----a-w C:\Program Files\ASDsetup.exe
2006-10-04 19:30 36,656,704 ----a-w C:\Program Files\iTunesSetup.exe
2006-09-25 17:44 5,057,248 ----a-w C:\Program Files\MediaMonkey_Setup_2_5_4.exe
2006-07-10 17:32 128,828 ----a-w C:\Program Files\Win98SE_C130.zip
2006-07-10 17:09 794,702 ----a-w C:\Program Files\UStorageWin98Driver2.0.exe
2006-06-29 11:17 3,489,238 ----a-w C:\Program Files\FileZilla_2_2_25_setup.exe
2006-06-26 20:45 4,789,792 ----a-w C:\Program Files\picasa2-current.exe
2006-02-03 08:12 611,272 ----a-w C:\Program Files\kazaa_setup.exe
2006-02-03 08:01 2,803,665 ----a-w C:\Program Files\klitekpp243f.exe
2006-02-03 07:44 4,677,596 ----a-w C:\Program Files\eMule0.47a-Installer.exe
2005-10-31 16:40 11,768,792 ----a-w C:\Program Files\GoogleEarthSetup.exe
2005-10-26 14:44 1,219,016 ----a-w C:\Program Files\Install.exe
2005-09-18 09:08 164,579 ----a-w C:\Program Files\GoogleVideoUploaderInstaller.exe
2005-09-07 13:36 226,584 ----a-w C:\Program Files\jre-1_5_0_04-windows-i586-p-iftw.exe
2005-09-03 14:55 2,541,831 ----a-w C:\Program Files\SetupCloneCD5261.exe
2005-09-03 14:43 4,577,316 ----a-w C:\Program Files\eMule0.46c-Installer.exe
2005-09-02 19:47 7,048,808 ----a-w C:\Program Files\pf600016.exe
2005-09-02 18:01 2,538,733 ----a-w C:\Program Files\winzip9_vnu.exe
.
((((((((((((((((((((((((((((( snapshot@2007-11-28_12.54.29.42 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-02-21 17:29:14 1,257,472 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2007-11-28 13:04:39 1,265,664 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2005-02-21 17:18:47 1,224,704 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2007-11-28 13:04:41 1,232,896 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2007-11-28 13:04:53 61,440 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_08f02213\CustomMarshalers.dll
+ 2007-11-28 13:05:17 3,391,488 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_a860fc9d\mscorlib.dll
+ 2007-11-28 13:05:11 1,466,368 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_c90a4a30\System.Design.dll
+ 2007-11-28 13:04:55 90,112 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_b9b1a37e\System.Drawing.Design.dll
+ 2007-11-28 13:05:13 835,584 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_2968eb72\System.Drawing.dll
+ 2007-11-28 13:05:01 3,018,752 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_c730bbfb\System.Windows.Forms.dll
+ 2007-11-28 13:05:06 2,088,960 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_00342553\System.Xml.dll
+ 2007-11-28 13:04:52 1,966,080 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_a98be9c3\System.dll
- 2004-08-05 12:00:00 1,036,288 ----a-w C:\WINDOWS\explorer.exe
+ 2007-06-13 13:22:28 1,037,312 ----a-w C:\WINDOWS\explorer.exe
+ 2007-11-28 19:27:57 102,400 ----a-r C:\WINDOWS\Installer\{4F5CE18C-D97D-48FF-A510-A0D90C918294}\iTunesIco.exe
+ 2007-11-28 19:24:11 27,136 ----a-r C:\WINDOWS\Installer\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}\AppleSoftwareUpdateIco.exe
+ 2007-11-28 13:03:19 32,768 ----a-r C:\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe
- 2004-07-15 00:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2007-04-13 20:30:52 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2004-07-15 00:49:22 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2007-04-13 20:30:52 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2004-07-14 23:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2007-04-13 19:57:52 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2003-02-20 18:09:14 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2007-04-13 19:57:58 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2004-07-14 23:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2007-04-13 19:56:30 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2004-07-14 23:33:04 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2007-04-13 19:58:00 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2004-07-15 13:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2007-04-13 19:50:46 2,142,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2003-02-20 18:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2007-04-13 19:58:02 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2004-07-14 23:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2007-04-13 19:57:00 2,523,136 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2004-07-14 23:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2007-04-13 19:57:28 2,514,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2004-08-10 15:20:00 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
+ 2007-01-15 15:11:26 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
+ 2004-07-15 00:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1724\_aspnet_isapi.dll
+ 2004-07-14 23:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1724\_CORPerfMonExt.dll
+ 2004-07-14 23:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1724\_fusion.dll
+ 2004-07-14 23:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1724\_mscorjit.dll
+ 2004-07-15 13:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1724\_mscorlib.dll
+ 2003-02-20 18:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1724\_mscorsn.dll
+ 2004-07-14 23:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1724\_mscorsvr.dll
+ 2004-07-14 23:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1724\_mscorwks.dll
+ 2003-02-21 03:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1724\_msvcr71.dll
+ 2004-07-14 23:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1724\_PerfCounter.dll
- 2004-07-15 13:31:16 1,224,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2007-04-13 20:35:38 1,232,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2004-10-08 05:20:12 1,257,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2007-04-13 20:35:46 1,265,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2007-02-19 15:04:09 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2007-08-22 12:57:25 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
- 2007-02-19 15:04:09 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2007-08-22 12:57:25 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2007-02-19 15:04:09 1,056,768 ----a-w C:\WINDOWS\system32\danim.dll
+ 2007-08-22 12:57:26 1,056,768 ----a-w C:\WINDOWS\system32\danim.dll
- 2007-02-19 15:04:09 1,024,000 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2007-08-22 12:57:25 1,023,488 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
- 2007-02-19 15:04:09 152,064 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2007-08-22 12:57:25 152,064 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2007-02-19 15:04:09 1,056,768 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
+ 2007-08-22 12:57:26 1,056,768 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
- 2006-11-08 05:07:30 86,528 -c--a-w C:\WINDOWS\system32\dllcache\directdb.dll
+ 2007-05-16 15:13:53 86,528 -c--a-w C:\WINDOWS\system32\dllcache\directdb.dll
- 2007-02-19 15:04:09 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2007-08-22 12:57:26 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-02-19 15:04:10 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2007-08-22 12:57:26 205,824 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2004-08-05 12:00:00 1,036,288 -c--a-w C:\WINDOWS\system32\dllcache\explorer.exe
+ 2007-06-13 13:22:28 1,037,312 -c--a-w C:\WINDOWS\system32\dllcache\explorer.exe
- 2007-02-19 15:04:10 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-08-22 12:57:26 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-11-28 11:52:30 46,080 -c--a-w C:\WINDOWS\system32\dllcache\ftp.exe
+ 2007-11-28 15:14:24 46,080 -c--a-w C:\WINDOWS\system32\dllcache\ftp.exe
- 2007-03-08 15:37:50 281,600 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll
+ 2007-06-19 13:32:25 282,112 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll
- 2007-02-19 09:01:28 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-08-21 10:19:39 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
- 2007-02-19 15:04:10 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2007-08-22 12:57:26 251,904 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2006-11-08 05:07:30 679,424 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2007-08-21 06:17:23 683,520 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
- 2007-02-19 15:04:10 96,768 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2007-08-22 12:57:26 96,768 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2007-02-19 15:04:10 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-08-22 12:57:26 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2006-07-05 10:56:38 1,049,088 -c--a-w C:\WINDOWS\system32\dllcache\kernel32.dll
+ 2007-04-16 15:53:11 1,049,600 -c--a-w C:\WINDOWS\system32\dllcache\kernel32.dll
- 2007-02-19 15:04:11 3,077,632 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2007-08-22 12:57:28 3,085,824 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-02-19 15:04:11 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-08-22 12:57:28 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2006-11-08 05:07:30 1,314,816 -c--a-w C:\WINDOWS\system32\dllcache\msoe.dll
+ 2007-05-16 15:13:54 1,314,816 -c--a-w C:\WINDOWS\system32\dllcache\msoe.dll
- 2007-02-19 15:04:11 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2007-08-22 12:57:28 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-02-19 15:04:11 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2007-08-22 12:57:28 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2006-09-13 05:03:06 1,084,416 -c--a-w C:\WINDOWS\system32\dllcache\msxml3.dll
+ 2007-06-26 06:09:14 1,104,896 -c--a-w C:\WINDOWS\system32\dllcache\msxml3.dll
- 2004-08-05 12:00:00 553,472 -c--a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
+ 2007-05-17 11:29:50 549,376 -c--a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
- 2007-02-19 15:04:11 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2007-08-22 12:57:28 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2004-08-05 12:00:00 581,120 -c--a-w C:\WINDOWS\system32\dllcache\rpcrt4.dll
+ 2007-07-09 13:11:46 584,192 -c--a-w C:\WINDOWS\system32\dllcache\rpcrt4.dll
- 2004-08-05 12:00:00 144,896 -c--a-w C:\WINDOWS\system32\dllcache\schannel.dll
+ 2007-04-25 14:22:35 144,896 -c--a-w C:\WINDOWS\system32\dllcache\schannel.dll
- 2007-02-19 15:04:12 1,495,040 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2007-08-22 12:57:29 1,498,624 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2006-12-19 21:49:47 8,509,952 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2007-10-25 16:43:25 8,516,608 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
- 2007-02-19 15:04:12 474,624 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2007-08-22 12:57:30 474,624 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2007-11-28 11:52:31 17,920 -c--a-w C:\WINDOWS\system32\dllcache\tftp.exe
+ 2004-08-05 12:00:00 17,920 -c--a-w C:\WINDOWS\system32\dllcache\tftp.exe
- 2007-02-19 15:04:13 617,472 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-08-22 12:57:30 620,032 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2006-12-19 18:09:33 852,480 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2007-06-26 13:56:54 851,968 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
- 2006-11-08 05:07:30 510,976 -c--a-w C:\WINDOWS\system32\dllcache\wab32.dll
+ 2007-05-16 15:13:55 510,976 -c--a-w C:\WINDOWS\system32\dllcache\wab32.dll
- 2006-11-08 05:07:30 85,504 -c--a-w C:\WINDOWS\system32\dllcache\wabimp.dll
+ 2007-05-16 15:13:55 85,504 -c--a-w C:\WINDOWS\system32\dllcache\wabimp.dll
- 2007-02-19 15:04:13 663,040 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2007-08-22 12:57:30 669,696 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2006-04-29 04:07:48 5,533,696 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
+ 2007-04-30 07:20:24 5,537,792 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
+ 2006-09-19 13:44:04 15,664 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
+ 2007-10-31 13:09:14 30,464 -c--a-w C:\WINDOWS\system32\DRVSTORE\usbaapl_4351B7DAFF62FD33510D77DFAE3CF8CC82517571\usbaapl.sys
- 2007-02-19 15:04:09 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2007-08-22 12:57:26 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-02-19 15:04:10 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-08-22 12:57:26 205,824 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-02-19 15:04:10 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2007-08-22 12:57:26 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2007-03-08 15:37:50 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
+ 2007-06-19 13:32:25 282,112 ----a-w C:\WINDOWS\system32\gdi32.dll
+ 2006-10-03 18:47:52 109,360 ----a-w C:\WINDOWS\system32\GEARAspi.dll
- 2007-02-19 15:04:10 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2007-08-22 12:57:26 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2006-11-08 05:07:30 679,424 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2007-08-21 06:17:23 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
- 2007-02-19 15:04:10 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2007-08-22 12:57:26 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
- 2007-02-19 15:04:10 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-08-22 12:57:26 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2006-07-05 10:56:38 1,049,088 ----a-w C:\WINDOWS\system32\kernel32.dll
+ 2007-04-16 15:53:11 1,049,600 ----a-w C:\WINDOWS\system32\kernel32.dll
+ 2004-08-05 12:00:00 17,920 ----a-w C:\WINDOWS\system32\Microsoft\tftp.exe
- 2007-04-27 20:45:12 14,970,328 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-11-01 23:12:58 18,238,072 ----a-w C:\WINDOWS\system32\MRT.exe
- 2004-07-14 23:24:50 155,648 ----a-w C:\WINDOWS\system32\mscoree.dll
+ 2006-12-22 11:28:14 271,360 ----a-w C:\WINDOWS\system32\mscoree.dll
- 2007-02-19 15:04:11 3,077,632 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-08-22 12:57:28 3,085,824 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-02-19 15:04:11 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-08-22 12:57:28 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-02-19 15:04:11 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-08-22 12:57:28 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-02-19 15:04:11 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2007-08-22 12:57:28 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2006-09-13 05:03:06 1,084,416 ----a-w C:\WINDOWS\system32\msxml3.dll
+ 2007-06-26 06:09:14 1,104,896 ----a-w C:\WINDOWS\system32\msxml3.dll
- 2006-11-04 13:14:00 1,245,696 ----a-w C:\WINDOWS\system32\msxml4.dll
+ 2007-05-08 14:03:04 1,275,392 ----a-w C:\WINDOWS\system32\msxml4.dll
+ 2006-12-22 12:02:36 6,144 ----a-w C:\WINDOWS\system32\mui\[u]0[/u]409\mscorees.dll
- 2004-08-05 12:00:00 553,472 ------w C:\WINDOWS\system32\oleaut32.dll
+ 2007-05-17 11:29:50 549,376 ------w C:\WINDOWS\system32\oleaut32.dll
- 2007-11-28 11:49:27 53,098 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-11-28 13:01:17 53,098 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-11-28 11:49:27 64,052 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2007-11-28 13:01:17 64,052 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2007-11-28 11:49:27 380,684 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-11-28 13:01:17 380,684 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-11-28 11:49:27 445,672 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2007-11-28 13:01:17 445,672 ----a-w C:\WINDOWS\system32\perfh00C.dat
- 2007-02-19 15:04:11 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2007-08-22 12:57:28 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2004-08-05 12:00:00 581,120 ----a-w C:\WINDOWS\system32\rpcrt4.dll
+ 2007-07-09 13:11:46 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll
- 2004-08-05 12:00:00 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
+ 2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
- 2007-02-19 15:04:12 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2007-08-22 12:57:29 1,498,624 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2006-12-19 21:49:47 8,509,952 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2007-10-25 16:43:25 8,516,608 ----a-w C:\WINDOWS\system32\shell32.dll
- 2007-02-19 15:04:12 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2007-08-22 12:57:30 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2006-12-14 08:53:58 15,072 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-03-06 01:34:33 15,072 ------w C:\WINDOWS\system32\spmsg.dll
- 2006-09-06 14:43:30 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2005-06-28 09:21:34 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
- 2007-11-28 11:52:31 17,920 ----a-w C:\WINDOWS\system32\tftp.exe
+ 2004-08-05 12:00:00 17,920 ----a-w C:\WINDOWS\system32\tftp.exe
- 2007-01-29 08:58:06 60,416 ------w C:\WINDOWS\system32\tzchange.exe
+ 2007-07-18 12:42:22 60,416 ------w C:\WINDOWS\system32\tzchange.exe
- 2007-02-19 15:04:13 617,472 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-08-22 12:57:30 620,032 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2007-02-19 15:04:13 663,040 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-08-22 12:57:30 669,696 ----a-w C:\WINDOWS\system32\wininet.dll
- 2006-04-29 04:07:48 5,533,696 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2007-04-30 07:20:24 5,537,792 ----a-w C:\WINDOWS\system32\wmp.dll
- 2007-03-09 11:51:20 265,216 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-10-29 15:07:16 369,152 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-11-28 22:07:51 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_624.dat
+ 2007-05-08 14:06:44 1,275,392 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a\msxml4.dll
+ 2006-12-01 21:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-01 21:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-01 21:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B08ADC37-10DC-3F27-8F58-3EE6728303B0}]
C:\WINDOWS\system32\pwik.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-12-09 15:38]
"LaCie Backup"="C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe" [2006-01-24 08:55]
"german.exe"="C:\WINDOWS\system32\wintems.exe" []
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-11-06 06:54]
"Krki"="C:\Documents and Settings\Isabelle\Application Data\??stem\logonui.exe" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-12 21:05]
"AGRSMMSG"="AGRSMMSG.exe" [2005-01-17 11:12 C:\WINDOWS\AGRSMMSG.exe]
"KTPWare"="C:\Program Files\Elantech\ktp3.exe" [2004-11-17 14:38]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 16:26]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-05-19 06:05]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-16 00:15]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2005-04-11 22:49]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00]
C:\Documents and Settings\Isabelle\Menu D‚marrer\Programmes\D‚marrage\
Palm Registration.lnk - C:\Program Files\Palm\register.exe [2005-08-08 12:36:14]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-06-15 17:47:10]
DataViz Inc Messenger.lnk - C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe [2007-11-19 13:53:43]
HotSync Manager.lnk - C:\Program Files\Palm\Hotsync.exe [2004-06-09 14:27:34]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-06 06:54:30]
[color=red]SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^desktop.ini]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
backup=C:\WINDOWS\pss\desktop.iniCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Isabelle^Menu Démarrer^Programmes^Démarrage^WKCALREM.LNK]
path=C:\Documents and Settings\Isabelle\Menu Démarrer\Programmes\Démarrage\WKCALREM.LNK
backup=C:\WINDOWS\pss\WKCALREM.LNKStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
C:\Program Files\IncrediMail\bin\IncMail.exe /c
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2005-04-11 22:49 127118 --------- C:\Program Files\CyberLink\PowerCinema\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot
R3 CB54G3;Wireless CB54G3/MP54G3 Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\i2220ntx.sys
R3 Ktp3;Elantech TouchPad(KTP3);C:\WINDOWS\system32\DRIVERS\Ktp3.sys
S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
S3 DSDrv4;DSDrv4;\??\C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys
S3 LVHybrid;LVHybrid service;C:\WINDOWS\system32\DRIVERS\LVHybrid.sys
S3 Phal;Phal - Logitech io2 USB driver;C:\WINDOWS\system32\Drivers\LPhalUsb.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{191dcc7d-8d31-11d9-8009-806d6172696f}]
\Shell\AutoRun\command - D:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22611b3c-8ea3-11dc-8cfe-000c76f734e6}]
\Shell\AutoRun\command - G:\start.exe
\Shell\iledefrance\command - G:\start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea2f1c00-8cb7-11d9-bf82-0011091f4734}]
\Shell\AutoRun\command - D:\Autorun.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-11-23 16:15:01 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-11-28 22:10:51 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-28 23:17:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2007-11-28 23:19:01
C:\ComboFix2.txt ... 2007-11-28 12:55
.
--- E O F ---
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.130 [GMT 1:00]
Running from: C:\Documents and Settings\Isabelle\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2007-10-28 to 2007-11-28 ))))))))))))))))))))))))))))))))))))
.
2007-11-28 20:27 <REP> d-------- C:\Program Files\iTunes
2007-11-28 20:27 <REP> d-------- C:\Program Files\iPod
2007-11-28 20:23 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2007-11-28 20:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-11-28 08:33 <REP> d-------- C:\Program Files\Trend Micro
2007-11-28 08:29 812,344 --a------ C:\Program Files\HijackThisInstall.exe
2007-11-28 08:16 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-11-27 21:36 <REP> d-------- C:\Program Files\a-squared Free
2007-11-27 21:11 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-11-27 21:11 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-27 21:11 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-11-27 21:10 <REP> d-------- C:\Program Files\Alwil Software
2007-11-27 21:10 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-11-27 21:10 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-11-27 21:10 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-11-27 21:10 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-11-27 21:10 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-11-26 07:10 <REP> d-------- C:\Documents and Settings\Isabelle\Application Data\Le Monde diplomatique
2007-11-26 07:09 <REP> d-------- C:\Program Files\LeMondediplomatique
2007-11-22 19:13 <REP> d-------- C:\Program Files\PDFCreator Toolbar
2007-11-22 19:13 <REP> d-------- C:\Program Files\PDFCreator
2007-11-22 19:13 264,097 --a------ C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_2156.exe
2007-11-22 19:13 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2007-11-22 19:13 116,224 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
2007-11-22 19:13 59,904 --a------ C:\WINDOWS\system32\MSCC2FR.DLL
2007-11-22 19:13 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL
2007-11-20 14:08 <REP> d-------- C:\Program Files\AvantGo
2007-11-20 14:08 111,376 --a------ C:\WINDOWS\system32\expat.dll
2007-11-20 11:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2007-11-20 11:22 <REP> d-------- C:\Program Files\IVT Corporation
2007-11-20 11:04 <REP> d-------- C:\Program Files\Lavalys
2007-11-19 14:08 <REP> d-------- C:\Documents and Settings\Isabelle\Application Data\Leadertech
2007-11-19 13:53 <REP> d-------- C:\Program Files\Fichiers communs\DataViz
2007-11-19 13:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DataViz
2007-11-19 13:52 <REP> d-------- C:\Program Files\Documents To Go
2007-11-19 13:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HotSync
2007-11-19 13:47 53,248 --a------ C:\WINDOWS\PalmDevC.dll
2007-11-19 13:42 <REP> d-------- C:\Program Files\Palm
2007-11-19 13:38 <REP> d-------- C:\Documents and Settings\Isabelle\Application Data\HotSync
2007-11-18 10:50 217,088 --a------ C:\Program Files\uninstaller.exe
2007-11-15 17:55 <REP> d-------- C:\Program Files\HotPotatoes6
2007-11-15 07:30 <REP> d-------- C:\Documents and Settings\Isabelle\Application Data\OpenOffice.org2
2007-11-15 07:27 <REP> d-------- C:\Program Files\OpenOffice.org 2.3
2007-11-15 07:19 <REP> d-------- C:\Program Files\readmes
2007-11-15 07:19 <REP> d-------- C:\Program Files\licenses
2007-11-14 23:43 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-11-14 23:43 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-11-02 22:09 <REP> d-------- C:\Documents and Settings\Isabelle\Application Data\Media Player Classic
2007-11-02 13:25 <REP> d-------- C:\Program Files\Atari
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-28 19:26 --------- d-----w C:\Program Files\QuickTime
2007-11-28 19:24 --------- d-----w C:\Program Files\Apple Software Update
2007-11-28 18:32 39,538 ----a-w C:\Documents and Settings\Isabelle\Application Data\wklnhst.dat
2007-11-28 15:14 46,080 ----a-w C:\WINDOWS\system32\ftp.exe
2007-11-27 20:02 --------- d-----w C:\Program Files\eMule
2007-11-21 20:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-21 20:46 --------- d-----w C:\Program Files\Logitech
2007-11-21 20:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Anoto
2007-11-19 12:38 16,694 ----a-w C:\WINDOWS\system32\drivers\PalmUSBD.sys
2007-11-18 09:49 --------- d-----w C:\Program Files\Phonmap
2007-11-18 08:42 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-11-18 08:33 --------- d-----w C:\Program Files\Dialang
2007-11-18 07:40 --------- d-----w C:\Program Files\Common Files
2007-11-15 19:09 --------- d-----w C:\Program Files\Audacity
2007-11-15 06:22 --------- d-----w C:\Program Files\Java
2007-11-06 05:53 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2007-11-03 08:00 --------- d-----w C:\Program Files\Google
2007-11-02 21:08 --------- d-----w C:\Program Files\Kazaa Lite K++
2007-10-18 17:27 1,164,456 ----a-w C:\Program Files\install_flash_player.exe
2007-10-16 09:55 --------- d-----w C:\Documents and Settings\Isabelle\Application Data\Vision Objects
2007-10-16 09:42 --------- d-----w C:\Documents and Settings\Isabelle\Application Data\Anoto
2007-10-16 09:35 118,784 ------r C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2007-10-11 07:35 --------- d-----w C:\Program Files\Recovery for Word
2007-10-11 07:31 1,254,424 ----a-w C:\Program Files\wrdemo.exe
2007-10-11 07:22 --------- d-----w C:\Program Files\Ontrack
2007-10-11 07:20 36,205,940 ----a-w C:\Program Files\easyrecovery.exe
2007-10-11 06:33 --------- d-----w C:\Program Files\DivX
2007-10-02 07:05 621,181 ----a-w C:\Program Files\Phonmap5Setup.exe
2007-10-01 20:15 496,376 ----a-w C:\Program Files\ie6setup.exe
2007-10-01 20:13 14,826,288 ----a-w C:\Program Files\IE7-WindowsXP-x86-fra.exe
2007-10-01 20:12 884,096 ----a-w C:\Program Files\WGAPluginInstall.exe
2007-09-29 22:43 219,952 ----a-w C:\Program Files\utorrent.exe
2007-09-29 11:38 1,314,136 ----a-w C:\Program Files\DivXPlayer.exe
2007-09-24 20:40 0 ----a-w C:\state.dat
2007-09-21 07:50 24,536,608 ----a-w C:\Program Files\AdbeRdr810_fr_FR.exe
2007-09-18 19:26 3,858,985 ----a-w C:\Program Files\eMule0.48a-Installer.exe
2007-09-18 19:24 176,872 ----a-w C:\Program Files\instala-emule.exe
2007-09-16 11:53 5,832,400 ----a-w C:\Program Files\Firefox Setup 2.0.0.6.exe
2007-09-13 18:55 10,589,013 ----a-w C:\Program Files\vbplayer6_0_1_0_fre_1.exe
2007-09-11 18:30 73,480 ----a-w C:\Documents and Settings\Isabelle\Application Data\GDIPFONTCACHEV1.DAT
2007-09-10 20:04 67,185,957 ----a-w C:\Program Files\openofficeorg3.cab
2007-09-10 20:04 3,393,494 ----a-w C:\Program Files\openofficeorg4.cab
2007-09-10 19:55 19,165,163 ----a-w C:\Program Files\openofficeorg1.cab
2007-09-10 19:55 17,641,046 ----a-w C:\Program Files\openofficeorg2.cab
2007-09-10 19:53 4,368,384 ----a-w C:\Program Files\openofficeorg23.msi
2007-09-10 19:53 217 ----a-w C:\Program Files\setup.ini
2007-09-09 07:42 18,164,640 ----a-w C:\Program Files\aaw2007.exe
2007-09-07 08:02 5,170,176 ----a-w C:\Program Files\WindowsDefender.msi
2007-09-05 16:20 2,228,534 ----a-w C:\Program Files\audacity-win-1.2.6.exe
2007-09-02 21:59 17,929,072 ----a-w C:\Program Files\Install_Messenger.exe
2007-08-30 20:49 319,488 ----a-w C:\Program Files\setup.exe
2007-07-16 14:03 66,047 ----a-w C:\Program Files\laval.doc
2007-06-26 19:35 34,658,095 ----a-w C:\Program Files\NVE3content.exe
2007-06-26 19:34 22,396,022 ----a-w C:\Program Files\NVE2content.exe
2007-06-04 04:28 2,789,618 ----a-w C:\Program Files\eMule0.48a.zip
2007-06-02 12:27 3,116,521 ----a-w C:\Program Files\dialang.exe
2007-06-02 12:26 16,992,339 ----a-w C:\Program Files\sun_jre_installer.exe
2007-06-01 19:37 824,728 ----a-w C:\Program Files\Google_Updater.exe
2007-05-30 18:30 16,840,120 ----a-w C:\Program Files\IE7Setup_G_FR.exe
2007-05-29 19:17 1,127,307 ----a-w C:\Program Files\wrar362fr.exe
2007-05-24 11:21 10,834 ----a-w C:\Program Files\index.xhtml
2007-05-24 11:07 2,691,493 ----a-w C:\Program Files\nl_setup.exe
2007-05-12 07:00 58,313,550 ----a-w C:\Program Files\nortonsystemworks.exe
2007-05-08 06:52 466,680 ----a-w C:\Program Files\dsc00570-h.djvu
2007-05-05 11:12 28,547,568 ----a-w C:\Program Files\FileFormatConverters.exe
2007-04-20 19:24 9,357,092 ----a-w C:\Program Files\vlc-0.8.6b-win32.exe
2007-04-05 06:42 5,819,944 ----a-w C:\Program Files\Firefox Setup 2.0.0.3.exe
2007-03-30 17:18 10,147,620 ----a-w C:\Program Files\QuicktracksInstaller3027.exe
2007-03-30 17:12 5,554,688 ----a-w C:\Program Files\SmartSound Quicktracks Plugin.msi
2007-03-23 14:51 124,309,192 ----a-w C:\Program Files\RagTime_6.0.1(1601)web.zip
2007-03-02 17:44 1,126,115 ----a-w C:\Program Files\EB2install.exe
2007-02-19 15:12 4,277,864 ----a-w C:\Program Files\wz100fev.exe
2006-12-20 20:48 1,282,759 ----a-w C:\Program Files\motherboard_monitor_motherboard_monitor_5.3.7.0_francais_9626.exe
2006-11-26 15:04 1,025,896 ----a-w C:\Program Files\spamfighter_web.exe
2006-10-29 06:37 354,122 ----a-w C:\Program Files\thedancer.exe
2006-10-26 11:01 1,924,156 ----a-w C:\Program Files\SyncBack_Setup_FR.zip
2006-10-26 07:37 3,096,728 ----a-w C:\Program Files\aisbackup.exe
2006-10-25 20:46 96,061 ----a-w C:\Program Files\TutorielFileZilla.sxw
2006-10-21 08:16 4,055,034 ----a-w C:\Program Files\ohmiNotes_PC.zip
2006-10-21 07:43 10,492,602 ----a-w C:\Program Files\InstallPersoNotes.exe
2006-10-20 20:20 0 ----a-w C:\Documents and Settings\Isabelle\iphist.dat
2006-10-20 20:16 8,589,078 ----a-w C:\Program Files\instprof10.exe
2006-10-15 14:56 4,402,056 ----a-w C:\Program Files\ASDsetup.exe
2006-10-04 19:30 36,656,704 ----a-w C:\Program Files\iTunesSetup.exe
2006-09-25 17:44 5,057,248 ----a-w C:\Program Files\MediaMonkey_Setup_2_5_4.exe
2006-07-10 17:32 128,828 ----a-w C:\Program Files\Win98SE_C130.zip
2006-07-10 17:09 794,702 ----a-w C:\Program Files\UStorageWin98Driver2.0.exe
2006-06-29 11:17 3,489,238 ----a-w C:\Program Files\FileZilla_2_2_25_setup.exe
2006-06-26 20:45 4,789,792 ----a-w C:\Program Files\picasa2-current.exe
2006-02-03 08:12 611,272 ----a-w C:\Program Files\kazaa_setup.exe
2006-02-03 08:01 2,803,665 ----a-w C:\Program Files\klitekpp243f.exe
2006-02-03 07:44 4,677,596 ----a-w C:\Program Files\eMule0.47a-Installer.exe
2005-10-31 16:40 11,768,792 ----a-w C:\Program Files\GoogleEarthSetup.exe
2005-10-26 14:44 1,219,016 ----a-w C:\Program Files\Install.exe
2005-09-18 09:08 164,579 ----a-w C:\Program Files\GoogleVideoUploaderInstaller.exe
2005-09-07 13:36 226,584 ----a-w C:\Program Files\jre-1_5_0_04-windows-i586-p-iftw.exe
2005-09-03 14:55 2,541,831 ----a-w C:\Program Files\SetupCloneCD5261.exe
2005-09-03 14:43 4,577,316 ----a-w C:\Program Files\eMule0.46c-Installer.exe
2005-09-02 19:47 7,048,808 ----a-w C:\Program Files\pf600016.exe
2005-09-02 18:01 2,538,733 ----a-w C:\Program Files\winzip9_vnu.exe
.
((((((((((((((((((((((((((((( snapshot@2007-11-28_12.54.29.42 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-02-21 17:29:14 1,257,472 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2007-11-28 13:04:39 1,265,664 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2005-02-21 17:18:47 1,224,704 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2007-11-28 13:04:41 1,232,896 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2007-11-28 13:04:53 61,440 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_08f02213\CustomMarshalers.dll
+ 2007-11-28 13:05:17 3,391,488 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_a860fc9d\mscorlib.dll
+ 2007-11-28 13:05:11 1,466,368 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_c90a4a30\System.Design.dll
+ 2007-11-28 13:04:55 90,112 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_b9b1a37e\System.Drawing.Design.dll
+ 2007-11-28 13:05:13 835,584 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_2968eb72\System.Drawing.dll
+ 2007-11-28 13:05:01 3,018,752 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_c730bbfb\System.Windows.Forms.dll
+ 2007-11-28 13:05:06 2,088,960 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_00342553\System.Xml.dll
+ 2007-11-28 13:04:52 1,966,080 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_a98be9c3\System.dll
- 2004-08-05 12:00:00 1,036,288 ----a-w C:\WINDOWS\explorer.exe
+ 2007-06-13 13:22:28 1,037,312 ----a-w C:\WINDOWS\explorer.exe
+ 2007-11-28 19:27:57 102,400 ----a-r C:\WINDOWS\Installer\{4F5CE18C-D97D-48FF-A510-A0D90C918294}\iTunesIco.exe
+ 2007-11-28 19:24:11 27,136 ----a-r C:\WINDOWS\Installer\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}\AppleSoftwareUpdateIco.exe
+ 2007-11-28 13:03:19 32,768 ----a-r C:\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe
- 2004-07-15 00:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2007-04-13 20:30:52 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2004-07-15 00:49:22 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2007-04-13 20:30:52 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2004-07-14 23:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2007-04-13 19:57:52 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2003-02-20 18:09:14 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2007-04-13 19:57:58 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2004-07-14 23:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2007-04-13 19:56:30 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2004-07-14 23:33:04 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2007-04-13 19:58:00 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2004-07-15 13:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2007-04-13 19:50:46 2,142,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2003-02-20 18:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2007-04-13 19:58:02 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2004-07-14 23:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2007-04-13 19:57:00 2,523,136 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2004-07-14 23:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2007-04-13 19:57:28 2,514,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2004-08-10 15:20:00 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
+ 2007-01-15 15:11:26 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
+ 2004-07-15 00:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1724\_aspnet_isapi.dll
+ 2004-07-14 23:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1724\_CORPerfMonExt.dll
+ 2004-07-14 23:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1724\_fusion.dll
+ 2004-07-14 23:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1724\_mscorjit.dll
+ 2004-07-15 13:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1724\_mscorlib.dll
+ 2003-02-20 18:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1724\_mscorsn.dll
+ 2004-07-14 23:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1724\_mscorsvr.dll
+ 2004-07-14 23:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1724\_mscorwks.dll
+ 2003-02-21 03:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1724\_msvcr71.dll
+ 2004-07-14 23:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1724\_PerfCounter.dll
- 2004-07-15 13:31:16 1,224,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2007-04-13 20:35:38 1,232,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2004-10-08 05:20:12 1,257,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2007-04-13 20:35:46 1,265,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2007-02-19 15:04:09 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2007-08-22 12:57:25 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
- 2007-02-19 15:04:09 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2007-08-22 12:57:25 152,064 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2007-02-19 15:04:09 1,056,768 ----a-w C:\WINDOWS\system32\danim.dll
+ 2007-08-22 12:57:26 1,056,768 ----a-w C:\WINDOWS\system32\danim.dll
- 2007-02-19 15:04:09 1,024,000 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2007-08-22 12:57:25 1,023,488 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
- 2007-02-19 15:04:09 152,064 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2007-08-22 12:57:25 152,064 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2007-02-19 15:04:09 1,056,768 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
+ 2007-08-22 12:57:26 1,056,768 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
- 2006-11-08 05:07:30 86,528 -c--a-w C:\WINDOWS\system32\dllcache\directdb.dll
+ 2007-05-16 15:13:53 86,528 -c--a-w C:\WINDOWS\system32\dllcache\directdb.dll
- 2007-02-19 15:04:09 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2007-08-22 12:57:26 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-02-19 15:04:10 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2007-08-22 12:57:26 205,824 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2004-08-05 12:00:00 1,036,288 -c--a-w C:\WINDOWS\system32\dllcache\explorer.exe
+ 2007-06-13 13:22:28 1,037,312 -c--a-w C:\WINDOWS\system32\dllcache\explorer.exe
- 2007-02-19 15:04:10 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-08-22 12:57:26 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-11-28 11:52:30 46,080 -c--a-w C:\WINDOWS\system32\dllcache\ftp.exe
+ 2007-11-28 15:14:24 46,080 -c--a-w C:\WINDOWS\system32\dllcache\ftp.exe
- 2007-03-08 15:37:50 281,600 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll
+ 2007-06-19 13:32:25 282,112 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll
- 2007-02-19 09:01:28 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-08-21 10:19:39 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
- 2007-02-19 15:04:10 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2007-08-22 12:57:26 251,904 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2006-11-08 05:07:30 679,424 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2007-08-21 06:17:23 683,520 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
- 2007-02-19 15:04:10 96,768 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2007-08-22 12:57:26 96,768 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2007-02-19 15:04:10 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-08-22 12:57:26 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2006-07-05 10:56:38 1,049,088 -c--a-w C:\WINDOWS\system32\dllcache\kernel32.dll
+ 2007-04-16 15:53:11 1,049,600 -c--a-w C:\WINDOWS\system32\dllcache\kernel32.dll
- 2007-02-19 15:04:11 3,077,632 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2007-08-22 12:57:28 3,085,824 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-02-19 15:04:11 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-08-22 12:57:28 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2006-11-08 05:07:30 1,314,816 -c--a-w C:\WINDOWS\system32\dllcache\msoe.dll
+ 2007-05-16 15:13:54 1,314,816 -c--a-w C:\WINDOWS\system32\dllcache\msoe.dll
- 2007-02-19 15:04:11 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2007-08-22 12:57:28 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-02-19 15:04:11 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2007-08-22 12:57:28 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2006-09-13 05:03:06 1,084,416 -c--a-w C:\WINDOWS\system32\dllcache\msxml3.dll
+ 2007-06-26 06:09:14 1,104,896 -c--a-w C:\WINDOWS\system32\dllcache\msxml3.dll
- 2004-08-05 12:00:00 553,472 -c--a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
+ 2007-05-17 11:29:50 549,376 -c--a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
- 2007-02-19 15:04:11 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2007-08-22 12:57:28 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2004-08-05 12:00:00 581,120 -c--a-w C:\WINDOWS\system32\dllcache\rpcrt4.dll
+ 2007-07-09 13:11:46 584,192 -c--a-w C:\WINDOWS\system32\dllcache\rpcrt4.dll
- 2004-08-05 12:00:00 144,896 -c--a-w C:\WINDOWS\system32\dllcache\schannel.dll
+ 2007-04-25 14:22:35 144,896 -c--a-w C:\WINDOWS\system32\dllcache\schannel.dll
- 2007-02-19 15:04:12 1,495,040 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2007-08-22 12:57:29 1,498,624 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2006-12-19 21:49:47 8,509,952 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2007-10-25 16:43:25 8,516,608 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
- 2007-02-19 15:04:12 474,624 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2007-08-22 12:57:30 474,624 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2007-11-28 11:52:31 17,920 -c--a-w C:\WINDOWS\system32\dllcache\tftp.exe
+ 2004-08-05 12:00:00 17,920 -c--a-w C:\WINDOWS\system32\dllcache\tftp.exe
- 2007-02-19 15:04:13 617,472 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-08-22 12:57:30 620,032 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2006-12-19 18:09:33 852,480 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2007-06-26 13:56:54 851,968 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
- 2006-11-08 05:07:30 510,976 -c--a-w C:\WINDOWS\system32\dllcache\wab32.dll
+ 2007-05-16 15:13:55 510,976 -c--a-w C:\WINDOWS\system32\dllcache\wab32.dll
- 2006-11-08 05:07:30 85,504 -c--a-w C:\WINDOWS\system32\dllcache\wabimp.dll
+ 2007-05-16 15:13:55 85,504 -c--a-w C:\WINDOWS\system32\dllcache\wabimp.dll
- 2007-02-19 15:04:13 663,040 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2007-08-22 12:57:30 669,696 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2006-04-29 04:07:48 5,533,696 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
+ 2007-04-30 07:20:24 5,537,792 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
+ 2006-09-19 13:44:04 15,664 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
+ 2007-10-31 13:09:14 30,464 -c--a-w C:\WINDOWS\system32\DRVSTORE\usbaapl_4351B7DAFF62FD33510D77DFAE3CF8CC82517571\usbaapl.sys
- 2007-02-19 15:04:09 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2007-08-22 12:57:26 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-02-19 15:04:10 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-08-22 12:57:26 205,824 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-02-19 15:04:10 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2007-08-22 12:57:26 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2007-03-08 15:37:50 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
+ 2007-06-19 13:32:25 282,112 ----a-w C:\WINDOWS\system32\gdi32.dll
+ 2006-10-03 18:47:52 109,360 ----a-w C:\WINDOWS\system32\GEARAspi.dll
- 2007-02-19 15:04:10 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2007-08-22 12:57:26 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2006-11-08 05:07:30 679,424 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2007-08-21 06:17:23 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
- 2007-02-19 15:04:10 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2007-08-22 12:57:26 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
- 2007-02-19 15:04:10 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-08-22 12:57:26 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2006-07-05 10:56:38 1,049,088 ----a-w C:\WINDOWS\system32\kernel32.dll
+ 2007-04-16 15:53:11 1,049,600 ----a-w C:\WINDOWS\system32\kernel32.dll
+ 2004-08-05 12:00:00 17,920 ----a-w C:\WINDOWS\system32\Microsoft\tftp.exe
- 2007-04-27 20:45:12 14,970,328 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-11-01 23:12:58 18,238,072 ----a-w C:\WINDOWS\system32\MRT.exe
- 2004-07-14 23:24:50 155,648 ----a-w C:\WINDOWS\system32\mscoree.dll
+ 2006-12-22 11:28:14 271,360 ----a-w C:\WINDOWS\system32\mscoree.dll
- 2007-02-19 15:04:11 3,077,632 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-08-22 12:57:28 3,085,824 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-02-19 15:04:11 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-08-22 12:57:28 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-02-19 15:04:11 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-08-22 12:57:28 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-02-19 15:04:11 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2007-08-22 12:57:28 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2006-09-13 05:03:06 1,084,416 ----a-w C:\WINDOWS\system32\msxml3.dll
+ 2007-06-26 06:09:14 1,104,896 ----a-w C:\WINDOWS\system32\msxml3.dll
- 2006-11-04 13:14:00 1,245,696 ----a-w C:\WINDOWS\system32\msxml4.dll
+ 2007-05-08 14:03:04 1,275,392 ----a-w C:\WINDOWS\system32\msxml4.dll
+ 2006-12-22 12:02:36 6,144 ----a-w C:\WINDOWS\system32\mui\[u]0[/u]409\mscorees.dll
- 2004-08-05 12:00:00 553,472 ------w C:\WINDOWS\system32\oleaut32.dll
+ 2007-05-17 11:29:50 549,376 ------w C:\WINDOWS\system32\oleaut32.dll
- 2007-11-28 11:49:27 53,098 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-11-28 13:01:17 53,098 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-11-28 11:49:27 64,052 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2007-11-28 13:01:17 64,052 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2007-11-28 11:49:27 380,684 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-11-28 13:01:17 380,684 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-11-28 11:49:27 445,672 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2007-11-28 13:01:17 445,672 ----a-w C:\WINDOWS\system32\perfh00C.dat
- 2007-02-19 15:04:11 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2007-08-22 12:57:28 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2004-08-05 12:00:00 581,120 ----a-w C:\WINDOWS\system32\rpcrt4.dll
+ 2007-07-09 13:11:46 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll
- 2004-08-05 12:00:00 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
+ 2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
- 2007-02-19 15:04:12 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2007-08-22 12:57:29 1,498,624 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2006-12-19 21:49:47 8,509,952 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2007-10-25 16:43:25 8,516,608 ----a-w C:\WINDOWS\system32\shell32.dll
- 2007-02-19 15:04:12 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2007-08-22 12:57:30 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2006-12-14 08:53:58 15,072 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-03-06 01:34:33 15,072 ------w C:\WINDOWS\system32\spmsg.dll
- 2006-09-06 14:43:30 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2005-06-28 09:21:34 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
- 2007-11-28 11:52:31 17,920 ----a-w C:\WINDOWS\system32\tftp.exe
+ 2004-08-05 12:00:00 17,920 ----a-w C:\WINDOWS\system32\tftp.exe
- 2007-01-29 08:58:06 60,416 ------w C:\WINDOWS\system32\tzchange.exe
+ 2007-07-18 12:42:22 60,416 ------w C:\WINDOWS\system32\tzchange.exe
- 2007-02-19 15:04:13 617,472 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-08-22 12:57:30 620,032 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2007-02-19 15:04:13 663,040 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-08-22 12:57:30 669,696 ----a-w C:\WINDOWS\system32\wininet.dll
- 2006-04-29 04:07:48 5,533,696 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2007-04-30 07:20:24 5,537,792 ----a-w C:\WINDOWS\system32\wmp.dll
- 2007-03-09 11:51:20 265,216 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-10-29 15:07:16 369,152 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-11-28 22:07:51 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_624.dat
+ 2007-05-08 14:06:44 1,275,392 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a\msxml4.dll
+ 2006-12-01 21:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-01 21:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-01 21:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B08ADC37-10DC-3F27-8F58-3EE6728303B0}]
C:\WINDOWS\system32\pwik.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-12-09 15:38]
"LaCie Backup"="C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe" [2006-01-24 08:55]
"german.exe"="C:\WINDOWS\system32\wintems.exe" []
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-11-06 06:54]
"Krki"="C:\Documents and Settings\Isabelle\Application Data\??stem\logonui.exe" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-12 21:05]
"AGRSMMSG"="AGRSMMSG.exe" [2005-01-17 11:12 C:\WINDOWS\AGRSMMSG.exe]
"KTPWare"="C:\Program Files\Elantech\ktp3.exe" [2004-11-17 14:38]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 16:26]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-05-19 06:05]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-16 00:15]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2005-04-11 22:49]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00]
C:\Documents and Settings\Isabelle\Menu D‚marrer\Programmes\D‚marrage\
Palm Registration.lnk - C:\Program Files\Palm\register.exe [2005-08-08 12:36:14]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-06-15 17:47:10]
DataViz Inc Messenger.lnk - C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe [2007-11-19 13:53:43]
HotSync Manager.lnk - C:\Program Files\Palm\Hotsync.exe [2004-06-09 14:27:34]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-06 06:54:30]
[color=red]SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^desktop.ini]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
backup=C:\WINDOWS\pss\desktop.iniCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Isabelle^Menu Démarrer^Programmes^Démarrage^WKCALREM.LNK]
path=C:\Documents and Settings\Isabelle\Menu Démarrer\Programmes\Démarrage\WKCALREM.LNK
backup=C:\WINDOWS\pss\WKCALREM.LNKStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
C:\Program Files\IncrediMail\bin\IncMail.exe /c
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2005-04-11 22:49 127118 --------- C:\Program Files\CyberLink\PowerCinema\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot
R3 CB54G3;Wireless CB54G3/MP54G3 Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\i2220ntx.sys
R3 Ktp3;Elantech TouchPad(KTP3);C:\WINDOWS\system32\DRIVERS\Ktp3.sys
S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
S3 DSDrv4;DSDrv4;\??\C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys
S3 LVHybrid;LVHybrid service;C:\WINDOWS\system32\DRIVERS\LVHybrid.sys
S3 Phal;Phal - Logitech io2 USB driver;C:\WINDOWS\system32\Drivers\LPhalUsb.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{191dcc7d-8d31-11d9-8009-806d6172696f}]
\Shell\AutoRun\command - D:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22611b3c-8ea3-11dc-8cfe-000c76f734e6}]
\Shell\AutoRun\command - G:\start.exe
\Shell\iledefrance\command - G:\start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea2f1c00-8cb7-11d9-bf82-0011091f4734}]
\Shell\AutoRun\command - D:\Autorun.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-11-23 16:15:01 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-11-28 22:10:51 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-28 23:17:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2007-11-28 23:19:01
C:\ComboFix2.txt ... 2007-11-28 12:55
.
--- E O F ---
Bonjour G!irly, voici le hijack
Logfile of HijackThis v1.99.1
Scan saved at 14:04:08, on 29/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Elantech\ktp3.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LaCie\Backup Software\LaCieBackup.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.lemonde.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {B08ADC37-10DC-3F27-8F58-3EE6728303B0} - C:\WINDOWS\system32\pwik.dll (file missing)
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp3.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Krki] "C:\Documents and Settings\Isabelle\Application Data\??stem\logonui.exe"
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1109001892015
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
Logfile of HijackThis v1.99.1
Scan saved at 14:04:08, on 29/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Elantech\ktp3.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LaCie\Backup Software\LaCieBackup.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.lemonde.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {B08ADC37-10DC-3F27-8F58-3EE6728303B0} - C:\WINDOWS\system32\pwik.dll (file missing)
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp3.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Krki] "C:\Documents and Settings\Isabelle\Application Data\??stem\logonui.exe"
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1109001892015
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
re,
peux tu refaire analyser ces deux fichiers :
C:\WINDOWS\system32\ > wintems.exe <
C:\Documents and Settings\Isabelle\Application Data\??stem\ > logonui.exe <
mais ici cette fois ci :
http://virusscan.jotti.org/de/
post le resultat ici stp
@+
peux tu refaire analyser ces deux fichiers :
C:\WINDOWS\system32\ > wintems.exe <
C:\Documents and Settings\Isabelle\Application Data\??stem\ > logonui.exe <
mais ici cette fois ci :
http://virusscan.jotti.org/de/
post le resultat ici stp
@+
Alors, ça ne fonctionne pas pour wintems.exe, voici le message que j'obtiens :The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file
résultat virusscan pour logonui
Datei: logonui.exe.vir
Auslastung:
0% 100%
Status:
INFIZIERT/MALWARE (Anmerkung: diese Datei wurde bereits vorher gescannt. Die Scanergebnisse werden daher nicht in der Datenbank gespeichert.)
Entdeckte Packprogramme:
PE_PATCH.PECOMPACT, PECBUNDLE, PECOMPACT
Bit9 rapportiert: File not found
A-Squared
Keine Viren gefunden
AntiVir
ADSPY/PurityScan.CF gefunden
ArcaVir
Keine Viren gefunden
Avast
Keine Viren gefunden
AVG Antivirus
Generic2.VJE gefunden
BitDefender
Keine Viren gefunden
ClamAV
Keine Viren gefunden
CPsecure
Keine Viren gefunden
Dr.Web
Keine Viren gefunden
F-Prot Antivirus
Keine Viren gefunden
F-Secure Anti-Virus
Keine Viren gefunden
Fortinet
Keine Viren gefunden
Ikarus
not-a-virus:AdWare.Win32.PurityScan.fn gefunden
Kaspersky Anti-Virus
Keine Viren gefunden
NOD32
probably a variant of Win32/Adware.PurityScan application gefunden (mögliche Variante)
Norman Virus Control
W32/PurityScan.BJA gefunden
Panda Antivirus
Generic gefunden
Rising Antivirus
Keine Viren gefunden
Sophos Antivirus
Keine Viren gefunden
VirusBuster
Keine Viren gefunden
VBA32
Keine Viren gefunden
résultat virusscan pour logonui
Datei: logonui.exe.vir
Auslastung:
0% 100%
Status:
INFIZIERT/MALWARE (Anmerkung: diese Datei wurde bereits vorher gescannt. Die Scanergebnisse werden daher nicht in der Datenbank gespeichert.)
Entdeckte Packprogramme:
PE_PATCH.PECOMPACT, PECBUNDLE, PECOMPACT
Bit9 rapportiert: File not found
A-Squared
Keine Viren gefunden
AntiVir
ADSPY/PurityScan.CF gefunden
ArcaVir
Keine Viren gefunden
Avast
Keine Viren gefunden
AVG Antivirus
Generic2.VJE gefunden
BitDefender
Keine Viren gefunden
ClamAV
Keine Viren gefunden
CPsecure
Keine Viren gefunden
Dr.Web
Keine Viren gefunden
F-Prot Antivirus
Keine Viren gefunden
F-Secure Anti-Virus
Keine Viren gefunden
Fortinet
Keine Viren gefunden
Ikarus
not-a-virus:AdWare.Win32.PurityScan.fn gefunden
Kaspersky Anti-Virus
Keine Viren gefunden
NOD32
probably a variant of Win32/Adware.PurityScan application gefunden (mögliche Variante)
Norman Virus Control
W32/PurityScan.BJA gefunden
Panda Antivirus
Generic gefunden
Rising Antivirus
Keine Viren gefunden
Sophos Antivirus
Keine Viren gefunden
VirusBuster
Keine Viren gefunden
VBA32
Keine Viren gefunden
1
a l´aide de hijack this coche et fix ceci :
O2 - BHO: (no name) - {B08ADC37-10DC-3F27-8F58-3EE6728303B0} - C:\WINDOWS\system32\pwik.dll (file missing)
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O4 - HKCU\..\Run: [Krki] "C:\Documents and Settings\Isabelle\Application Data\??stem\logonui.exe"
comment fixer :
Tutoriel d´utilisation (video) :
-> http://pageperso.aol.fr/balltrap34/demohijack.htm
2
Ouvre le bloc-notes (click droit sur le bureau > dans l´arborescence choisie nouveau et nouveau fichier texte) et fais un copier coller de ce qui est en citation ci-dessous (copie tout d'un trait-sans les barres(X)) :
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B08ADC37-10DC-3F27-8F58-3EE6728303B0}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"german.exe"=-
"Krki"=-
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
note : REGEDIT4 doit etre sur la premiere ligne puis il y a une ligne blanche a la fin
Puis click sur "fichier"/"enregistrer sous" :
dans : sur le bureau
Nom du fichier : fix.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"
ca doit ressembler a ca une fois enrregistré :
http://img520.imageshack.us/img520/4251/screenshot005ps2.png
quitte internet et double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"
3
Télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-click sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\WINDOWS\system32\wintems.exe
C:\Documents and Settings\Isabelle\Application Data\??stem\logonui.exe
C:\Documents and Settings\Isabelle\Application Data\??stem
Click sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
click sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
Ps : il te sera peut-être demander de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.
http://img137.imageshack.us/img137/3558/refaitjk8.th.jpg
4
instal un des deux par feu ci desous
par feu : kerio
Kerio (pare-feu) : reste gratuit après la période d'essai en français
----> https://www.zebulon.fr/telechargements/securite/firewalls/kerio.html
Regarde ce tutoriel si tu as besoin d'aide pour l'installation et la configuration de Kerio
--> https://kerio.probb.fr/t1-tuto-pour-kerio-4-2
Plus d'info :
->https://kerio.probb.fr/
ou zone alarm plus facil a configurer mais moins performant
http://www.kachouri.com/tuto/tuto-143-zonealarm-installation-du-firewall--pare-feu.html
5
desinstal avast et instal antivir a sa place
Antivir vs Avast :
->http://forum.malekal.com/ftopic3528.php
antivir tutoriel
->https://www.malekal.com/avira-free-security-antivirus-gratuit/
http://mickael.barroux.free.fr/securite/antivir.php <- tutoriel configuration du scanner...
6
-> Redémarre en mode sans échec :
Comment redémarrer en mode sans echec?
Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
capture d´ecran : http://www.coupdepoucepc.com/images_cdppc4/fichespratiques/windowsxp/modese/modese2.jpg
Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
Ps : si F8 ne marche pas utilise la touche F5.
ouvre antivir et fais un scan complet de ta machine (regarde le tutoriel fourni + haut) et post le rapport ici stp
@+
a l´aide de hijack this coche et fix ceci :
O2 - BHO: (no name) - {B08ADC37-10DC-3F27-8F58-3EE6728303B0} - C:\WINDOWS\system32\pwik.dll (file missing)
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O4 - HKCU\..\Run: [Krki] "C:\Documents and Settings\Isabelle\Application Data\??stem\logonui.exe"
comment fixer :
Tutoriel d´utilisation (video) :
-> http://pageperso.aol.fr/balltrap34/demohijack.htm
2
Ouvre le bloc-notes (click droit sur le bureau > dans l´arborescence choisie nouveau et nouveau fichier texte) et fais un copier coller de ce qui est en citation ci-dessous (copie tout d'un trait-sans les barres(X)) :
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B08ADC37-10DC-3F27-8F58-3EE6728303B0}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"german.exe"=-
"Krki"=-
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
note : REGEDIT4 doit etre sur la premiere ligne puis il y a une ligne blanche a la fin
Puis click sur "fichier"/"enregistrer sous" :
dans : sur le bureau
Nom du fichier : fix.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"
ca doit ressembler a ca une fois enrregistré :
http://img520.imageshack.us/img520/4251/screenshot005ps2.png
quitte internet et double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"
3
Télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-click sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\WINDOWS\system32\wintems.exe
C:\Documents and Settings\Isabelle\Application Data\??stem\logonui.exe
C:\Documents and Settings\Isabelle\Application Data\??stem
Click sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
click sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
Ps : il te sera peut-être demander de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.
http://img137.imageshack.us/img137/3558/refaitjk8.th.jpg
4
instal un des deux par feu ci desous
par feu : kerio
Kerio (pare-feu) : reste gratuit après la période d'essai en français
----> https://www.zebulon.fr/telechargements/securite/firewalls/kerio.html
Regarde ce tutoriel si tu as besoin d'aide pour l'installation et la configuration de Kerio
--> https://kerio.probb.fr/t1-tuto-pour-kerio-4-2
Plus d'info :
->https://kerio.probb.fr/
ou zone alarm plus facil a configurer mais moins performant
http://www.kachouri.com/tuto/tuto-143-zonealarm-installation-du-firewall--pare-feu.html
5
desinstal avast et instal antivir a sa place
Antivir vs Avast :
->http://forum.malekal.com/ftopic3528.php
antivir tutoriel
->https://www.malekal.com/avira-free-security-antivirus-gratuit/
http://mickael.barroux.free.fr/securite/antivir.php <- tutoriel configuration du scanner...
6
-> Redémarre en mode sans échec :
Comment redémarrer en mode sans echec?
Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
capture d´ecran : http://www.coupdepoucepc.com/images_cdppc4/fichespratiques/windowsxp/modese/modese2.jpg
Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
Ps : si F8 ne marche pas utilise la touche F5.
ouvre antivir et fais un scan complet de ta machine (regarde le tutoriel fourni + haut) et post le rapport ici stp
@+
Alors j'ai un problème dans move it.
Voici le message qui apparaît dans une fenêtre :
cannot create file C:\otmoveit\movedfiles\11292007_152101.log
et dans la fenêtre RESULTS
File/Folder C:\WINDOWS\system32\wintems.exe not found.
File/Folder C:\Documents and Settings\Isabelle\Application Data\??stem\logonui.exe not found.
File/Folder C:\Documents and Settings\Isabelle\Application Data\??stem not found.
Created on 11/29/2007 15:21:01
Voici le message qui apparaît dans une fenêtre :
cannot create file C:\otmoveit\movedfiles\11292007_152101.log
et dans la fenêtre RESULTS
File/Folder C:\WINDOWS\system32\wintems.exe not found.
File/Folder C:\Documents and Settings\Isabelle\Application Data\??stem\logonui.exe not found.
File/Folder C:\Documents and Settings\Isabelle\Application Data\??stem not found.
Created on 11/29/2007 15:21:01
