Rapport msnfix
Résolu
lili
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
MSNFix 1.701
C:\MSNFix
Fix exécuté le 08/04/2008 - 23:40:56,57 By ALIXIA
mode normal
************************ Recherche les fichiers présents
... C:\WINDOWS\system32\^^^^^.exe
... C:\WINDOWS\system32\^^^^^.exe
... C:\Documents and Settings\ALIXIA\??????.exe
... C:\Documents and Settings\ALIXIA\????????.exe
************************ Recherche les dossiers présents
... \TEMP\
************************ Suppression des fichiers
.. OK ... C:\WINDOWS\system32\^^.exe
/!\ ... C:\WINDOWS\system32\^^^^^.exe
/!\ ... C:\WINDOWS\system32\^^^^^.exe
/!\ ... C:\WINDOWS\system32\^^^^^.exe
/!\ ... C:\WINDOWS\system32\^^^^^.exe
/!\ ... C:\Documents and Settings\ALIXIA\??????.exe
/!\ ... C:\Documents and Settings\ALIXIA\????????.exe
************************ Suppression des dossiers
/!\ ... \TEMP\
************************ Nettoyage du registre
Les fichiers encore présents seront supprimés au prochain redémarrage
************************ Suppression des fichiers
.. OK ... C:\Documents and Settings\ALIXIA\??????.exe
.. OK ... C:\Documents and Settings\ALIXIA\????????.exe
.. OK ... C:\WINDOWS\system32\^^.exe
************************ Fichiers suspects
/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention
[C:\PKZIP25.EXE] 998C2626A275C4EE1D59C2B3D0EDE028
[color=#FF0000][b]==>/b/color SVP merci d'envoyer le fichier [b] C:\DOCUME~1\ALIXIA\Bureau\Upload_Me.zip /b sur http://upload.changelog.fr
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 08042008_23451495.zip
************************ HKLM\...\Winlogon\Userinit
Userinit = C:\WINDOWS\system32\userinit.exe,
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
MSNFix 1.701
C:\MSNFix
Fix exécuté le 08/04/2008 - 23:40:56,57 By ALIXIA
mode normal
************************ Recherche les fichiers présents
... C:\WINDOWS\system32\^^^^^.exe
... C:\WINDOWS\system32\^^^^^.exe
... C:\Documents and Settings\ALIXIA\??????.exe
... C:\Documents and Settings\ALIXIA\????????.exe
************************ Recherche les dossiers présents
... \TEMP\
************************ Suppression des fichiers
.. OK ... C:\WINDOWS\system32\^^.exe
/!\ ... C:\WINDOWS\system32\^^^^^.exe
/!\ ... C:\WINDOWS\system32\^^^^^.exe
/!\ ... C:\WINDOWS\system32\^^^^^.exe
/!\ ... C:\WINDOWS\system32\^^^^^.exe
/!\ ... C:\Documents and Settings\ALIXIA\??????.exe
/!\ ... C:\Documents and Settings\ALIXIA\????????.exe
************************ Suppression des dossiers
/!\ ... \TEMP\
************************ Nettoyage du registre
Les fichiers encore présents seront supprimés au prochain redémarrage
************************ Suppression des fichiers
.. OK ... C:\Documents and Settings\ALIXIA\??????.exe
.. OK ... C:\Documents and Settings\ALIXIA\????????.exe
.. OK ... C:\WINDOWS\system32\^^.exe
************************ Fichiers suspects
/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention
[C:\PKZIP25.EXE] 998C2626A275C4EE1D59C2B3D0EDE028
[color=#FF0000][b]==>/b/color SVP merci d'envoyer le fichier [b] C:\DOCUME~1\ALIXIA\Bureau\Upload_Me.zip /b sur http://upload.changelog.fr
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 08042008_23451495.zip
************************ HKLM\...\Winlogon\Userinit
Userinit = C:\WINDOWS\system32\userinit.exe,
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
49 réponses
salut,
désolée de pas avoir répondu hier mais g t avec mon frère à l'hopital.
voici le new rapport de hjt
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:03:53, on 11/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\avast\aswUpdSv.exe
C:\Program Files\avast\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\avast\ashMaiSv.exe
C:\Program Files\avast\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\avast\ashDisp.exe
C:\Program Files\Multimedia Combo Set\MouseDrv.exe
C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [EXENAMEbootloadEXENAMEMASTERNbusterbraMASTERNLANSPREADnLANSPREADSTNICKdabotlastdaSTNICKHGTZHSQLSPREADjaSQLSPREADFTPADDYdonat.banki.huFTPADDYFTPUSRaatFTPUSRFTPPWaat123FTPPWFTPDATbild03.exeFTPDATSPREADNET81SPREADNETHGTZHPTOPneinPTOPINIMIRCjaINIMIRCINIMIRCMSGlol check it outINIMIRCMSGINIMIRCEXEircbotINIMIRCEXE] C:\WINDOWS\bootload.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\avast\ashDisp.exe
O4 - HKLM\..\Run: [WireLessMouse ] C:\Program Files\Multimedia Combo Set\MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Mouse Driver\MouseDrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Nvidia] C:\Documents and Settings\ALIXIA\wkuwku.exe
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb\tribalweb.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB833457-843C-4403-B3E1-74CB48426EEE}: NameServer = 212.151.137.170 212.151.136.246
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\avast\ashWebSv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TFTP Server (TFTPService) - Unknown owner - c:\windows\java\tftp4nt.exe
désolée de pas avoir répondu hier mais g t avec mon frère à l'hopital.
voici le new rapport de hjt
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:03:53, on 11/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\avast\aswUpdSv.exe
C:\Program Files\avast\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\avast\ashMaiSv.exe
C:\Program Files\avast\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\avast\ashDisp.exe
C:\Program Files\Multimedia Combo Set\MouseDrv.exe
C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [EXENAMEbootloadEXENAMEMASTERNbusterbraMASTERNLANSPREADnLANSPREADSTNICKdabotlastdaSTNICKHGTZHSQLSPREADjaSQLSPREADFTPADDYdonat.banki.huFTPADDYFTPUSRaatFTPUSRFTPPWaat123FTPPWFTPDATbild03.exeFTPDATSPREADNET81SPREADNETHGTZHPTOPneinPTOPINIMIRCjaINIMIRCINIMIRCMSGlol check it outINIMIRCMSGINIMIRCEXEircbotINIMIRCEXE] C:\WINDOWS\bootload.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\avast\ashDisp.exe
O4 - HKLM\..\Run: [WireLessMouse ] C:\Program Files\Multimedia Combo Set\MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Mouse Driver\MouseDrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Nvidia] C:\Documents and Settings\ALIXIA\wkuwku.exe
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb\tribalweb.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB833457-843C-4403-B3E1-74CB48426EEE}: NameServer = 212.151.137.170 212.151.136.246
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\avast\ashWebSv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TFTP Server (TFTPService) - Unknown owner - c:\windows\java\tftp4nt.exe
Re ,
C'est pas grave j'espère ?
********************************
1) Affiche les fichiers et dossiers cachés …
Pour ce faire, tu vas dans un dossier, par ex. "Mes Images".
Ensuite, clique sur > Outils > Options des dossiers ...
clique sur l' onglet « Affichage » et ...
coche ---> Afficher les fichiers et dossiers cachés
décoche > Masquer les extensions des fichiers dont le type est connu
décoche > Masquer les fichiers protégés du système d' exploitation (recommandé).
« Appliquer » et « OK ».
Ouvre le Bloc-Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Copie ce texte ( en gras )d'une traite ( CTRL+C pour copier ) puis colle-le ( CTRL+V dans le bloc-note )
File::
C:\WINDOWS\bootload.exe
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EXENAMEbootloadEXENAMEMASTERNbusterbraMASTERNLANSPREADnLANSPREADSTNICKdabotlastdaSTNICKHGTZHSQLSPREADjaSQLSPREADFTPADDYdonat.banki.huFTPADDYFTPUSRaatFTPUSRFTPPWaat123FTPPWFTPDATbild03.exeFTPDATSPREADNET81SPREADNETHGTZHPTOPneinPTOPINIMIRCjaINIMIRCINIMIRCMSGlol check it outINIMIRCMSGINIMIRCEXEircbotINIMIRCEXE"=-
Sauvegarde ce fichier sur ton bureau sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt
S'il n'y a pas de rédémarrage, poste quand même le rapport.
A+
C'est pas grave j'espère ?
********************************
1) Affiche les fichiers et dossiers cachés …
Pour ce faire, tu vas dans un dossier, par ex. "Mes Images".
Ensuite, clique sur > Outils > Options des dossiers ...
clique sur l' onglet « Affichage » et ...
coche ---> Afficher les fichiers et dossiers cachés
décoche > Masquer les extensions des fichiers dont le type est connu
décoche > Masquer les fichiers protégés du système d' exploitation (recommandé).
« Appliquer » et « OK ».
Ouvre le Bloc-Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Copie ce texte ( en gras )d'une traite ( CTRL+C pour copier ) puis colle-le ( CTRL+V dans le bloc-note )
File::
C:\WINDOWS\bootload.exe
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EXENAMEbootloadEXENAMEMASTERNbusterbraMASTERNLANSPREADnLANSPREADSTNICKdabotlastdaSTNICKHGTZHSQLSPREADjaSQLSPREADFTPADDYdonat.banki.huFTPADDYFTPUSRaatFTPUSRFTPPWaat123FTPPWFTPDATbild03.exeFTPDATSPREADNET81SPREADNETHGTZHPTOPneinPTOPINIMIRCjaINIMIRCINIMIRCMSGlol check it outINIMIRCMSGINIMIRCEXEircbotINIMIRCEXE"=-
Sauvegarde ce fichier sur ton bureau sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt
S'il n'y a pas de rédémarrage, poste quand même le rapport.
A+
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
re,
accident de voiture, problèmes au niveau de la rate donc lui et sa copine sont immobilisés pour plusieurs semaines.
voilà le nouveau rapport de combo:
ComboFix 08-04-08.10 - ALIXIA 2008-04-11 12:59:28.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.218 [GMT 2:00]
Endroit: C:\Documents and Settings\ALIXIA\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\ALIXIA\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
FILE ::
C:\WINDOWS\bootload.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-11 to 2008-04-11 ))))))))))))))))))))))))))))))))))))
.
2008-04-10 22:43 . 2008-04-10 22:45 160,261,957 --a------ C:\Program Files\DofusInstaller_v1_22_0.exe
2008-04-09 21:02 . 2008-04-09 21:02 40 --a------ C:\SYSTEM.VER
2008-04-09 20:53 . 2008-04-09 20:53 <REP> d-------- C:\Program Files\Lame MP3 Codec
2008-04-09 20:53 . 2002-12-03 22:13 1,048,576 --a------ C:\WINDOWS\SYSTEM32\lameACM.acm
2008-04-09 20:53 . 2005-05-03 09:33 299,008 --a------ C:\WINDOWS\SYSTEM32\LAME_MP3.dll
2008-04-09 20:53 . 2004-12-10 21:29 401 --a------ C:\WINDOWS\SYSTEM32\lame_acm.xml
2008-04-09 20:52 . 2008-04-09 20:52 <REP> d-------- C:\Program Files\XviD
2008-04-09 20:52 . 2008-04-09 20:52 65,024 --a------ C:\WINDOWS\IFinst26.exe
2008-04-09 20:50 . 2008-04-09 20:50 <REP> d-------- C:\Program Files\MarkAny
2008-04-09 20:50 . 2008-04-09 20:50 <REP> d-------- C:\Documents and Settings\ALIXIA\Application Data\DataCast
2008-04-09 20:49 . 2008-04-09 20:49 <REP> d-------- C:\Documents and Settings\ALIXIA\Application Data\InstallShield
2008-04-09 15:33 . 2008-04-09 15:33 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-09 14:49 . 2008-04-09 14:49 <REP> d-------- C:\Program Files\Trend Micro
2008-04-09 14:40 . 2008-04-09 14:40 812,344 --a------ C:\Program Files\HJT.exe.exe
2008-04-08 22:45 . 2008-04-09 14:32 <REP> d-------- C:\MSNFix
2008-04-08 22:07 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswSP.sys
2008-04-08 22:07 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswFsBlk.sys
2008-04-07 23:03 . 2008-04-07 23:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-04-07 19:59 . 2008-04-07 19:59 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-04-06 23:55 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\SYSTEM32\d3dx9_32.dll
2008-04-06 23:54 . 2008-04-06 23:54 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-04-06 23:42 . 2008-04-06 23:48 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-04-06 21:03 . 2008-04-06 21:03 <REP> d-------- C:\WINDOWS\report
2008-04-06 21:03 . 2008-04-06 21:01 36,442,281 --a------ C:\WINDOWS\LPT$VPN.201
2008-04-06 21:01 . 2008-04-06 21:01 <REP> d-------- C:\WINDOWS\AU_Backup
2008-04-06 21:01 . 2008-04-06 21:01 36,442,281 --a------ C:\WINDOWS\VPTNFILE.201
2008-04-06 21:01 . 2008-04-06 21:01 1,948,082 --a------ C:\WINDOWS\tsc.ptn
2008-04-06 21:01 . 2008-04-06 21:01 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2008-04-06 21:01 . 2008-04-06 21:01 333,576 --a------ C:\WINDOWS\TSC.exe
2008-04-06 21:01 . 2008-04-06 21:01 86,094 --a------ C:\WINDOWS\BPMNT.dll
2008-04-06 21:01 . 2008-04-06 21:01 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2008-04-06 21:01 . 2008-04-06 22:52 823 --a------ C:\WINDOWS\tsc.ini
2008-04-06 20:53 . 2008-04-06 21:01 <REP> d-------- C:\WINDOWS\AU_Temp
2008-04-06 20:53 . 2008-04-06 20:53 <REP> d-------- C:\WINDOWS\AU_Log
2008-04-06 20:53 . 2008-04-06 20:53 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2008-04-06 20:53 . 2008-04-06 20:53 286,720 --a------ C:\WINDOWS\PATCH.EXE
2008-04-06 20:53 . 2008-04-06 20:53 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2008-04-06 20:53 . 2008-04-06 20:53 170 --a------ C:\WINDOWS\GetServer.ini
2008-03-26 23:05 . 2008-03-26 23:05 <REP> d-------- C:\ConvertTemp
2008-03-22 18:16 . 2006-05-03 23:53 174,592 --a------ C:\WINDOWS\SYSTEM32\framedyn.dll
2008-03-22 18:16 . 2005-12-22 13:24 137,884 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sscdmdm.sys
2008-03-22 18:16 . 2005-12-22 13:24 80,272 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sscdbus.sys
2008-03-22 18:16 . 2005-12-22 13:24 11,877 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sscdcmnt.sys
2008-03-22 18:16 . 2005-12-22 13:24 11,877 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sscdcm.sys
2008-03-22 18:16 . 2005-12-22 13:24 11,188 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sscdwhnt.sys
2008-03-22 18:16 . 2005-12-22 13:24 11,188 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sscdwh.sys
2008-03-22 18:16 . 2005-12-22 13:24 10,864 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sscdmdfl.sys
2008-03-22 18:14 . 2008-03-22 18:16 <REP> d-------- C:\WINDOWS\SYSTEM32\Samsung_USB_Drivers
2008-03-22 18:14 . 2006-07-24 17:05 5,632 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\StarOpen.sys
2008-03-22 18:14 . 2005-08-28 21:51 766 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico
2008-03-22 18:13 . 2008-04-09 20:50 <REP> d-------- C:\Program Files\Samsung
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-10 21:05 --------- d-----w C:\Program Files\Steam
2008-04-10 20:51 --------- d-----w C:\Program Files\Dofus
2008-04-09 18:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-09 11:15 --------- d-----w C:\Program Files\avast
2008-04-07 23:34 --------- d-----w C:\Program Files\Windows Live
2008-04-06 21:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-06 21:01 --------- d-----w C:\Program Files\Java
2008-04-06 17:51 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-06 12:48 --------- d-----w C:\Program Files\eMule
2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\SYSTEM32\aswBoot.exe
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\SYSTEM32\AVASTSS.scr
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
2008-03-01 16:28 3,591,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-02-29 08:57 625,664 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2008-02-29 08:56 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\SYSTEM32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\SYSTEM32\dnsrslvr.dll
2008-02-20 05:35 45,568 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsrslvr.dll
2008-02-20 05:35 148,992 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2008-02-01 09:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-29 10:11 57,370,809 ----a-w C:\Program Files\DofusPatch_v1_20_0_to_v1_21_0.exe
2007-07-21 22:35 110,627,691 ----a-w C:\Program Files\acidpro60d-trial_enu.exe
2007-03-12 20:53 725,262 ----a-w C:\Program Files\SteamInstall.exe
2007-03-11 12:12 1,677,642 ----a-w C:\Program Files\box.mpg sg.mpg
2007-03-10 21:32 5,862,994 ----a-w C:\Program Files\ts2_client_rc2_2032.exe
2007-01-14 17:53 4,909,088 ----a-w C:\Program Files\picasa2Setup.exe
2005-10-08 06:39 37 ----a-w C:\Documents and Settings\JEAN-LUC\getfile.dat
2005-10-07 20:39 37 ----a-w C:\Documents and Settings\MAXENCE\getfile.dat
2005-10-06 21:01 37 -c--a-w C:\Documents and Settings\ALIXIA\getfile.dat
2005-10-04 06:33 37 ----a-w C:\Documents and Settings\EMMANUELLE\getfile.dat
2005-09-07 13:05 37 ----a-w C:\Documents and Settings\BERANGER\getfile.dat
2004-03-02 13:23 1,955,904 ----a-w C:\Program Files\PPVIEWER.EXE
.
------- Sigcheck -------
2002-08-30 09:00 12800 333a4db8410d8e24db06d6aebecdc7c2 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2004-08-20 01:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2004-08-20 01:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\SYSTEM32\svchost.exe
2002-08-30 09:00 75264 20c6d9f9522dda0f9a8e4b8641ca9245 C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
2004-08-20 01:09 82944 eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2004-08-20 01:09 82944 eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\SYSTEM32\ws2_32.dll
2004-08-20 01:09 82944 eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\SYSTEM32\DLLCACHE\ws2_32.dll
2004-06-17 02:08 487424 f5d97f77ac97b244ff33280154186065 C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2002-08-30 09:00 520704 71820bc9ee6653c8748922459dfc384d C:\WINDOWS\$NtUninstallKB841533$\winlogon.exe
2004-08-20 01:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-08-20 01:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\SYSTEM32\winlogon.exe
2004-08-20 01:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\SYSTEM32\DLLCACHE\winlogon.exe
2003-03-06 12:30 162432 09b38768036508b51564201afb000950 C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
2004-08-04 08:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2004-08-04 08:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\SYSTEM32\DRIVERS\ndis.sys
2004-08-04 08:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2004-08-04 08:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\SYSTEM32\DRIVERS\ip6fw.sys
.
((((((((((((((((((((((((((((( snapshot@2008-04-09_18.44.40,42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-20 07:56:50 1,846,016 ----a-w C:\WINDOWS\$hf_mig$\KB941693\SP2QFE\win32k.sys
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\updspapi.dll
+ 2008-02-20 05:20:23 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsapi.dll
+ 2008-02-20 18:50:24 45,568 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\updspapi.dll
+ 2008-02-20 06:52:42 282,624 ----a-w C:\WINDOWS\$hf_mig$\KB948590\SP2QFE\gdi32.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\updspapi.dll
+ 2007-12-07 02:08:32 124,928 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll
+ 2007-12-19 22:53:23 347,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll
+ 2007-12-07 02:08:32 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll
+ 2007-12-07 02:08:32 133,120 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll
+ 2007-12-07 02:08:32 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll
+ 2007-12-06 11:02:31 70,656 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe
+ 2007-12-07 02:08:32 153,088 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll
+ 2007-12-07 02:08:32 230,400 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll
+ 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll
+ 2007-12-07 02:08:32 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll
+ 2007-12-07 02:08:32 384,512 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll
+ 2007-12-07 02:08:33 6,066,176 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll
+ 2007-12-07 02:08:33 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll
+ 2007-12-07 02:08:33 267,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll
+ 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe
+ 2007-12-06 11:03:16 625,664 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
+ 2007-12-07 02:08:33 27,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll
+ 2007-12-07 02:08:33 459,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll
+ 2007-12-07 02:08:33 52,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll
+ 2007-12-08 05:08:36 3,592,192 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll
+ 2007-12-07 02:08:34 478,208 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll
+ 2007-12-07 02:08:34 193,024 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll
+ 2007-12-07 02:08:34 671,232 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll
+ 2007-12-07 02:08:34 102,912 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll
+ 2008-01-11 05:36:55 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll
+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll
+ 2007-12-07 02:08:34 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll
+ 2007-12-07 02:08:34 1,159,680 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll
+ 2007-12-07 02:08:34 233,472 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll
+ 2007-12-07 02:08:34 824,832 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
- 2008-03-21 02:03:56 593,920 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-04-09 22:19:12 593,920 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-03-21 02:03:56 12,288 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-04-09 22:19:12 12,288 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-03-21 02:03:56 86,016 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-04-09 22:19:12 86,016 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-03-21 02:03:56 135,168 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-04-09 22:19:12 135,168 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-03-21 02:03:56 11,264 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-04-09 22:19:12 11,264 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-03-21 02:03:57 27,136 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-04-09 22:19:13 27,136 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-03-21 02:03:57 4,096 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-04-09 22:19:13 4,096 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-03-21 02:03:57 794,624 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-04-09 22:19:13 794,624 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-03-21 02:03:56 249,856 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-04-09 22:19:12 249,856 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-03-21 02:03:56 61,440 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-04-09 22:19:12 61,440 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-03-21 02:03:57 23,040 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-04-09 22:19:13 23,040 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-03-21 02:03:56 286,720 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-04-09 22:19:12 286,720 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-03-21 02:03:56 409,600 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-04-09 22:19:12 409,600 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2007-12-07 02:08:32 124,928 ----a-w C:\WINDOWS\SYSTEM32\advpack.dll
+ 2008-03-01 12:58:06 124,928 ----a-w C:\WINDOWS\SYSTEM32\advpack.dll
- 2007-12-07 02:08:32 124,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
+ 2008-03-01 12:58:06 124,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
- 2007-12-19 22:53:23 347,136 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
+ 2008-03-01 12:58:06 347,136 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
- 2007-12-07 02:08:32 214,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
+ 2008-03-01 12:58:06 214,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
- 2007-12-07 02:08:32 133,120 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
+ 2008-03-01 12:58:06 133,120 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
- 2007-12-07 02:08:32 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
+ 2008-03-01 12:58:06 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
- 2007-12-07 02:08:32 153,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
+ 2008-03-01 12:58:06 153,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
- 2007-12-07 02:08:32 230,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
+ 2008-03-01 12:58:06 230,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
- 2007-12-07 02:08:32 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
+ 2008-03-01 12:58:07 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
- 2007-12-07 02:08:32 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
+ 2008-03-01 12:58:07 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
- 2007-12-07 02:08:33 6,066,176 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
+ 2008-03-01 12:58:08 6,066,176 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
- 2007-12-07 02:08:33 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
+ 2008-03-01 12:58:08 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
- 2007-12-07 02:08:33 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
+ 2008-03-01 12:58:08 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
- 2007-12-07 02:08:33 27,648 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
+ 2008-03-01 12:58:08 27,648 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
- 2007-12-07 02:08:33 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
+ 2008-03-01 12:58:08 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
- 2007-12-07 02:08:33 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
+ 2008-03-01 12:58:08 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
- 2007-12-07 02:08:34 478,208 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
+ 2008-03-01 12:58:09 478,208 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
- 2007-12-07 02:08:34 193,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
+ 2008-03-01 12:58:10 193,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
- 2007-12-07 02:08:34 671,232 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
+ 2008-03-01 12:58:10 671,232 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
- 2007-12-07 02:08:34 102,912 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
+ 2008-03-01 12:58:10 102,912 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
- 2008-01-11 05:36:55 44,544 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
+ 2008-03-01 12:58:10 44,544 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
- 2007-12-07 02:08:34 105,984 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
+ 2008-03-01 12:58:10 105,984 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
- 2007-12-07 02:08:34 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
+ 2008-03-01 12:58:10 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
- 2007-12-07 02:08:34 233,472 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
+ 2008-03-01 12:58:11 233,472 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
- 2007-12-07 02:08:34 824,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
+ 2008-03-01 12:58:11 826,368 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
- 2006-06-26 17:41:32 148,480 ----a-w C:\WINDOWS\SYSTEM32\dnsapi.dll
+ 2008-02-20 05:35:05 148,992 ----a-w C:\WINDOWS\SYSTEM32\dnsapi.dll
- 2007-12-19 22:53:23 347,136 ----a-w C:\WINDOWS\SYSTEM32\dxtmsft.dll
+ 2008-03-01 12:58:06 347,136 ----a-w C:\WINDOWS\SYSTEM32\dxtmsft.dll
- 2007-12-07 02:08:32 214,528 ----a-w C:\WINDOWS\SYSTEM32\dxtrans.dll
+ 2008-03-01 12:58:06 214,528 ----a-w C:\WINDOWS\SYSTEM32\dxtrans.dll
- 2007-12-07 02:08:32 133,120 ----a-w C:\WINDOWS\SYSTEM32\extmgr.dll
+ 2008-03-01 12:58:06 133,120 ----a-w C:\WINDOWS\SYSTEM32\extmgr.dll
- 2007-09-03 17:16:50 224,816 ----a-w C:\WINDOWS\SYSTEM32\FNTCACHE.DAT
+ 2008-04-10 07:13:05 224,816 ----a-w C:\WINDOWS\SYSTEM32\FNTCACHE.DAT
- 2007-12-07 02:08:32 63,488 ----a-w C:\WINDOWS\SYSTEM32\icardie.dll
+ 2008-03-01 12:58:06 63,488 ----a-w C:\WINDOWS\SYSTEM32\icardie.dll
- 2007-12-06 11:02:31 70,656 ----a-w C:\WINDOWS\SYSTEM32\ie4uinit.exe
+ 2008-02-29 08:56:41 70,656 ----a-w C:\WINDOWS\SYSTEM32\ie4uinit.exe
- 2007-12-07 02:08:32 153,088 ----a-w C:\WINDOWS\SYSTEM32\ieakeng.dll
+ 2008-03-01 12:58:06 153,088 ----a-w C:\WINDOWS\SYSTEM32\ieakeng.dll
- 2007-12-07 02:08:32 230,400 ----a-w C:\WINDOWS\SYSTEM32\ieaksie.dll
+ 2008-03-01 12:58:06 230,400 ----a-w C:\WINDOWS\SYSTEM32\ieaksie.dll
- 2007-12-06 04:59:51 161,792 ----a-w C:\WINDOWS\SYSTEM32\ieakui.dll
+ 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\SYSTEM32\ieakui.dll
- 2007-12-07 02:08:32 383,488 ----a-w C:\WINDOWS\SYSTEM32\ieapfltr.dll
+ 2008-03-01 12:58:07 383,488 ----a-w C:\WINDOWS\SYSTEM32\ieapfltr.dll
- 2007-12-07 02:08:32 384,512 ----a-w C:\WINDOWS\SYSTEM32\iedkcs32.dll
+ 2008-03-01 12:58:07 384,512 ----a-w C:\WINDOWS\SYSTEM32\iedkcs32.dll
- 2007-12-07 02:08:33 6,066,176 ----a-w C:\WINDOWS\SYSTEM32\ieframe.dll
+ 2008-03-01 12:58:08 6,066,176 ----a-w C:\WINDOWS\SYSTEM32\ieframe.dll
- 2007-12-07 02:08:33 44,544 ----a-w C:\WINDOWS\SYSTEM32\iernonce.dll
+ 2008-03-01 12:58:08 44,544 ----a-w C:\WINDOWS\SYSTEM32\iernonce.dll
- 2007-12-07 02:08:33 267,776 ----a-w C:\WINDOWS\SYSTEM32\iertutil.dll
+ 2008-03-01 12:58:08 267,776 ----a-w C:\WINDOWS\SYSTEM32\iertutil.dll
- 2007-12-06 11:00:58 13,824 ----a-w C:\WINDOWS\SYSTEM32\ieudinit.exe
+ 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\SYSTEM32\ieudinit.exe
- 2007-12-07 02:08:33 27,648 ----a-w C:\WINDOWS\SYSTEM32\jsproxy.dll
+ 2008-03-01 12:58:08 27,648 ----a-w C:\WINDOWS\SYSTEM32\jsproxy.dll
+ 2005-01-28 16:11:24 45,056 ----a-w C:\WINDOWS\SYSTEM32\MACXMLProto.dll
+ 2004-10-11 21:20:50 118,784 ----a-w C:\WINDOWS\SYSTEM32\MaDRM.dll
+ 2004-03-22 16:14:24 49,152 ----a-w C:\WINDOWS\SYSTEM32\MaJGUILib.dll
+ 2004-05-30 19:13:20 106,609 ----a-w C:\WINDOWS\SYSTEM32\MaJUtilLib.dll
+ 2004-05-31 10:50:04 40,960 ----a-w C:\WINDOWS\SYSTEM32\MAMACExtract.dll
+ 2006-03-25 09:59:12 24,576 ----a-w C:\WINDOWS\SYSTEM32\MASetupCleaner.exe
+ 2006-02-23 17:14:54 364,544 ----a-w C:\WINDOWS\SYSTEM32\MASetupWizard.dll
+ 2004-06-02 20:19:18 45,056 ----a-w C:\WINDOWS\SYSTEM32\MaXMLProto.dll
+ 2004-11-24 08:31:20 57,344 ----a-w C:\WINDOWS\SYSTEM32\MK_Lyric.dll
- 2008-03-05 16:30:54 19,148,408 ----a-w C:\WINDOWS\SYSTEM32\MRT.exe
+ 2008-04-06 05:56:20 19,836,024 ----a-w C:\WINDOWS\SYSTEM32\MRT.exe
+ 2006-01-17 09:29:34 245,760 ----a-w C:\WINDOWS\SYSTEM32\MSCLib.dll
- 2007-12-07 02:08:33 459,264 ----a-w C:\WINDOWS\SYSTEM32\msfeeds.dll
+ 2008-03-01 12:58:08 459,264 ----a-w C:\WINDOWS\SYSTEM32\msfeeds.dll
- 2007-12-07 02:08:33 52,224 ----a-w C:\WINDOWS\SYSTEM32\msfeedsbs.dll
+ 2008-03-01 12:58:08 52,224 ----a-w C:\WINDOWS\SYSTEM32\msfeedsbs.dll
+ 2006-01-17 09:29:34 155,648 ----a-w C:\WINDOWS\SYSTEM32\MSFLib.dll
- 2007-12-08 05:08:36 3,592,192 ----a-w C:\WINDOWS\SYSTEM32\mshtml.dll
+ 2008-03-01 16:28:10 3,591,680 ----a-w C:\WINDOWS\SYSTEM32\mshtml.dll
- 2007-12-07 02:08:34 478,208 ----a-w C:\WINDOWS\SYSTEM32\mshtmled.dll
+ 2008-03-01 12:58:09 478,208 ----a-w C:\WINDOWS\SYSTEM32\mshtmled.dll
- 2007-12-07 02:08:34 193,024 ----a-w C:\WINDOWS\SYSTEM32\msrating.dll
+ 2008-03-01 12:58:10 193,024 ----a-w C:\WINDOWS\SYSTEM32\msrating.dll
- 2007-12-07 02:08:34 671,232 ----a-w C:\WINDOWS\SYSTEM32\mstime.dll
+ 2008-03-01 12:58:10 671,232 ----a-w C:\WINDOWS\SYSTEM32\mstime.dll
+ 2003-04-18 14:29:26 44,544 ----a-w C:\WINDOWS\SYSTEM32\msxml4a.dll
+ 2004-09-30 15:31:10 40,960 ----a-w C:\WINDOWS\SYSTEM32\MTTELECHIP.dll
+ 2004-08-20 12:41:00 57,344 ----a-w C:\WINDOWS\SYSTEM32\MTXSYNCICON.dll
+ 2006-04-11 10:26:28 135,168 ----a-w C:\WINDOWS\SYSTEM32\muzaf1.dll
+ 2006-06-08 17:53:06 471,040 ----a-w C:\WINDOWS\SYSTEM32\muzapp.dll
+ 2007-03-15 15:23:24 167,936 ----a-w C:\WINDOWS\SYSTEM32\muzapp.exe
+ 2006-02-11 11:14:24 200,704 ----a-w C:\WINDOWS\SYSTEM32\muzwmts.dll
- 2007-12-07 02:08:34 102,912 ----a-w C:\WINDOWS\SYSTEM32\occache.dll
+ 2008-03-01 12:58:10 102,912 ----a-w C:\WINDOWS\SYSTEM32\occache.dll
+ 2002-10-05 06:04:18 45,056 ----a-w C:\WINDOWS\SYSTEM32\Ogg.dll
+ 2002-10-07 01:42:58 237,568 ----a-w C:\WINDOWS\SYSTEM32\OggDS.dll
- 2008-01-11 05:36:55 44,544 ----a-w C:\WINDOWS\SYSTEM32\pngfilt.dll
+ 2008-03-01 12:58:10 44,544 ----a-w C:\WINDOWS\SYSTEM32\pngfilt.dll
+ 2006-01-20 08:11:16 110,592 ----a-w C:\WINDOWS\SYSTEM32\tg_dump.dll
- 2005-03-01 09:27:04 245,408 ----a-w C:\WINDOWS\SYSTEM32\unicows.dll
+ 2007-03-29 09:04:24 258,352 ----a-w C:\WINDOWS\SYSTEM32\unicows.dll
- 2007-12-07 02:08:34 105,984 ----a-w C:\WINDOWS\SYSTEM32\url.dll
+ 2008-03-01 12:58:10 105,984 ----a-w C:\WINDOWS\SYSTEM32\url.dll
- 2007-12-07 02:08:34 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\urlmon.dll
+ 2008-03-01 12:58:10 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\urlmon.dll
+ 2002-10-05 06:04:26 188,416 ----a-w C:\WINDOWS\SYSTEM32\vorbis.dll
+ 2002-10-05 06:04:26 921,600 ----a-w C:\WINDOWS\SYSTEM32\vorbisenc.dll
- 2007-12-07 02:08:34 233,472 ----a-w C:\WINDOWS\SYSTEM32\webcheck.dll
+ 2008-03-01 12:58:11 233,472 ----a-w C:\WINDOWS\SYSTEM32\webcheck.dll
- 2007-12-07 02:08:34 824,832 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
+ 2008-03-01 12:58:11 826,368 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
- 2006-11-01 13:52:38 765,952 ----a-w C:\WINDOWS\SYSTEM32\xvidcore.dll
+ 2004-12-20 09:03:26 679,936 ----a-w C:\WINDOWS\SYSTEM32\xvidcore.dll
- 2006-11-01 13:54:30 180,224 ----a-w C:\WINDOWS\SYSTEM32\xvidvfw.dll
+ 2004-12-20 09:08:28 155,648 ----a-w C:\WINDOWS\SYSTEM32\xvidvfw.dll
+ 2008-04-11 09:52:55 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_530.dat
+ 2008-04-11 09:52:57 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6fc.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]
"Steam"="" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-30 10:06 4800512]
"AdslTaskBar"="stmctrl.dll" [2003-09-19 13:24 151552 C:\WINDOWS\SYSTEM32\stmctrl.dll]
"EXENAMEbootloadEXENAMEMASTERNbusterbraMASTERNLANSPREADnLANSPREADSTNICKdabotlastdaSTNICKHGTZHSQLSPREADjaSQLSPREADFTPADDYdonat.banki.huFTPADDYFTPUSRaatFTPUSRFTPPWaat123FTPPWFTPDATbild03.exeFTPDATSPREADNET81SPREADNETHGTZHPTOPneinPTOPINIMIRCjaINIMIRCINIMIRCMSGlol check it outINIMIRCMSGINIMIRCEXEircbotINIMIRCEXE"="C:\WINDOWS\bootload.exe" [ ]
"avast!"="C:\PROGRA~1\avast\ashDisp.exe" [2008-03-29 19:37 79224]
"WireLessMouse "="C:\Program Files\Multimedia Combo Set\MouseDrv.exe" [2004-06-27 14:54 503808]
"WireLessKeyboard "="C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe" [2004-07-01 09:40 233472]
"CreativeMouse "="C:\Program Files\Mouse Driver\MouseDrv.exe" [2004-06-27 15:38 503808]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-15 00:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 14:11 267048]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-01-16 14:38 185896]
"Nvidia"="C:\Documents and Settings\ALIXIA\wkuwku.exe" [ ]
"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-23 16:32 126976]
"MAAgent"="C:\Program Files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 20:36 57344]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
C:\Documents and Settings\EMMANUELLE\Menu D‚marrer\Programmes\D‚marrage\
Gestionnaire de services SQL Server.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2001-11-19 15:25:18 74308]
msde2000.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\scm.exe [2001-11-19 15:25:16 90680]
C:\Documents and Settings\ALIXIA\Menu D‚marrer\Programmes\D‚marrage\
TribalWeb.lnk - C:\Program Files\TribalWeb\tribalweb.exe [2007-04-13 13:17:53 1060864]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 16:51 192512]
[HKLM\~\startupfolder\C:^Documents and Settings^ALIXIA^Menu Démarrer^Programmes^Démarrage^QuickShelf.lnk]
path=C:\Documents and Settings\ALIXIA\Menu Démarrer\Programmes\Démarrage\QuickShelf.lnk
backup=C:\WINDOWS\pss\QuickShelf.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A920]
--a------ 2003-06-02 20:30 270336 C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
C:\Program Files\MessengerPlus! 3\MsgPlus1.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2003-08-26 21:47 204800 C:\Program Files\Dell\Media Experience\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-11-15 00:43 286720 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
--a------ 2003-02-13 03:01 155648 C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vip]
c:\windows\java\vv.bat
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\java\\tftpsrv.exe"=
"C:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\WINDOWS\\SYSTEM32\\rundll32.exe"=
"C:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Steam\\SteamApps\\remedyz17\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\TribalWeb\\tribalweb.exe"=
"C:\\Program Files\\Steam\\steam.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\SYSTEM32\\muzapp.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3854:UDP"= 3854:UDP:Windows Media Format SDK (iexplore.exe)
"3855:UDP"= 3855:UDP:Windows Media Format SDK (iexplore.exe)
"3863:UDP"= 3863:UDP:Windows Media Format SDK (iexplore.exe)
"4855:UDP"= 4855:UDP:Windows Media Format SDK (iexplore.exe)
"4854:UDP"= 4854:UDP:Windows Media Format SDK (iexplore.exe)
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 sdcplh;sdcplh;C:\WINDOWS\system32\drivers\sdcplh.sys [2005-10-18 17:06]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2003-09-19 13:24]
R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2003-09-19 13:24]
S2 CoachCap;FUJIFILM EX-10/EX-20 PC V1.00;C:\WINDOWS\system32\drivers\CoachCap.sys [2002-03-03 13:26]
S2 TFTPService;TFTP Server;c:\windows\java\tftp4nt.exe [2004-06-19 17:39]
S3 9e5b334d-0584-424e-b3ce-b35e1ceba919;9e5b334d-0584-424e-b3ce-b35e1ceba919;D:\Player\cds300.dll []
S3 C-Dilla;C-Dilla;C:\WINDOWS\system32\drivers\CDANT.SYS [2001-09-10 19:09]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-05 12:05:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2003-12-14 20:15:11 C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job"
- C:\WINDOWS\System32\OOBE\OOBEBALN.EXE
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-11 13:05:40
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-04-11 13:09:55
ComboFix-quarantined-files.txt 2008-04-11 11:09:49
ComboFix2.txt 2008-04-09 18:18:53
ComboFix3.txt 2008-04-09 17:44:44
ComboFix4.txt 2008-04-09 16:44:58
Pre-Run: 8,908,443,648 octets libres
Post-Run: 8,894,652,416 octets libres
.
2008-04-09 22:20:08 --- E O F ---
accident de voiture, problèmes au niveau de la rate donc lui et sa copine sont immobilisés pour plusieurs semaines.
voilà le nouveau rapport de combo:
ComboFix 08-04-08.10 - ALIXIA 2008-04-11 12:59:28.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.218 [GMT 2:00]
Endroit: C:\Documents and Settings\ALIXIA\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\ALIXIA\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
FILE ::
C:\WINDOWS\bootload.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-11 to 2008-04-11 ))))))))))))))))))))))))))))))))))))
.
2008-04-10 22:43 . 2008-04-10 22:45 160,261,957 --a------ C:\Program Files\DofusInstaller_v1_22_0.exe
2008-04-09 21:02 . 2008-04-09 21:02 40 --a------ C:\SYSTEM.VER
2008-04-09 20:53 . 2008-04-09 20:53 <REP> d-------- C:\Program Files\Lame MP3 Codec
2008-04-09 20:53 . 2002-12-03 22:13 1,048,576 --a------ C:\WINDOWS\SYSTEM32\lameACM.acm
2008-04-09 20:53 . 2005-05-03 09:33 299,008 --a------ C:\WINDOWS\SYSTEM32\LAME_MP3.dll
2008-04-09 20:53 . 2004-12-10 21:29 401 --a------ C:\WINDOWS\SYSTEM32\lame_acm.xml
2008-04-09 20:52 . 2008-04-09 20:52 <REP> d-------- C:\Program Files\XviD
2008-04-09 20:52 . 2008-04-09 20:52 65,024 --a------ C:\WINDOWS\IFinst26.exe
2008-04-09 20:50 . 2008-04-09 20:50 <REP> d-------- C:\Program Files\MarkAny
2008-04-09 20:50 . 2008-04-09 20:50 <REP> d-------- C:\Documents and Settings\ALIXIA\Application Data\DataCast
2008-04-09 20:49 . 2008-04-09 20:49 <REP> d-------- C:\Documents and Settings\ALIXIA\Application Data\InstallShield
2008-04-09 15:33 . 2008-04-09 15:33 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-09 14:49 . 2008-04-09 14:49 <REP> d-------- C:\Program Files\Trend Micro
2008-04-09 14:40 . 2008-04-09 14:40 812,344 --a------ C:\Program Files\HJT.exe.exe
2008-04-08 22:45 . 2008-04-09 14:32 <REP> d-------- C:\MSNFix
2008-04-08 22:07 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswSP.sys
2008-04-08 22:07 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswFsBlk.sys
2008-04-07 23:03 . 2008-04-07 23:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-04-07 19:59 . 2008-04-07 19:59 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-04-06 23:55 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\SYSTEM32\d3dx9_32.dll
2008-04-06 23:54 . 2008-04-06 23:54 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-04-06 23:42 . 2008-04-06 23:48 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-04-06 21:03 . 2008-04-06 21:03 <REP> d-------- C:\WINDOWS\report
2008-04-06 21:03 . 2008-04-06 21:01 36,442,281 --a------ C:\WINDOWS\LPT$VPN.201
2008-04-06 21:01 . 2008-04-06 21:01 <REP> d-------- C:\WINDOWS\AU_Backup
2008-04-06 21:01 . 2008-04-06 21:01 36,442,281 --a------ C:\WINDOWS\VPTNFILE.201
2008-04-06 21:01 . 2008-04-06 21:01 1,948,082 --a------ C:\WINDOWS\tsc.ptn
2008-04-06 21:01 . 2008-04-06 21:01 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2008-04-06 21:01 . 2008-04-06 21:01 333,576 --a------ C:\WINDOWS\TSC.exe
2008-04-06 21:01 . 2008-04-06 21:01 86,094 --a------ C:\WINDOWS\BPMNT.dll
2008-04-06 21:01 . 2008-04-06 21:01 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2008-04-06 21:01 . 2008-04-06 22:52 823 --a------ C:\WINDOWS\tsc.ini
2008-04-06 20:53 . 2008-04-06 21:01 <REP> d-------- C:\WINDOWS\AU_Temp
2008-04-06 20:53 . 2008-04-06 20:53 <REP> d-------- C:\WINDOWS\AU_Log
2008-04-06 20:53 . 2008-04-06 20:53 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2008-04-06 20:53 . 2008-04-06 20:53 286,720 --a------ C:\WINDOWS\PATCH.EXE
2008-04-06 20:53 . 2008-04-06 20:53 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2008-04-06 20:53 . 2008-04-06 20:53 170 --a------ C:\WINDOWS\GetServer.ini
2008-03-26 23:05 . 2008-03-26 23:05 <REP> d-------- C:\ConvertTemp
2008-03-22 18:16 . 2006-05-03 23:53 174,592 --a------ C:\WINDOWS\SYSTEM32\framedyn.dll
2008-03-22 18:16 . 2005-12-22 13:24 137,884 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sscdmdm.sys
2008-03-22 18:16 . 2005-12-22 13:24 80,272 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sscdbus.sys
2008-03-22 18:16 . 2005-12-22 13:24 11,877 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sscdcmnt.sys
2008-03-22 18:16 . 2005-12-22 13:24 11,877 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sscdcm.sys
2008-03-22 18:16 . 2005-12-22 13:24 11,188 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sscdwhnt.sys
2008-03-22 18:16 . 2005-12-22 13:24 11,188 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sscdwh.sys
2008-03-22 18:16 . 2005-12-22 13:24 10,864 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sscdmdfl.sys
2008-03-22 18:14 . 2008-03-22 18:16 <REP> d-------- C:\WINDOWS\SYSTEM32\Samsung_USB_Drivers
2008-03-22 18:14 . 2006-07-24 17:05 5,632 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\StarOpen.sys
2008-03-22 18:14 . 2005-08-28 21:51 766 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico
2008-03-22 18:13 . 2008-04-09 20:50 <REP> d-------- C:\Program Files\Samsung
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-10 21:05 --------- d-----w C:\Program Files\Steam
2008-04-10 20:51 --------- d-----w C:\Program Files\Dofus
2008-04-09 18:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-09 11:15 --------- d-----w C:\Program Files\avast
2008-04-07 23:34 --------- d-----w C:\Program Files\Windows Live
2008-04-06 21:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-06 21:01 --------- d-----w C:\Program Files\Java
2008-04-06 17:51 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-06 12:48 --------- d-----w C:\Program Files\eMule
2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\SYSTEM32\aswBoot.exe
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\SYSTEM32\AVASTSS.scr
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
2008-03-01 16:28 3,591,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-02-29 08:57 625,664 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2008-02-29 08:56 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\SYSTEM32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\SYSTEM32\dnsrslvr.dll
2008-02-20 05:35 45,568 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsrslvr.dll
2008-02-20 05:35 148,992 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2008-02-01 09:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-29 10:11 57,370,809 ----a-w C:\Program Files\DofusPatch_v1_20_0_to_v1_21_0.exe
2007-07-21 22:35 110,627,691 ----a-w C:\Program Files\acidpro60d-trial_enu.exe
2007-03-12 20:53 725,262 ----a-w C:\Program Files\SteamInstall.exe
2007-03-11 12:12 1,677,642 ----a-w C:\Program Files\box.mpg sg.mpg
2007-03-10 21:32 5,862,994 ----a-w C:\Program Files\ts2_client_rc2_2032.exe
2007-01-14 17:53 4,909,088 ----a-w C:\Program Files\picasa2Setup.exe
2005-10-08 06:39 37 ----a-w C:\Documents and Settings\JEAN-LUC\getfile.dat
2005-10-07 20:39 37 ----a-w C:\Documents and Settings\MAXENCE\getfile.dat
2005-10-06 21:01 37 -c--a-w C:\Documents and Settings\ALIXIA\getfile.dat
2005-10-04 06:33 37 ----a-w C:\Documents and Settings\EMMANUELLE\getfile.dat
2005-09-07 13:05 37 ----a-w C:\Documents and Settings\BERANGER\getfile.dat
2004-03-02 13:23 1,955,904 ----a-w C:\Program Files\PPVIEWER.EXE
.
------- Sigcheck -------
2002-08-30 09:00 12800 333a4db8410d8e24db06d6aebecdc7c2 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2004-08-20 01:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2004-08-20 01:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\SYSTEM32\svchost.exe
2002-08-30 09:00 75264 20c6d9f9522dda0f9a8e4b8641ca9245 C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
2004-08-20 01:09 82944 eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2004-08-20 01:09 82944 eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\SYSTEM32\ws2_32.dll
2004-08-20 01:09 82944 eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\SYSTEM32\DLLCACHE\ws2_32.dll
2004-06-17 02:08 487424 f5d97f77ac97b244ff33280154186065 C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2002-08-30 09:00 520704 71820bc9ee6653c8748922459dfc384d C:\WINDOWS\$NtUninstallKB841533$\winlogon.exe
2004-08-20 01:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-08-20 01:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\SYSTEM32\winlogon.exe
2004-08-20 01:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\SYSTEM32\DLLCACHE\winlogon.exe
2003-03-06 12:30 162432 09b38768036508b51564201afb000950 C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
2004-08-04 08:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2004-08-04 08:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\SYSTEM32\DRIVERS\ndis.sys
2004-08-04 08:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2004-08-04 08:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\SYSTEM32\DRIVERS\ip6fw.sys
.
((((((((((((((((((((((((((((( snapshot@2008-04-09_18.44.40,42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-20 07:56:50 1,846,016 ----a-w C:\WINDOWS\$hf_mig$\KB941693\SP2QFE\win32k.sys
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\updspapi.dll
+ 2008-02-20 05:20:23 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsapi.dll
+ 2008-02-20 18:50:24 45,568 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\updspapi.dll
+ 2008-02-20 06:52:42 282,624 ----a-w C:\WINDOWS\$hf_mig$\KB948590\SP2QFE\gdi32.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\updspapi.dll
+ 2007-12-07 02:08:32 124,928 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll
+ 2007-12-19 22:53:23 347,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll
+ 2007-12-07 02:08:32 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll
+ 2007-12-07 02:08:32 133,120 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll
+ 2007-12-07 02:08:32 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll
+ 2007-12-06 11:02:31 70,656 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe
+ 2007-12-07 02:08:32 153,088 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll
+ 2007-12-07 02:08:32 230,400 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll
+ 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll
+ 2007-12-07 02:08:32 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll
+ 2007-12-07 02:08:32 384,512 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll
+ 2007-12-07 02:08:33 6,066,176 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll
+ 2007-12-07 02:08:33 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll
+ 2007-12-07 02:08:33 267,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll
+ 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe
+ 2007-12-06 11:03:16 625,664 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
+ 2007-12-07 02:08:33 27,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll
+ 2007-12-07 02:08:33 459,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll
+ 2007-12-07 02:08:33 52,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll
+ 2007-12-08 05:08:36 3,592,192 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll
+ 2007-12-07 02:08:34 478,208 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll
+ 2007-12-07 02:08:34 193,024 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll
+ 2007-12-07 02:08:34 671,232 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll
+ 2007-12-07 02:08:34 102,912 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll
+ 2008-01-11 05:36:55 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll
+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll
+ 2007-12-07 02:08:34 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll
+ 2007-12-07 02:08:34 1,159,680 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll
+ 2007-12-07 02:08:34 233,472 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll
+ 2007-12-07 02:08:34 824,832 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
- 2008-03-21 02:03:56 593,920 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-04-09 22:19:12 593,920 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-03-21 02:03:56 12,288 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-04-09 22:19:12 12,288 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-03-21 02:03:56 86,016 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-04-09 22:19:12 86,016 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-03-21 02:03:56 135,168 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-04-09 22:19:12 135,168 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-03-21 02:03:56 11,264 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-04-09 22:19:12 11,264 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-03-21 02:03:57 27,136 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-04-09 22:19:13 27,136 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-03-21 02:03:57 4,096 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-04-09 22:19:13 4,096 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-03-21 02:03:57 794,624 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-04-09 22:19:13 794,624 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-03-21 02:03:56 249,856 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-04-09 22:19:12 249,856 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-03-21 02:03:56 61,440 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-04-09 22:19:12 61,440 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-03-21 02:03:57 23,040 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-04-09 22:19:13 23,040 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-03-21 02:03:56 286,720 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-04-09 22:19:12 286,720 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-03-21 02:03:56 409,600 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-04-09 22:19:12 409,600 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2007-12-07 02:08:32 124,928 ----a-w C:\WINDOWS\SYSTEM32\advpack.dll
+ 2008-03-01 12:58:06 124,928 ----a-w C:\WINDOWS\SYSTEM32\advpack.dll
- 2007-12-07 02:08:32 124,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
+ 2008-03-01 12:58:06 124,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
- 2007-12-19 22:53:23 347,136 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
+ 2008-03-01 12:58:06 347,136 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
- 2007-12-07 02:08:32 214,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
+ 2008-03-01 12:58:06 214,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
- 2007-12-07 02:08:32 133,120 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
+ 2008-03-01 12:58:06 133,120 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
- 2007-12-07 02:08:32 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
+ 2008-03-01 12:58:06 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
- 2007-12-07 02:08:32 153,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
+ 2008-03-01 12:58:06 153,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
- 2007-12-07 02:08:32 230,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
+ 2008-03-01 12:58:06 230,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
- 2007-12-07 02:08:32 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
+ 2008-03-01 12:58:07 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
- 2007-12-07 02:08:32 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
+ 2008-03-01 12:58:07 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
- 2007-12-07 02:08:33 6,066,176 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
+ 2008-03-01 12:58:08 6,066,176 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
- 2007-12-07 02:08:33 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
+ 2008-03-01 12:58:08 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
- 2007-12-07 02:08:33 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
+ 2008-03-01 12:58:08 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
- 2007-12-07 02:08:33 27,648 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
+ 2008-03-01 12:58:08 27,648 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
- 2007-12-07 02:08:33 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
+ 2008-03-01 12:58:08 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
- 2007-12-07 02:08:33 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
+ 2008-03-01 12:58:08 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
- 2007-12-07 02:08:34 478,208 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
+ 2008-03-01 12:58:09 478,208 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
- 2007-12-07 02:08:34 193,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
+ 2008-03-01 12:58:10 193,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
- 2007-12-07 02:08:34 671,232 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
+ 2008-03-01 12:58:10 671,232 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
- 2007-12-07 02:08:34 102,912 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
+ 2008-03-01 12:58:10 102,912 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
- 2008-01-11 05:36:55 44,544 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
+ 2008-03-01 12:58:10 44,544 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
- 2007-12-07 02:08:34 105,984 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
+ 2008-03-01 12:58:10 105,984 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
- 2007-12-07 02:08:34 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
+ 2008-03-01 12:58:10 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
- 2007-12-07 02:08:34 233,472 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
+ 2008-03-01 12:58:11 233,472 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
- 2007-12-07 02:08:34 824,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
+ 2008-03-01 12:58:11 826,368 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
- 2006-06-26 17:41:32 148,480 ----a-w C:\WINDOWS\SYSTEM32\dnsapi.dll
+ 2008-02-20 05:35:05 148,992 ----a-w C:\WINDOWS\SYSTEM32\dnsapi.dll
- 2007-12-19 22:53:23 347,136 ----a-w C:\WINDOWS\SYSTEM32\dxtmsft.dll
+ 2008-03-01 12:58:06 347,136 ----a-w C:\WINDOWS\SYSTEM32\dxtmsft.dll
- 2007-12-07 02:08:32 214,528 ----a-w C:\WINDOWS\SYSTEM32\dxtrans.dll
+ 2008-03-01 12:58:06 214,528 ----a-w C:\WINDOWS\SYSTEM32\dxtrans.dll
- 2007-12-07 02:08:32 133,120 ----a-w C:\WINDOWS\SYSTEM32\extmgr.dll
+ 2008-03-01 12:58:06 133,120 ----a-w C:\WINDOWS\SYSTEM32\extmgr.dll
- 2007-09-03 17:16:50 224,816 ----a-w C:\WINDOWS\SYSTEM32\FNTCACHE.DAT
+ 2008-04-10 07:13:05 224,816 ----a-w C:\WINDOWS\SYSTEM32\FNTCACHE.DAT
- 2007-12-07 02:08:32 63,488 ----a-w C:\WINDOWS\SYSTEM32\icardie.dll
+ 2008-03-01 12:58:06 63,488 ----a-w C:\WINDOWS\SYSTEM32\icardie.dll
- 2007-12-06 11:02:31 70,656 ----a-w C:\WINDOWS\SYSTEM32\ie4uinit.exe
+ 2008-02-29 08:56:41 70,656 ----a-w C:\WINDOWS\SYSTEM32\ie4uinit.exe
- 2007-12-07 02:08:32 153,088 ----a-w C:\WINDOWS\SYSTEM32\ieakeng.dll
+ 2008-03-01 12:58:06 153,088 ----a-w C:\WINDOWS\SYSTEM32\ieakeng.dll
- 2007-12-07 02:08:32 230,400 ----a-w C:\WINDOWS\SYSTEM32\ieaksie.dll
+ 2008-03-01 12:58:06 230,400 ----a-w C:\WINDOWS\SYSTEM32\ieaksie.dll
- 2007-12-06 04:59:51 161,792 ----a-w C:\WINDOWS\SYSTEM32\ieakui.dll
+ 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\SYSTEM32\ieakui.dll
- 2007-12-07 02:08:32 383,488 ----a-w C:\WINDOWS\SYSTEM32\ieapfltr.dll
+ 2008-03-01 12:58:07 383,488 ----a-w C:\WINDOWS\SYSTEM32\ieapfltr.dll
- 2007-12-07 02:08:32 384,512 ----a-w C:\WINDOWS\SYSTEM32\iedkcs32.dll
+ 2008-03-01 12:58:07 384,512 ----a-w C:\WINDOWS\SYSTEM32\iedkcs32.dll
- 2007-12-07 02:08:33 6,066,176 ----a-w C:\WINDOWS\SYSTEM32\ieframe.dll
+ 2008-03-01 12:58:08 6,066,176 ----a-w C:\WINDOWS\SYSTEM32\ieframe.dll
- 2007-12-07 02:08:33 44,544 ----a-w C:\WINDOWS\SYSTEM32\iernonce.dll
+ 2008-03-01 12:58:08 44,544 ----a-w C:\WINDOWS\SYSTEM32\iernonce.dll
- 2007-12-07 02:08:33 267,776 ----a-w C:\WINDOWS\SYSTEM32\iertutil.dll
+ 2008-03-01 12:58:08 267,776 ----a-w C:\WINDOWS\SYSTEM32\iertutil.dll
- 2007-12-06 11:00:58 13,824 ----a-w C:\WINDOWS\SYSTEM32\ieudinit.exe
+ 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\SYSTEM32\ieudinit.exe
- 2007-12-07 02:08:33 27,648 ----a-w C:\WINDOWS\SYSTEM32\jsproxy.dll
+ 2008-03-01 12:58:08 27,648 ----a-w C:\WINDOWS\SYSTEM32\jsproxy.dll
+ 2005-01-28 16:11:24 45,056 ----a-w C:\WINDOWS\SYSTEM32\MACXMLProto.dll
+ 2004-10-11 21:20:50 118,784 ----a-w C:\WINDOWS\SYSTEM32\MaDRM.dll
+ 2004-03-22 16:14:24 49,152 ----a-w C:\WINDOWS\SYSTEM32\MaJGUILib.dll
+ 2004-05-30 19:13:20 106,609 ----a-w C:\WINDOWS\SYSTEM32\MaJUtilLib.dll
+ 2004-05-31 10:50:04 40,960 ----a-w C:\WINDOWS\SYSTEM32\MAMACExtract.dll
+ 2006-03-25 09:59:12 24,576 ----a-w C:\WINDOWS\SYSTEM32\MASetupCleaner.exe
+ 2006-02-23 17:14:54 364,544 ----a-w C:\WINDOWS\SYSTEM32\MASetupWizard.dll
+ 2004-06-02 20:19:18 45,056 ----a-w C:\WINDOWS\SYSTEM32\MaXMLProto.dll
+ 2004-11-24 08:31:20 57,344 ----a-w C:\WINDOWS\SYSTEM32\MK_Lyric.dll
- 2008-03-05 16:30:54 19,148,408 ----a-w C:\WINDOWS\SYSTEM32\MRT.exe
+ 2008-04-06 05:56:20 19,836,024 ----a-w C:\WINDOWS\SYSTEM32\MRT.exe
+ 2006-01-17 09:29:34 245,760 ----a-w C:\WINDOWS\SYSTEM32\MSCLib.dll
- 2007-12-07 02:08:33 459,264 ----a-w C:\WINDOWS\SYSTEM32\msfeeds.dll
+ 2008-03-01 12:58:08 459,264 ----a-w C:\WINDOWS\SYSTEM32\msfeeds.dll
- 2007-12-07 02:08:33 52,224 ----a-w C:\WINDOWS\SYSTEM32\msfeedsbs.dll
+ 2008-03-01 12:58:08 52,224 ----a-w C:\WINDOWS\SYSTEM32\msfeedsbs.dll
+ 2006-01-17 09:29:34 155,648 ----a-w C:\WINDOWS\SYSTEM32\MSFLib.dll
- 2007-12-08 05:08:36 3,592,192 ----a-w C:\WINDOWS\SYSTEM32\mshtml.dll
+ 2008-03-01 16:28:10 3,591,680 ----a-w C:\WINDOWS\SYSTEM32\mshtml.dll
- 2007-12-07 02:08:34 478,208 ----a-w C:\WINDOWS\SYSTEM32\mshtmled.dll
+ 2008-03-01 12:58:09 478,208 ----a-w C:\WINDOWS\SYSTEM32\mshtmled.dll
- 2007-12-07 02:08:34 193,024 ----a-w C:\WINDOWS\SYSTEM32\msrating.dll
+ 2008-03-01 12:58:10 193,024 ----a-w C:\WINDOWS\SYSTEM32\msrating.dll
- 2007-12-07 02:08:34 671,232 ----a-w C:\WINDOWS\SYSTEM32\mstime.dll
+ 2008-03-01 12:58:10 671,232 ----a-w C:\WINDOWS\SYSTEM32\mstime.dll
+ 2003-04-18 14:29:26 44,544 ----a-w C:\WINDOWS\SYSTEM32\msxml4a.dll
+ 2004-09-30 15:31:10 40,960 ----a-w C:\WINDOWS\SYSTEM32\MTTELECHIP.dll
+ 2004-08-20 12:41:00 57,344 ----a-w C:\WINDOWS\SYSTEM32\MTXSYNCICON.dll
+ 2006-04-11 10:26:28 135,168 ----a-w C:\WINDOWS\SYSTEM32\muzaf1.dll
+ 2006-06-08 17:53:06 471,040 ----a-w C:\WINDOWS\SYSTEM32\muzapp.dll
+ 2007-03-15 15:23:24 167,936 ----a-w C:\WINDOWS\SYSTEM32\muzapp.exe
+ 2006-02-11 11:14:24 200,704 ----a-w C:\WINDOWS\SYSTEM32\muzwmts.dll
- 2007-12-07 02:08:34 102,912 ----a-w C:\WINDOWS\SYSTEM32\occache.dll
+ 2008-03-01 12:58:10 102,912 ----a-w C:\WINDOWS\SYSTEM32\occache.dll
+ 2002-10-05 06:04:18 45,056 ----a-w C:\WINDOWS\SYSTEM32\Ogg.dll
+ 2002-10-07 01:42:58 237,568 ----a-w C:\WINDOWS\SYSTEM32\OggDS.dll
- 2008-01-11 05:36:55 44,544 ----a-w C:\WINDOWS\SYSTEM32\pngfilt.dll
+ 2008-03-01 12:58:10 44,544 ----a-w C:\WINDOWS\SYSTEM32\pngfilt.dll
+ 2006-01-20 08:11:16 110,592 ----a-w C:\WINDOWS\SYSTEM32\tg_dump.dll
- 2005-03-01 09:27:04 245,408 ----a-w C:\WINDOWS\SYSTEM32\unicows.dll
+ 2007-03-29 09:04:24 258,352 ----a-w C:\WINDOWS\SYSTEM32\unicows.dll
- 2007-12-07 02:08:34 105,984 ----a-w C:\WINDOWS\SYSTEM32\url.dll
+ 2008-03-01 12:58:10 105,984 ----a-w C:\WINDOWS\SYSTEM32\url.dll
- 2007-12-07 02:08:34 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\urlmon.dll
+ 2008-03-01 12:58:10 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\urlmon.dll
+ 2002-10-05 06:04:26 188,416 ----a-w C:\WINDOWS\SYSTEM32\vorbis.dll
+ 2002-10-05 06:04:26 921,600 ----a-w C:\WINDOWS\SYSTEM32\vorbisenc.dll
- 2007-12-07 02:08:34 233,472 ----a-w C:\WINDOWS\SYSTEM32\webcheck.dll
+ 2008-03-01 12:58:11 233,472 ----a-w C:\WINDOWS\SYSTEM32\webcheck.dll
- 2007-12-07 02:08:34 824,832 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
+ 2008-03-01 12:58:11 826,368 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
- 2006-11-01 13:52:38 765,952 ----a-w C:\WINDOWS\SYSTEM32\xvidcore.dll
+ 2004-12-20 09:03:26 679,936 ----a-w C:\WINDOWS\SYSTEM32\xvidcore.dll
- 2006-11-01 13:54:30 180,224 ----a-w C:\WINDOWS\SYSTEM32\xvidvfw.dll
+ 2004-12-20 09:08:28 155,648 ----a-w C:\WINDOWS\SYSTEM32\xvidvfw.dll
+ 2008-04-11 09:52:55 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_530.dat
+ 2008-04-11 09:52:57 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6fc.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]
"Steam"="" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-30 10:06 4800512]
"AdslTaskBar"="stmctrl.dll" [2003-09-19 13:24 151552 C:\WINDOWS\SYSTEM32\stmctrl.dll]
"EXENAMEbootloadEXENAMEMASTERNbusterbraMASTERNLANSPREADnLANSPREADSTNICKdabotlastdaSTNICKHGTZHSQLSPREADjaSQLSPREADFTPADDYdonat.banki.huFTPADDYFTPUSRaatFTPUSRFTPPWaat123FTPPWFTPDATbild03.exeFTPDATSPREADNET81SPREADNETHGTZHPTOPneinPTOPINIMIRCjaINIMIRCINIMIRCMSGlol check it outINIMIRCMSGINIMIRCEXEircbotINIMIRCEXE"="C:\WINDOWS\bootload.exe" [ ]
"avast!"="C:\PROGRA~1\avast\ashDisp.exe" [2008-03-29 19:37 79224]
"WireLessMouse "="C:\Program Files\Multimedia Combo Set\MouseDrv.exe" [2004-06-27 14:54 503808]
"WireLessKeyboard "="C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe" [2004-07-01 09:40 233472]
"CreativeMouse "="C:\Program Files\Mouse Driver\MouseDrv.exe" [2004-06-27 15:38 503808]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-15 00:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 14:11 267048]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-01-16 14:38 185896]
"Nvidia"="C:\Documents and Settings\ALIXIA\wkuwku.exe" [ ]
"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-23 16:32 126976]
"MAAgent"="C:\Program Files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 20:36 57344]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
C:\Documents and Settings\EMMANUELLE\Menu D‚marrer\Programmes\D‚marrage\
Gestionnaire de services SQL Server.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2001-11-19 15:25:18 74308]
msde2000.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\scm.exe [2001-11-19 15:25:16 90680]
C:\Documents and Settings\ALIXIA\Menu D‚marrer\Programmes\D‚marrage\
TribalWeb.lnk - C:\Program Files\TribalWeb\tribalweb.exe [2007-04-13 13:17:53 1060864]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 16:51 192512]
[HKLM\~\startupfolder\C:^Documents and Settings^ALIXIA^Menu Démarrer^Programmes^Démarrage^QuickShelf.lnk]
path=C:\Documents and Settings\ALIXIA\Menu Démarrer\Programmes\Démarrage\QuickShelf.lnk
backup=C:\WINDOWS\pss\QuickShelf.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A920]
--a------ 2003-06-02 20:30 270336 C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
C:\Program Files\MessengerPlus! 3\MsgPlus1.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2003-08-26 21:47 204800 C:\Program Files\Dell\Media Experience\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-11-15 00:43 286720 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
--a------ 2003-02-13 03:01 155648 C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vip]
c:\windows\java\vv.bat
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\java\\tftpsrv.exe"=
"C:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\WINDOWS\\SYSTEM32\\rundll32.exe"=
"C:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Steam\\SteamApps\\remedyz17\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\TribalWeb\\tribalweb.exe"=
"C:\\Program Files\\Steam\\steam.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\SYSTEM32\\muzapp.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3854:UDP"= 3854:UDP:Windows Media Format SDK (iexplore.exe)
"3855:UDP"= 3855:UDP:Windows Media Format SDK (iexplore.exe)
"3863:UDP"= 3863:UDP:Windows Media Format SDK (iexplore.exe)
"4855:UDP"= 4855:UDP:Windows Media Format SDK (iexplore.exe)
"4854:UDP"= 4854:UDP:Windows Media Format SDK (iexplore.exe)
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 sdcplh;sdcplh;C:\WINDOWS\system32\drivers\sdcplh.sys [2005-10-18 17:06]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2003-09-19 13:24]
R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2003-09-19 13:24]
S2 CoachCap;FUJIFILM EX-10/EX-20 PC V1.00;C:\WINDOWS\system32\drivers\CoachCap.sys [2002-03-03 13:26]
S2 TFTPService;TFTP Server;c:\windows\java\tftp4nt.exe [2004-06-19 17:39]
S3 9e5b334d-0584-424e-b3ce-b35e1ceba919;9e5b334d-0584-424e-b3ce-b35e1ceba919;D:\Player\cds300.dll []
S3 C-Dilla;C-Dilla;C:\WINDOWS\system32\drivers\CDANT.SYS [2001-09-10 19:09]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-05 12:05:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2003-12-14 20:15:11 C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job"
- C:\WINDOWS\System32\OOBE\OOBEBALN.EXE
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-11 13:05:40
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-04-11 13:09:55
ComboFix-quarantined-files.txt 2008-04-11 11:09:49
ComboFix2.txt 2008-04-09 18:18:53
ComboFix3.txt 2008-04-09 17:44:44
ComboFix4.txt 2008-04-09 16:44:58
Pre-Run: 8,908,443,648 octets libres
Post-Run: 8,894,652,416 octets libres
.
2008-04-09 22:20:08 --- E O F ---
Télécharge The Avenger par Swandog46 sur ton Bureau:
Fait un clique droit sur ' Avenger.zip ' > extraire tout ( toujours sur le bureau )
Copie tout le texte en gras ci-dessous (CTRL+C) :
Registry values to delete:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | EXENAMEbootloadEXENAMEMASTERNbusterbraMASTERNLANSPREADnLANSPREADSTNICKdabotlastdaSTNICKHGTZHSQLSPREADjaSQLSPREADFTPADDYdonat.banki.huFTPADDYFTPUSRaatFTPUSRFTPPWaat123FTPPWFTPDATbild03.exeFTPDATSPREADNET81SPREADNETHGTZHPTOPneinPTOPINIMIRCjaINIMIRCINIMIRCMSGlol check it outINIMIRCMSGINIMIRCEXEircbotINIMIRCEXE
→ Maintenant, lance The Avenger en cliquant sur son icône du bureau.
Un message en anglais va te demander de confirmer , répond ' OK '
Dans le cadre qui apparait sous 'input script there ' Colle le texte copié précédemment ( CTRL +V )
Vérifie que les cases ' Scan for rootkit ' & 'Automatically disable any rootkits found ' soient cochées.
Clique sur ' Execute '
...........The Avenger va automatiquement faire ce qui suit:
→ Redémarrage du pc .....
→ Pendant le re-démarrage, il apparaitra brièvement une fenêtre de commande de windows noire sur ton bureau -> NORMAL.
→ Après le re-démarrage, il crée un fichier log qui s'ouvrira, faisant apparaitre les actions exécutées par The Avenger. Ce fichier log se trouve ici : C:\avenger.txt
→ Copie-en le contenu et poste le moi.
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
A+
Fait un clique droit sur ' Avenger.zip ' > extraire tout ( toujours sur le bureau )
Copie tout le texte en gras ci-dessous (CTRL+C) :
Registry values to delete:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | EXENAMEbootloadEXENAMEMASTERNbusterbraMASTERNLANSPREADnLANSPREADSTNICKdabotlastdaSTNICKHGTZHSQLSPREADjaSQLSPREADFTPADDYdonat.banki.huFTPADDYFTPUSRaatFTPUSRFTPPWaat123FTPPWFTPDATbild03.exeFTPDATSPREADNET81SPREADNETHGTZHPTOPneinPTOPINIMIRCjaINIMIRCINIMIRCMSGlol check it outINIMIRCMSGINIMIRCEXEircbotINIMIRCEXE
→ Maintenant, lance The Avenger en cliquant sur son icône du bureau.
Un message en anglais va te demander de confirmer , répond ' OK '
Dans le cadre qui apparait sous 'input script there ' Colle le texte copié précédemment ( CTRL +V )
Vérifie que les cases ' Scan for rootkit ' & 'Automatically disable any rootkits found ' soient cochées.
Clique sur ' Execute '
...........The Avenger va automatiquement faire ce qui suit:
→ Redémarrage du pc .....
→ Pendant le re-démarrage, il apparaitra brièvement une fenêtre de commande de windows noire sur ton bureau -> NORMAL.
→ Après le re-démarrage, il crée un fichier log qui s'ouvrira, faisant apparaitre les actions exécutées par The Avenger. Ce fichier log se trouve ici : C:\avenger.txt
→ Copie-en le contenu et poste le moi.
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
A+
re,
ça met : error:invalid script a valid script must begin with a command directive. aborting execution
c'est tout
ça met : error:invalid script a valid script must begin with a command directive. aborting execution
c'est tout
Re ,
J'ai du me planter ...
On essaye une dernière fois avec ça : ( après si ça marche pas , on passera )
Registry keys to delete:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\EXENAMEbootloadEXENAMEMASTERNbusterbraMASTERNLANSPREADnLANSPREADSTNICKdabotlastdaSTNICKHGTZHSQLSPREADjaSQLSPREADFTPADDYdonat.banki.huFTPADDYFTPUSRaatFTPUSRFTPPWaat123FTPPWFTPDATbild03.exeFTPDATSPREADNET81SPREADNETHGTZHPTOPneinPTOPINIMIRCjaINIMIRCINIMIRCMSGlol check it outINIMIRCMSGINIMIRCEXEircbotINIMIRCEXE
Dis moi quoi
++
J'ai du me planter ...
On essaye une dernière fois avec ça : ( après si ça marche pas , on passera )
Registry keys to delete:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\EXENAMEbootloadEXENAMEMASTERNbusterbraMASTERNLANSPREADnLANSPREADSTNICKdabotlastdaSTNICKHGTZHSQLSPREADjaSQLSPREADFTPADDYdonat.banki.huFTPADDYFTPUSRaatFTPUSRFTPPWaat123FTPPWFTPDATbild03.exeFTPDATSPREADNET81SPREADNETHGTZHPTOPneinPTOPINIMIRCjaINIMIRCINIMIRCMSGlol check it outINIMIRCMSGINIMIRCEXEircbotINIMIRCEXE
Dis moi quoi
++
voici le dernier rapport hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:00:20, on 11/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\avast\aswUpdSv.exe
C:\Program Files\avast\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\avast\ashDisp.exe
C:\Program Files\Multimedia Combo Set\MouseDrv.exe
C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\avast\ashMaiSv.exe
C:\Program Files\avast\ashWebSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [EXENAMEbootloadEXENAMEMASTERNbusterbraMASTERNLANSPREADnLANSPREADSTNICKdabotlastdaSTNICKHGTZHSQLSPREADjaSQLSPREADFTPADDYdonat.banki.huFTPADDYFTPUSRaatFTPUSRFTPPWaat123FTPPWFTPDATbild03.exeFTPDATSPREADNET81SPREADNETHGTZHPTOPneinPTOPINIMIRCjaINIMIRCINIMIRCMSGlol check it outINIMIRCMSGINIMIRCEXEircbotINIMIRCEXE] C:\WINDOWS\bootload.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\avast\ashDisp.exe
O4 - HKLM\..\Run: [WireLessMouse ] C:\Program Files\Multimedia Combo Set\MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Mouse Driver\MouseDrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Nvidia] C:\Documents and Settings\ALIXIA\wkuwku.exe
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb\tribalweb.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB833457-843C-4403-B3E1-74CB48426EEE}: NameServer = 212.151.136.242 212.151.137.166
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\avast\ashWebSv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TFTP Server (TFTPService) - Unknown owner - c:\windows\java\tftp4nt.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:00:20, on 11/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\avast\aswUpdSv.exe
C:\Program Files\avast\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\avast\ashDisp.exe
C:\Program Files\Multimedia Combo Set\MouseDrv.exe
C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\avast\ashMaiSv.exe
C:\Program Files\avast\ashWebSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [EXENAMEbootloadEXENAMEMASTERNbusterbraMASTERNLANSPREADnLANSPREADSTNICKdabotlastdaSTNICKHGTZHSQLSPREADjaSQLSPREADFTPADDYdonat.banki.huFTPADDYFTPUSRaatFTPUSRFTPPWaat123FTPPWFTPDATbild03.exeFTPDATSPREADNET81SPREADNETHGTZHPTOPneinPTOPINIMIRCjaINIMIRCINIMIRCMSGlol check it outINIMIRCMSGINIMIRCEXEircbotINIMIRCEXE] C:\WINDOWS\bootload.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\avast\ashDisp.exe
O4 - HKLM\..\Run: [WireLessMouse ] C:\Program Files\Multimedia Combo Set\MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Mouse Driver\MouseDrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Nvidia] C:\Documents and Settings\ALIXIA\wkuwku.exe
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb\tribalweb.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB833457-843C-4403-B3E1-74CB48426EEE}: NameServer = 212.151.136.242 212.151.137.166
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\avast\ashWebSv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TFTP Server (TFTPService) - Unknown owner - c:\windows\java\tftp4nt.exe
Re ,
*********************************************
→ Relance hijackthis , en menu principal choisis ' Do a system scan ' Et fixe ces/cette ligne(s) : ( coche la case à leurs gauches )
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
O4 - HKLM\..\Run: [EXENAMEbootloadEXENAMEMASTERNbusterbraMASTERNLANSPREADnLANSPREADSTNICKdabotlastdaSTNICKHGTZHSQLSPREADjaSQLSPREADFTPADDYdonat.banki.huFTPADDYFTPUSRaatFTPUSRFTPPWaat123FTPPWFTPDATbild03.exeFTPDATSPREADNET81SPREADNETHGTZHPTOPneinPTOPINIMIRCjaINIMIRCINIMIRCMSGlol check it outINIMIRCMSGINIMIRCEXEircbotINIMIRCEXE] C:\WINDOWS\bootload.exe
Ferme toutes les fenêtres (hormis Hijackthis), y compris ton navigateur web.
→ clique sur ' fixchecked '
***************************************
Supprime ce dossier en mode sans echec :
c:\windows\java
> Vide ta corbeille.
*********************************
Reposte un rapport Hijackthis par la suite.
++
*********************************************
→ Relance hijackthis , en menu principal choisis ' Do a system scan ' Et fixe ces/cette ligne(s) : ( coche la case à leurs gauches )
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
O4 - HKLM\..\Run: [EXENAMEbootloadEXENAMEMASTERNbusterbraMASTERNLANSPREADnLANSPREADSTNICKdabotlastdaSTNICKHGTZHSQLSPREADjaSQLSPREADFTPADDYdonat.banki.huFTPADDYFTPUSRaatFTPUSRFTPPWaat123FTPPWFTPDATbild03.exeFTPDATSPREADNET81SPREADNETHGTZHPTOPneinPTOPINIMIRCjaINIMIRCINIMIRCMSGlol check it outINIMIRCMSGINIMIRCEXEircbotINIMIRCEXE] C:\WINDOWS\bootload.exe
Ferme toutes les fenêtres (hormis Hijackthis), y compris ton navigateur web.
→ clique sur ' fixchecked '
***************************************
Supprime ce dossier en mode sans echec :
c:\windows\java
> Vide ta corbeille.
*********************************
Reposte un rapport Hijackthis par la suite.
++
re,
voici le dernier rapport hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:08:40, on 11/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\avast\aswUpdSv.exe
C:\Program Files\avast\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\avast\ashMaiSv.exe
C:\Program Files\avast\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\avast\ashDisp.exe
C:\Program Files\Multimedia Combo Set\MouseDrv.exe
C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\avast\ashDisp.exe
O4 - HKLM\..\Run: [WireLessMouse ] C:\Program Files\Multimedia Combo Set\MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Mouse Driver\MouseDrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Nvidia] C:\Documents and Settings\ALIXIA\wkuwku.exe
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb\tribalweb.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB833457-843C-4403-B3E1-74CB48426EEE}: NameServer = 212.151.136.242 212.151.137.166
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\avast\ashWebSv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TFTP Server (TFTPService) - Unknown owner - c:\windows\java\tftp4nt.exe (file missing)
voici le dernier rapport hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:08:40, on 11/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\avast\aswUpdSv.exe
C:\Program Files\avast\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\avast\ashMaiSv.exe
C:\Program Files\avast\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\avast\ashDisp.exe
C:\Program Files\Multimedia Combo Set\MouseDrv.exe
C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\avast\ashDisp.exe
O4 - HKLM\..\Run: [WireLessMouse ] C:\Program Files\Multimedia Combo Set\MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Mouse Driver\MouseDrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Nvidia] C:\Documents and Settings\ALIXIA\wkuwku.exe
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb\tribalweb.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB833457-843C-4403-B3E1-74CB48426EEE}: NameServer = 212.151.136.242 212.151.137.166
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\avast\ashWebSv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TFTP Server (TFTPService) - Unknown owner - c:\windows\java\tftp4nt.exe (file missing)
Re !
Ta version d'Adobe n'est pas à jour , désinstalle ta version actuelle en passant par ' ajout et supréssion de programmes '
Puis télécharge la dernière , via ce site --> https://get2.adobe.com/reader/otherversions/
Bulletin de sécurité sur les versions Adobe 7.0.8 et antérieures :
https://www.adobe.com/support/security/bulletins/apsb07-01.html
https://get2.adobe.com/reader/otherversions/
***************************************
Démarrer > executer > ' services.msc ' ,
- Clic droit sur le service cité - TFTP Server (TFTPService)
- propriétés
- et dans "type de démarrage" et mets le sur « désactivé ».
- Ensuite si le "Status du service" est sur "Démarré" faire : « arrêté »
Tutorial : https://www.zebulon.fr/dossiers/windows/31-services.html
***********************************
Délaisse Avast au profit d'Antivir , contrairement à ce que tout le monde pense , Avast n'est pas aussi bien que l'on pourrais le croire regarde le classement des AV
et constate par toi même → Avast vs Antivir
Vire Avast → Désinstalle Avast 'proprement' ( merci espion3004)
Et télécharge Antivir ( PersonnalEdition Classic) → ici
Tuto Installation + configuration Antivir → https://www.malekal.com/avira-free-security-antivirus-gratuit/
Tuto Installation : → https://www.astucesinternet.com/modules/news/article.php?storyid=253
Pour le rendre encore plus discret....
****************************
Télécharge le pare-feu ZoneAlarm Lit bien tout l'article pour éviter les surprises.
Des soucis avec ?
**********************
Fait tout cela , puis lance Antivir ' scan system now ' poste le rapport à la fin du scan ( via bouton ' report ' )
A+
Ta version d'Adobe n'est pas à jour , désinstalle ta version actuelle en passant par ' ajout et supréssion de programmes '
Puis télécharge la dernière , via ce site --> https://get2.adobe.com/reader/otherversions/
Bulletin de sécurité sur les versions Adobe 7.0.8 et antérieures :
https://www.adobe.com/support/security/bulletins/apsb07-01.html
https://get2.adobe.com/reader/otherversions/
***************************************
Démarrer > executer > ' services.msc ' ,
- Clic droit sur le service cité - TFTP Server (TFTPService)
- propriétés
- et dans "type de démarrage" et mets le sur « désactivé ».
- Ensuite si le "Status du service" est sur "Démarré" faire : « arrêté »
Tutorial : https://www.zebulon.fr/dossiers/windows/31-services.html
***********************************
Délaisse Avast au profit d'Antivir , contrairement à ce que tout le monde pense , Avast n'est pas aussi bien que l'on pourrais le croire regarde le classement des AV
et constate par toi même → Avast vs Antivir
Vire Avast → Désinstalle Avast 'proprement' ( merci espion3004)
Et télécharge Antivir ( PersonnalEdition Classic) → ici
Tuto Installation + configuration Antivir → https://www.malekal.com/avira-free-security-antivirus-gratuit/
Tuto Installation : → https://www.astucesinternet.com/modules/news/article.php?storyid=253
Pour le rendre encore plus discret....
****************************
Télécharge le pare-feu ZoneAlarm Lit bien tout l'article pour éviter les surprises.
Des soucis avec ?
**********************
Fait tout cela , puis lance Antivir ' scan system now ' poste le rapport à la fin du scan ( via bouton ' report ' )
A+
je n'arrive pas à désinstaller avast avec le truc que tu m'as filé:
"the avast self protection module is enable."
"the avast self protection module is enable."
Re ,
c'est pas un ' truc ' mais un utilitaire de désinstallation ;)
Lance le en MSE
Autre tutorials :
https://www.micro-astuce.com/depannage/demarrer-mode-sans-echec.php
http://www.coupdepoucepc.com/modules/news/article.php?storyid=253
c'est pas un ' truc ' mais un utilitaire de désinstallation ;)
Lance le en MSE
Autre tutorials :
https://www.micro-astuce.com/depannage/demarrer-mode-sans-echec.php
http://www.coupdepoucepc.com/modules/news/article.php?storyid=253
hello,
je crois et j'espère que les opérations touchent à leur fin.
voici le rapprt de mon scan avec antivir :
AntiVir PersonalEdition Classic
Report file date: vendredi 11 avril 2008 21:14
Scanning for 1198942 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: D1HG2Y0J
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 18:29:29
ANTIVIR2.VDF : 7.0.3.156 795136 Bytes 11/04/2008 18:29:30
ANTIVIR3.VDF : 7.0.3.158 61952 Bytes 11/04/2008 18:29:30
AVEWIN32.DLL : 7.6.0.85 3461632 Bytes 11/04/2008 18:29:32
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 11/04/2008 18:29:32
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: vendredi 11 avril 2008 21:14
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'MaAgent.exe' - '1' Module(s) have been scanned
Scan process 'SMSTray.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'QTTask.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'PS2USBKbdDrv.exe' - '1' Module(s) have been scanned
Scan process 'MouseDrv.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
Scan process 'CTSVCCDA.EXE' - '1' Module(s) have been scanned
Scan process 'CDANTSRV.EXE' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
41 processes with 41 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '34' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\ALIXIA\daeuzo.MSNFix
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\Documents and Settings\ALIXIA\gbaxba.MSNFix
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\Documents and Settings\ALIXIA\ruyify.MSNFix
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\Documents and Settings\ALIXIA\Bureau\Upload_Me.zip
[0] Archive type: ZIP
--> DOCUME~1/ALIXIA/Bureau/Upload_Me/catchme.zip
[1] Archive type: ZIP
--> ^^^^^.exe.1
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> ^^^^^.exe.3
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> DOCUME~1/ALIXIA/Bureau/Upload_Me/daeuzo.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> DOCUME~1/ALIXIA/Bureau/Upload_Me/gbaxba.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> DOCUME~1/ALIXIA/Bureau/Upload_Me/ruyify.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\Documents and Settings\JEAN-LUC\Bureau\Upload_Me.zip
[0] Archive type: ZIP
--> DOCUME~1/JEAN-LUC/Bureau/Upload_Me/catchme.zip
[1] Archive type: ZIP
--> ^^^^^.exe.1
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was deleted!
C:\MSNFix\08042008_23451495.zip
[0] Archive type: ZIP
--> backup/daeuzo.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> backup/gbaxba.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> backup/ruyify.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\Program Files\ShoppingReport\Uninst.exe.vir
[DETECTION] Contains detection pattern of the dropper DR/MartShop.2
[INFO] The file was deleted!
End of the scan: samedi 12 avril 2008 00:17
Used time: 3:03:09 min
The scan has been done completely.
13344 Scanning directories
432781 Files were scanned
13 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
7 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
432768 Files not concerned
5443 Archives were scanned
4 Warnings
2 Notes
je crois et j'espère que les opérations touchent à leur fin.
voici le rapprt de mon scan avec antivir :
AntiVir PersonalEdition Classic
Report file date: vendredi 11 avril 2008 21:14
Scanning for 1198942 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: D1HG2Y0J
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 18:29:29
ANTIVIR2.VDF : 7.0.3.156 795136 Bytes 11/04/2008 18:29:30
ANTIVIR3.VDF : 7.0.3.158 61952 Bytes 11/04/2008 18:29:30
AVEWIN32.DLL : 7.6.0.85 3461632 Bytes 11/04/2008 18:29:32
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 11/04/2008 18:29:32
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: vendredi 11 avril 2008 21:14
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'MaAgent.exe' - '1' Module(s) have been scanned
Scan process 'SMSTray.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'QTTask.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'PS2USBKbdDrv.exe' - '1' Module(s) have been scanned
Scan process 'MouseDrv.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
Scan process 'CTSVCCDA.EXE' - '1' Module(s) have been scanned
Scan process 'CDANTSRV.EXE' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
41 processes with 41 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '34' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\ALIXIA\daeuzo.MSNFix
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\Documents and Settings\ALIXIA\gbaxba.MSNFix
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\Documents and Settings\ALIXIA\ruyify.MSNFix
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\Documents and Settings\ALIXIA\Bureau\Upload_Me.zip
[0] Archive type: ZIP
--> DOCUME~1/ALIXIA/Bureau/Upload_Me/catchme.zip
[1] Archive type: ZIP
--> ^^^^^.exe.1
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> ^^^^^.exe.3
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> DOCUME~1/ALIXIA/Bureau/Upload_Me/daeuzo.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> DOCUME~1/ALIXIA/Bureau/Upload_Me/gbaxba.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> DOCUME~1/ALIXIA/Bureau/Upload_Me/ruyify.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\Documents and Settings\JEAN-LUC\Bureau\Upload_Me.zip
[0] Archive type: ZIP
--> DOCUME~1/JEAN-LUC/Bureau/Upload_Me/catchme.zip
[1] Archive type: ZIP
--> ^^^^^.exe.1
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was deleted!
C:\MSNFix\08042008_23451495.zip
[0] Archive type: ZIP
--> backup/daeuzo.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> backup/gbaxba.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> backup/ruyify.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\Program Files\ShoppingReport\Uninst.exe.vir
[DETECTION] Contains detection pattern of the dropper DR/MartShop.2
[INFO] The file was deleted!
End of the scan: samedi 12 avril 2008 00:17
Used time: 3:03:09 min
The scan has been done completely.
13344 Scanning directories
432781 Files were scanned
13 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
7 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
432768 Files not concerned
5443 Archives were scanned
4 Warnings
2 Notes
Re !
Tu peux me reposter un rapport Hijackthis stp ?
Puis fait ceci :
→ Télécharge clean : http://www.malekal.com/download/clean.zip
→ Dézippe-le ( clique droit , extraire tout)
→ Lance clean.cmd ( ou clean ), Choisi l'option 1 et poste moi le rapport.
(- Où est le rapport clean ? : « Poste de travail » / double clic sur disque « C / » double-clic sur « rapport_clean.txt » et « copier/coller le contenu » sur le forum. )
Note : Tu auras peut-être un message qui t'invitera a uploader un fichier , fait-le dès que tu pourras.
C'est bientôt fini ;)
A+
Tu peux me reposter un rapport Hijackthis stp ?
Puis fait ceci :
→ Télécharge clean : http://www.malekal.com/download/clean.zip
→ Dézippe-le ( clique droit , extraire tout)
→ Lance clean.cmd ( ou clean ), Choisi l'option 1 et poste moi le rapport.
(- Où est le rapport clean ? : « Poste de travail » / double clic sur disque « C / » double-clic sur « rapport_clean.txt » et « copier/coller le contenu » sur le forum. )
Note : Tu auras peut-être un message qui t'invitera a uploader un fichier , fait-le dès que tu pourras.
C'est bientôt fini ;)
A+
voici le rapport hjt:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:53:07, on 12/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Multimedia Combo Set\MouseDrv.exe
C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [WireLessMouse ] C:\Program Files\Multimedia Combo Set\MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Mouse Driver\MouseDrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Nvidia] C:\Documents and Settings\ALIXIA\wkuwku.exe
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb\tribalweb.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB833457-843C-4403-B3E1-74CB48426EEE}: NameServer = 212.151.136.242 212.151.137.166
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:53:07, on 12/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Multimedia Combo Set\MouseDrv.exe
C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [WireLessMouse ] C:\Program Files\Multimedia Combo Set\MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Mouse Driver\MouseDrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Nvidia] C:\Documents and Settings\ALIXIA\wkuwku.exe
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb\tribalweb.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB833457-843C-4403-B3E1-74CB48426EEE}: NameServer = 212.151.136.242 212.151.137.166
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
