virus.win32.autorun.dq
Dernière réponse : dans Sécurité
Bonjour tout le monde,
Mon antivirus a detecter ce virus... Qui revient tout le temps! Malgré la supression avec l antivirus...
Comment faire pour s en debarasser?
Systeme : Vista.
Merci a vous
Mon antivirus a detecter ce virus... Qui revient tout le temps! Malgré la supression avec l antivirus...
Comment faire pour s en debarasser?
Systeme : Vista.
Merci a vous
Autres pages sur : virus win32 autorun
Lassé par la pub ? Créez un compte
Bonjour,
Quel est son emplacement ?
Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Quel est son emplacement ?
Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Salut Angeldark,
Je pense avoir reussi a le supprimer... Il etait present dans tout mes dd, y compris un archos. D apres se que j ai vu sur different forum le fait d aller dans un dd reinstallait le virus...
Sinon son emplacement est
virus Virus.Win32.AutoRun.dq Le fichier: F:\AUTORUN.INF
D:\AUTORUN.INF
C:\AUTORUN.INF
J ai refais le scan et apparement il n est plus detecter...
Je post tout de meme le hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:46:16, on 2/10/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\AASP\1.00.33\aaCenter.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\CtHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Gaet\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /PSCONV={NO} /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /PSCONV={NO} /FAIL=1 (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~2\KASPER~1.0\r3hook.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
--
End of file - 4686 bytes
Merci
Je pense avoir reussi a le supprimer... Il etait present dans tout mes dd, y compris un archos. D apres se que j ai vu sur different forum le fait d aller dans un dd reinstallait le virus...
Sinon son emplacement est
virus Virus.Win32.AutoRun.dq Le fichier: F:\AUTORUN.INF
D:\AUTORUN.INF
C:\AUTORUN.INF
J ai refais le scan et apparement il n est plus detecter...
Je post tout de meme le hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:46:16, on 2/10/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\AASP\1.00.33\aaCenter.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\CtHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Gaet\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /PSCONV={NO} /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /PSCONV={NO} /FAIL=1 (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~2\KASPER~1.0\r3hook.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
--
End of file - 4686 bytes
Merci
Re,
Télécharge combofix.exe (par sUBs) sur ton Bureau.
Double clique combofix.exe.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Re a toi ![;)]( ";)")
Voili voilou
ComboFix 07-10-04.6 - Gaet 2007-10-04 20:47:22.1 - NTFSx86
Microsoft© Windows VistaT dition Familiale Basique 6.0.6000.0.1252.1.1036.18.2094 [GMT 2:00]
Running from: C:\Users\Gaet\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((( Fichiers créés 2007-09-04 to 2007-10-04 ))))))))))))))))))))))))))))))))))))
.
2007-10-04 20:46 51,200 --a------ C:\Windows\NirCmd.exe
2007-10-02 22:44 <REP> dr-h----- C:\Users\Gaet\AppData\Roaming\SecuROM
2007-10-02 22:32 621,056 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2007-10-02 22:32 36,864 --a------ C:\Windows\System32\cdd.dll
2007-10-02 22:26 81,768 --a------ C:\Windows\System32\xinput1_3.dll
2007-10-02 22:26 669,184 --a------ C:\Windows\System32\pbsvc.exe
2007-10-02 22:26 444,776 --a------ C:\Windows\System32\d3dx10_35.dll
2007-10-02 22:26 443,752 --a------ C:\Windows\System32\d3dx10_34.dll
2007-10-02 22:26 3,727,720 --a------ C:\Windows\System32\d3dx9_35.dll
2007-10-02 22:26 3,497,832 --a------ C:\Windows\System32\d3dx9_34.dll
2007-10-02 22:26 22,328 --a------ C:\Users\Gaet\AppData\Roaming\PnkBstrK.sys
2007-10-02 22:26 1,358,192 --a------ C:\Windows\System32\D3DCompiler_35.dll
2007-10-02 22:26 1,124,720 --a------ C:\Windows\System32\D3DCompiler_34.dll
2007-09-29 19:40 82,061 --a------ C:\Windows\System32\drivers\klick.dat
2007-09-29 19:40 81,549 --a------ C:\Windows\System32\drivers\klin.dat
2007-09-29 19:39 <REP> d-------- C:\Users\All Users\Kaspersky Lab
2007-09-29 19:39 <REP> d-------- C:\ProgramData\Kaspersky Lab
2007-09-29 19:39 <REP> d-------- C:\Program Files\Kaspersky Lab
2007-09-29 19:38 4,653,856 --ahs---- C:\Windows\System32\drivers\fidbox.dat
2007-09-28 23:51 7,680 --a------ C:\Windows\System32\drivers\ASACPI.sys
2007-09-28 23:51 24,576 -ra------ C:\Windows\System32\AsIO.dll
2007-09-28 23:51 12,664 -ra------ C:\Windows\System32\drivers\AsIO.sys
2007-09-28 23:45 66,560 --------- C:\Windows\System32\CmdRtr.dll
2007-09-28 23:45 103,936 --------- C:\Windows\System32\APOMngr.dll
2007-09-28 23:00 <REP> d-------- C:\Program Files\Navilog1
2007-09-28 22:27 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2007-09-28 22:27 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2007-09-28 18:46 356,352 --a------ C:\Windows\System32\NVUNINST.EXE
2007-09-28 18:46 <REP> d-------- C:\NVIDIA
2007-09-26 01:38 <REP> d-------- C:\Users\All Users\GRAW2
2007-09-26 01:38 <REP> d-------- C:\ProgramData\GRAW2
2007-09-26 00:54 <REP> d-------- C:\Windows\System32\AGEIA
2007-09-26 00:54 <REP> d-------- C:\Program Files\AGEIA Technologies
2007-09-26 00:53 <REP> d-------- C:\Users\All Users\Media Center Programs
2007-09-26 00:53 <REP> d-------- C:\ProgramData\Media Center Programs
2007-09-26 00:53 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-26 00:49 <REP> d-------- C:\Program Files\UBISOFT
2007-09-26 00:48 <REP> d-------- C:\Users\Gaet\AppData\Roaming\InstallShield
2007-09-26 00:38 57,856 --a------ C:\Windows\System32\SLUINotify.dll
2007-09-26 00:38 566,784 --a------ C:\Windows\System32\SLCommDlg.dll
2007-09-26 00:38 39,936 --a------ C:\Windows\System32\slcinst.dll
2007-09-26 00:38 351,232 --a------ C:\Windows\System32\SLUI.exe
2007-09-26 00:38 33,280 --a------ C:\Windows\System32\slwmi.dll
2007-09-26 00:38 268,288 --a------ C:\Windows\System32\mcbuilder.exe
2007-09-26 00:38 223,232 --a------ C:\Windows\System32\SLC.dll
2007-09-26 00:38 2,605,568 --a------ C:\Windows\System32\SLsvc.exe
2007-09-26 00:38 186,368 --a------ C:\Windows\System32\SLLUA.exe
2007-09-25 10:25 <REP> d-------- C:\Users\Gaet\AppData\Roaming\uTorrent
2007-09-25 10:25 <REP> d-------- C:\Program Files\uTorrent
2007-09-24 02:59 <REP> d-------- C:\Users\Gaet\AppData\Roaming\DivX
2007-09-24 00:20 <REP> d-------- C:\Users\Gaet\AppData\Roaming\teamspeak2
2007-09-23 10:55 <REP> d-------- C:\Users\Gaet\AppData\Roaming\eMule
2007-09-23 10:55 <REP> d-------- C:\Program Files\eMule
2007-09-23 10:46 <REP> d-------- C:\Users\All Users\eMule
2007-09-23 10:46 <REP> d-------- C:\ProgramData\eMule
2007-09-22 21:00 <REP> d-------- C:\Users\Gaet\AppData\Roaming\vlc
2007-09-22 13:51 43,520 --a------ C:\Windows\System32\CmdLineExt03.dll
2007-09-22 12:50 <REP> d-------- C:\Users\Gaet\AppData\Roaming\PeerNetworking
2007-09-22 12:14 536 --a------ C:\Windows\eReg.dat
2007-09-22 12:03 57,344 --a------ C:\Windows\System32\Mfc42loc.dll
2007-09-22 11:56 <REP> d-------- C:\Program Files\EA GAMES
2007-09-22 11:05 <REP> d-------- C:\Users\All Users\Office Genuine Advantage
2007-09-22 11:05 <REP> d-------- C:\ProgramData\Office Genuine Advantage
2007-09-21 19:06 22,328 --a------ C:\Windows\System32\drivers\PnkBstrK.sys
2007-09-21 19:06 103,736 --a------ C:\Windows\System32\PnkBstrB.exe
2007-09-21 19:04 66,872 --a------ C:\Windows\System32\PnkBstrA.exe
2007-09-21 18:45 <REP> d-------- C:\Program Files\Common Files\PX Storage Engine
2007-09-21 18:44 <REP> d-------- C:\Program Files\DivX
2007-09-21 18:34 <REP> d-------- C:\Windows\pss
2007-09-21 18:32 <REP> d-------- C:\Users\Gaet\AppData\Roaming\Skype
2007-09-21 18:26 2,297,552 --a------ C:\Windows\System32\d3dx9_26.dll
2007-09-21 18:24 <REP> d-------- C:\Program Files\BitComet
2007-09-21 18:13 <REP> d-------- C:\Users\Gaet\AppData\Roaming\Ahead
2007-09-21 18:12 <REP> d-------- C:\Program Files\Nero
2007-09-21 18:12 <REP> d-------- C:\Program Files\Common Files\Ahead
2007-09-21 18:05 <REP> d-------- C:\Program Files\Microsoft Works
2007-09-21 18:04 <REP> d-------- C:\Program Files\Microsoft.NET
2007-09-21 18:02 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
2007-09-21 18:01 <REP> d-------- C:\Windows\SHELLNEW
2007-09-21 18:00 <REP> d-------- C:\Users\All Users\Microsoft Help
2007-09-21 18:00 <REP> d-------- C:\ProgramData\Microsoft Help
2007-09-21 17:56 <REP> dr-h----- C:\MSOCache
2007-09-21 17:32 <REP> d-------- C:\Program Files\CCleaner
2007-09-21 17:30 <REP> d-------- C:\Program Files\ASUS
2007-09-21 17:27 <REP> d-------- C:\Program Files\MSXML 4.0
2007-09-21 17:20 <REP> d-------- C:\Users\Gaet\AppData\Roaming\Apple Computer
2007-09-21 17:20 <REP> d-------- C:\Program Files\Skype
2007-09-21 17:20 <REP> d-------- C:\Program Files\Common Files\Skype
2007-09-21 17:19 <REP> d-------- C:\Users\All Users\Skype
2007-09-21 17:19 <REP> d-------- C:\ProgramData\Skype
2007-09-21 17:17 <REP> d-------- C:\Program Files\QuickTime
2007-09-21 17:16 <REP> d-------- C:\Users\All Users\Apple Computer
2007-09-21 17:16 <REP> d-------- C:\ProgramData\Apple Computer
2007-09-21 17:15 <REP> d-------- C:\Windows\PCHEALTH
2007-09-21 17:15 <REP> d-------- C:\Program Files\MSN Messenger
2007-09-21 17:13 <REP> d-------- C:\Program Files\VideoLAN
2007-09-21 17:13 <REP> d-------- C:\Program Files\Teamspeak2_RC2
2007-09-21 17:11 0 --a------ C:\Windows\nsreg.dat
2007-09-21 17:11 <REP> d-------- C:\Users\Gaet\AppData\Roaming\Talkback
2007-09-21 17:03 <REP> d-------- C:\Program Files\Alcohol Soft
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
++ et bonne analyse![:)]( ":)")
Merci encore
Voili voilou
ComboFix 07-10-04.6 - Gaet 2007-10-04 20:47:22.1 - NTFSx86
Microsoft© Windows VistaT dition Familiale Basique 6.0.6000.0.1252.1.1036.18.2094 [GMT 2:00]
Running from: C:\Users\Gaet\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((( Fichiers créés 2007-09-04 to 2007-10-04 ))))))))))))))))))))))))))))))))))))
.
2007-10-04 20:46 51,200 --a------ C:\Windows\NirCmd.exe
2007-10-02 22:44 <REP> dr-h----- C:\Users\Gaet\AppData\Roaming\SecuROM
2007-10-02 22:32 621,056 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2007-10-02 22:32 36,864 --a------ C:\Windows\System32\cdd.dll
2007-10-02 22:26 81,768 --a------ C:\Windows\System32\xinput1_3.dll
2007-10-02 22:26 669,184 --a------ C:\Windows\System32\pbsvc.exe
2007-10-02 22:26 444,776 --a------ C:\Windows\System32\d3dx10_35.dll
2007-10-02 22:26 443,752 --a------ C:\Windows\System32\d3dx10_34.dll
2007-10-02 22:26 3,727,720 --a------ C:\Windows\System32\d3dx9_35.dll
2007-10-02 22:26 3,497,832 --a------ C:\Windows\System32\d3dx9_34.dll
2007-10-02 22:26 22,328 --a------ C:\Users\Gaet\AppData\Roaming\PnkBstrK.sys
2007-10-02 22:26 1,358,192 --a------ C:\Windows\System32\D3DCompiler_35.dll
2007-10-02 22:26 1,124,720 --a------ C:\Windows\System32\D3DCompiler_34.dll
2007-09-29 19:40 82,061 --a------ C:\Windows\System32\drivers\klick.dat
2007-09-29 19:40 81,549 --a------ C:\Windows\System32\drivers\klin.dat
2007-09-29 19:39 <REP> d-------- C:\Users\All Users\Kaspersky Lab
2007-09-29 19:39 <REP> d-------- C:\ProgramData\Kaspersky Lab
2007-09-29 19:39 <REP> d-------- C:\Program Files\Kaspersky Lab
2007-09-29 19:38 4,653,856 --ahs---- C:\Windows\System32\drivers\fidbox.dat
2007-09-28 23:51 7,680 --a------ C:\Windows\System32\drivers\ASACPI.sys
2007-09-28 23:51 24,576 -ra------ C:\Windows\System32\AsIO.dll
2007-09-28 23:51 12,664 -ra------ C:\Windows\System32\drivers\AsIO.sys
2007-09-28 23:45 66,560 --------- C:\Windows\System32\CmdRtr.dll
2007-09-28 23:45 103,936 --------- C:\Windows\System32\APOMngr.dll
2007-09-28 23:00 <REP> d-------- C:\Program Files\Navilog1
2007-09-28 22:27 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2007-09-28 22:27 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2007-09-28 18:46 356,352 --a------ C:\Windows\System32\NVUNINST.EXE
2007-09-28 18:46 <REP> d-------- C:\NVIDIA
2007-09-26 01:38 <REP> d-------- C:\Users\All Users\GRAW2
2007-09-26 01:38 <REP> d-------- C:\ProgramData\GRAW2
2007-09-26 00:54 <REP> d-------- C:\Windows\System32\AGEIA
2007-09-26 00:54 <REP> d-------- C:\Program Files\AGEIA Technologies
2007-09-26 00:53 <REP> d-------- C:\Users\All Users\Media Center Programs
2007-09-26 00:53 <REP> d-------- C:\ProgramData\Media Center Programs
2007-09-26 00:53 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-26 00:49 <REP> d-------- C:\Program Files\UBISOFT
2007-09-26 00:48 <REP> d-------- C:\Users\Gaet\AppData\Roaming\InstallShield
2007-09-26 00:38 57,856 --a------ C:\Windows\System32\SLUINotify.dll
2007-09-26 00:38 566,784 --a------ C:\Windows\System32\SLCommDlg.dll
2007-09-26 00:38 39,936 --a------ C:\Windows\System32\slcinst.dll
2007-09-26 00:38 351,232 --a------ C:\Windows\System32\SLUI.exe
2007-09-26 00:38 33,280 --a------ C:\Windows\System32\slwmi.dll
2007-09-26 00:38 268,288 --a------ C:\Windows\System32\mcbuilder.exe
2007-09-26 00:38 223,232 --a------ C:\Windows\System32\SLC.dll
2007-09-26 00:38 2,605,568 --a------ C:\Windows\System32\SLsvc.exe
2007-09-26 00:38 186,368 --a------ C:\Windows\System32\SLLUA.exe
2007-09-25 10:25 <REP> d-------- C:\Users\Gaet\AppData\Roaming\uTorrent
2007-09-25 10:25 <REP> d-------- C:\Program Files\uTorrent
2007-09-24 02:59 <REP> d-------- C:\Users\Gaet\AppData\Roaming\DivX
2007-09-24 00:20 <REP> d-------- C:\Users\Gaet\AppData\Roaming\teamspeak2
2007-09-23 10:55 <REP> d-------- C:\Users\Gaet\AppData\Roaming\eMule
2007-09-23 10:55 <REP> d-------- C:\Program Files\eMule
2007-09-23 10:46 <REP> d-------- C:\Users\All Users\eMule
2007-09-23 10:46 <REP> d-------- C:\ProgramData\eMule
2007-09-22 21:00 <REP> d-------- C:\Users\Gaet\AppData\Roaming\vlc
2007-09-22 13:51 43,520 --a------ C:\Windows\System32\CmdLineExt03.dll
2007-09-22 12:50 <REP> d-------- C:\Users\Gaet\AppData\Roaming\PeerNetworking
2007-09-22 12:14 536 --a------ C:\Windows\eReg.dat
2007-09-22 12:03 57,344 --a------ C:\Windows\System32\Mfc42loc.dll
2007-09-22 11:56 <REP> d-------- C:\Program Files\EA GAMES
2007-09-22 11:05 <REP> d-------- C:\Users\All Users\Office Genuine Advantage
2007-09-22 11:05 <REP> d-------- C:\ProgramData\Office Genuine Advantage
2007-09-21 19:06 22,328 --a------ C:\Windows\System32\drivers\PnkBstrK.sys
2007-09-21 19:06 103,736 --a------ C:\Windows\System32\PnkBstrB.exe
2007-09-21 19:04 66,872 --a------ C:\Windows\System32\PnkBstrA.exe
2007-09-21 18:45 <REP> d-------- C:\Program Files\Common Files\PX Storage Engine
2007-09-21 18:44 <REP> d-------- C:\Program Files\DivX
2007-09-21 18:34 <REP> d-------- C:\Windows\pss
2007-09-21 18:32 <REP> d-------- C:\Users\Gaet\AppData\Roaming\Skype
2007-09-21 18:26 2,297,552 --a------ C:\Windows\System32\d3dx9_26.dll
2007-09-21 18:24 <REP> d-------- C:\Program Files\BitComet
2007-09-21 18:13 <REP> d-------- C:\Users\Gaet\AppData\Roaming\Ahead
2007-09-21 18:12 <REP> d-------- C:\Program Files\Nero
2007-09-21 18:12 <REP> d-------- C:\Program Files\Common Files\Ahead
2007-09-21 18:05 <REP> d-------- C:\Program Files\Microsoft Works
2007-09-21 18:04 <REP> d-------- C:\Program Files\Microsoft.NET
2007-09-21 18:02 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
2007-09-21 18:01 <REP> d-------- C:\Windows\SHELLNEW
2007-09-21 18:00 <REP> d-------- C:\Users\All Users\Microsoft Help
2007-09-21 18:00 <REP> d-------- C:\ProgramData\Microsoft Help
2007-09-21 17:56 <REP> dr-h----- C:\MSOCache
2007-09-21 17:32 <REP> d-------- C:\Program Files\CCleaner
2007-09-21 17:30 <REP> d-------- C:\Program Files\ASUS
2007-09-21 17:27 <REP> d-------- C:\Program Files\MSXML 4.0
2007-09-21 17:20 <REP> d-------- C:\Users\Gaet\AppData\Roaming\Apple Computer
2007-09-21 17:20 <REP> d-------- C:\Program Files\Skype
2007-09-21 17:20 <REP> d-------- C:\Program Files\Common Files\Skype
2007-09-21 17:19 <REP> d-------- C:\Users\All Users\Skype
2007-09-21 17:19 <REP> d-------- C:\ProgramData\Skype
2007-09-21 17:17 <REP> d-------- C:\Program Files\QuickTime
2007-09-21 17:16 <REP> d-------- C:\Users\All Users\Apple Computer
2007-09-21 17:16 <REP> d-------- C:\ProgramData\Apple Computer
2007-09-21 17:15 <REP> d-------- C:\Windows\PCHEALTH
2007-09-21 17:15 <REP> d-------- C:\Program Files\MSN Messenger
2007-09-21 17:13 <REP> d-------- C:\Program Files\VideoLAN
2007-09-21 17:13 <REP> d-------- C:\Program Files\Teamspeak2_RC2
2007-09-21 17:11 0 --a------ C:\Windows\nsreg.dat
2007-09-21 17:11 <REP> d-------- C:\Users\Gaet\AppData\Roaming\Talkback
2007-09-21 17:03 <REP> d-------- C:\Program Files\Alcohol Soft
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
++ et bonne analyse
Merci encore
La ca a l air plus complet ![:)]( ":)")
ComboFix 07-10-04.6 - Gaet 2007-10-04 22:15:42.3 - NTFSx86
Microsoft© Windows VistaT dition Familiale Basique 6.0.6000.0.1252.1.1036.18.2175 [GMT 2:00]
Running from: C:\Users\Gaet\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2007-09-04 to 2007-10-04 ))))))))))))))))))))))))))))))))))))
.
2007-10-04 20:46 51,200 --a------ C:\Windows\NirCmd.exe
2007-10-02 22:44 <REP> dr-h----- C:\Users\Gaet\AppData\Roaming\SecuROM
2007-10-02 22:32 621,056 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2007-10-02 22:32 36,864 --a------ C:\Windows\System32\cdd.dll
2007-10-02 22:26 81,768 --a------ C:\Windows\System32\xinput1_3.dll
2007-10-02 22:26 669,184 --a------ C:\Windows\System32\pbsvc.exe
2007-10-02 22:26 444,776 --a------ C:\Windows\System32\d3dx10_35.dll
2007-10-02 22:26 443,752 --a------ C:\Windows\System32\d3dx10_34.dll
2007-10-02 22:26 3,727,720 --a------ C:\Windows\System32\d3dx9_35.dll
2007-10-02 22:26 3,497,832 --a------ C:\Windows\System32\d3dx9_34.dll
2007-10-02 22:26 22,328 --a------ C:\Users\Gaet\AppData\Roaming\PnkBstrK.sys
2007-10-02 22:26 1,358,192 --a------ C:\Windows\System32\D3DCompiler_35.dll
2007-10-02 22:26 1,124,720 --a------ C:\Windows\System32\D3DCompiler_34.dll
2007-09-29 19:40 82,061 --a------ C:\Windows\System32\drivers\klick.dat
2007-09-29 19:40 81,549 --a------ C:\Windows\System32\drivers\klin.dat
2007-09-29 19:39 <REP> d-------- C:\Users\All Users\Kaspersky Lab
2007-09-29 19:39 <REP> d-------- C:\ProgramData\Kaspersky Lab
2007-09-29 19:39 <REP> d-------- C:\Program Files\Kaspersky Lab
2007-09-29 19:38 4,666,400 --ahs---- C:\Windows\System32\drivers\fidbox.dat
2007-09-28 23:51 7,680 --a------ C:\Windows\System32\drivers\ASACPI.sys
2007-09-28 23:51 24,576 -ra------ C:\Windows\System32\AsIO.dll
2007-09-28 23:51 12,664 -ra------ C:\Windows\System32\drivers\AsIO.sys
2007-09-28 23:45 66,560 --------- C:\Windows\System32\CmdRtr.dll
2007-09-28 23:45 103,936 --------- C:\Windows\System32\APOMngr.dll
2007-09-28 23:00 <REP> d-------- C:\Program Files\Navilog1
2007-09-28 22:27 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2007-09-28 22:27 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2007-09-28 18:46 356,352 --a------ C:\Windows\System32\NVUNINST.EXE
2007-09-28 18:46 <REP> d-------- C:\NVIDIA
2007-09-26 01:38 <REP> d-------- C:\Users\All Users\GRAW2
2007-09-26 01:38 <REP> d-------- C:\ProgramData\GRAW2
2007-09-26 00:54 <REP> d-------- C:\Windows\System32\AGEIA
2007-09-26 00:54 <REP> d-------- C:\Program Files\AGEIA Technologies
2007-09-26 00:53 <REP> d-------- C:\Users\All Users\Media Center Programs
2007-09-26 00:53 <REP> d-------- C:\ProgramData\Media Center Programs
2007-09-26 00:53 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-26 00:49 <REP> d-------- C:\Program Files\UBISOFT
2007-09-26 00:48 <REP> d-------- C:\Users\Gaet\AppData\Roaming\InstallShield
2007-09-26 00:38 57,856 --a------ C:\Windows\System32\SLUINotify.dll
2007-09-26 00:38 566,784 --a------ C:\Windows\System32\SLCommDlg.dll
2007-09-26 00:38 39,936 --a------ C:\Windows\System32\slcinst.dll
2007-09-26 00:38 351,232 --a------ C:\Windows\System32\SLUI.exe
2007-09-26 00:38 33,280 --a------ C:\Windows\System32\slwmi.dll
2007-09-26 00:38 268,288 --a------ C:\Windows\System32\mcbuilder.exe
2007-09-26 00:38 223,232 --a------ C:\Windows\System32\SLC.dll
2007-09-26 00:38 2,605,568 --a------ C:\Windows\System32\SLsvc.exe
2007-09-26 00:38 186,368 --a------ C:\Windows\System32\SLLUA.exe
2007-09-25 10:25 <REP> d-------- C:\Users\Gaet\AppData\Roaming\uTorrent
2007-09-25 10:25 <REP> d-------- C:\Program Files\uTorrent
2007-09-24 02:59 <REP> d-------- C:\Users\Gaet\AppData\Roaming\DivX
2007-09-24 00:20 <REP> d-------- C:\Users\Gaet\AppData\Roaming\teamspeak2
2007-09-23 10:55 <REP> d-------- C:\Users\Gaet\AppData\Roaming\eMule
2007-09-23 10:55 <REP> d-------- C:\Program Files\eMule
2007-09-23 10:46 <REP> d-------- C:\Users\All Users\eMule
2007-09-23 10:46 <REP> d-------- C:\ProgramData\eMule
2007-09-22 21:00 <REP> d-------- C:\Users\Gaet\AppData\Roaming\vlc
2007-09-22 13:51 43,520 --a------ C:\Windows\System32\CmdLineExt03.dll
2007-09-22 12:50 <REP> d-------- C:\Users\Gaet\AppData\Roaming\PeerNetworking
2007-09-22 12:14 536 --a------ C:\Windows\eReg.dat
2007-09-22 12:03 57,344 --a------ C:\Windows\System32\Mfc42loc.dll
2007-09-22 11:56 <REP> d-------- C:\Program Files\EA GAMES
2007-09-22 11:05 <REP> d-------- C:\Users\All Users\Office Genuine Advantage
2007-09-22 11:05 <REP> d-------- C:\ProgramData\Office Genuine Advantage
2007-09-21 19:06 22,328 --a------ C:\Windows\System32\drivers\PnkBstrK.sys
2007-09-21 19:06 103,736 --a------ C:\Windows\System32\PnkBstrB.exe
2007-09-21 19:04 66,872 --a------ C:\Windows\System32\PnkBstrA.exe
2007-09-21 18:45 <REP> d-------- C:\Program Files\Common Files\PX Storage Engine
2007-09-21 18:44 <REP> d-------- C:\Program Files\DivX
2007-09-21 18:34 <REP> d-------- C:\Windows\pss
2007-09-21 18:32 <REP> d-------- C:\Users\Gaet\AppData\Roaming\Skype
2007-09-21 18:26 2,297,552 --a------ C:\Windows\System32\d3dx9_26.dll
2007-09-21 18:24 <REP> d-------- C:\Program Files\BitComet
2007-09-21 18:13 <REP> d-------- C:\Users\Gaet\AppData\Roaming\Ahead
2007-09-21 18:12 <REP> d-------- C:\Program Files\Nero
2007-09-21 18:12 <REP> d-------- C:\Program Files\Common Files\Ahead
2007-09-21 18:05 <REP> d-------- C:\Program Files\Microsoft Works
2007-09-21 18:04 <REP> d-------- C:\Program Files\Microsoft.NET
2007-09-21 18:02 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
2007-09-21 18:01 <REP> d-------- C:\Windows\SHELLNEW
2007-09-21 18:00 <REP> d-------- C:\Users\All Users\Microsoft Help
2007-09-21 18:00 <REP> d-------- C:\ProgramData\Microsoft Help
2007-09-21 17:56 <REP> dr-h----- C:\MSOCache
2007-09-21 17:32 <REP> d-------- C:\Program Files\CCleaner
2007-09-21 17:30 <REP> d-------- C:\Program Files\ASUS
2007-09-21 17:27 <REP> d-------- C:\Program Files\MSXML 4.0
2007-09-21 17:20 <REP> d-------- C:\Users\Gaet\AppData\Roaming\Apple Computer
2007-09-21 17:20 <REP> d-------- C:\Program Files\Skype
2007-09-21 17:20 <REP> d-------- C:\Program Files\Common Files\Skype
2007-09-21 17:19 <REP> d-------- C:\Users\All Users\Skype
2007-09-21 17:19 <REP> d-------- C:\ProgramData\Skype
2007-09-21 17:17 <REP> d-------- C:\Program Files\QuickTime
2007-09-21 17:16 <REP> d-------- C:\Users\All Users\Apple Computer
2007-09-21 17:16 <REP> d-------- C:\ProgramData\Apple Computer
2007-09-21 17:15 <REP> d-------- C:\Windows\PCHEALTH
2007-09-21 17:15 <REP> d-------- C:\Program Files\MSN Messenger
2007-09-21 17:13 <REP> d-------- C:\Program Files\VideoLAN
2007-09-21 17:13 <REP> d-------- C:\Program Files\Teamspeak2_RC2
2007-09-21 17:11 0 --a------ C:\Windows\nsreg.dat
2007-09-21 17:11 <REP> d-------- C:\Users\Gaet\AppData\Roaming\Talkback
2007-09-21 17:03 <REP> d-------- C:\Program Files\Alcohol Soft
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-03 00:50 65120 --ahs---- C:\Windows\system32\drivers\fidbox.idx
2007-09-21 18:26 802816 --a------ C:\Windows\system32\drivers\tcpip.sys
2007-09-21 18:05 --------- d-------- C:\Program Files\MSBuild
2007-09-21 16:42 174 --ahs---- C:\Program Files\desktop.ini
2007-09-21 16:39 --------- d-------- C:\Program Files\Windows Mail
2007-09-21 16:39 --------- d-------- C:\Program Files\Windows Defender
2007-09-21 16:39 --------- d-------- C:\Program Files\Windows Calendar
2007-09-21 16:35 8192 --a------ C:\Windows\System32\riched32.dll
2007-09-21 16:35 77824 --a------ C:\Windows\System32\rascfg.dll
2007-09-21 16:35 70144 --a------ C:\Windows\system32\drivers\pacer.sys
2007-09-21 16:35 694784 --a------ C:\Windows\System32\localspl.dll
2007-09-21 16:35 61952 --a------ C:\Windows\system32\drivers\wanarp.sys
2007-09-21 16:35 52736 --a------ C:\Windows\System32\rasdiag.dll
2007-09-21 16:35 48640 --a------ C:\Windows\system32\drivers\ndproxy.sys
2007-09-21 16:35 384000 --a------ C:\Windows\System32\netcfgx.dll
2007-09-21 16:35 33280 --a------ C:\Windows\System32\traffic.dll
2007-09-21 16:35 32768 --a------ C:\Windows\System32\rasmxs.dll
2007-09-21 16:35 286208 --a------ C:\Windows\System32\ipnathlp.dll
2007-09-21 16:35 22016 --a------ C:\Windows\System32\rasser.dll
2007-09-21 16:35 20480 --a------ C:\Windows\system32\drivers\ndistapi.sys
2007-09-21 16:35 15360 --a------ C:\Windows\System32\pacerprf.dll
2007-09-21 16:35 13824 --a------ C:\Windows\System32\wshqos.dll
2007-09-21 16:35 13824 --a------ C:\Windows\System32\icsunattend.exe
2007-09-21 16:35 134656 --a------ C:\Windows\System32\dps.dll
2007-09-21 16:31 86016 --a------ C:\Windows\System32\icfupgd.dll
2007-09-21 16:31 63488 --a------ C:\Windows\system32\drivers\mpsdrv.sys
2007-09-21 16:31 61952 --a------ C:\Windows\System32\cmifw.dll
2007-09-21 16:31 414208 --a------ C:\Windows\System32\msscp.dll
2007-09-21 16:31 396800 --a------ C:\Windows\System32\MPSSVC.dll
2007-09-21 16:31 392192 --a------ C:\Windows\System32\FirewallAPI.dll
2007-09-21 16:31 374456 --a------ C:\Windows\System32\mcupdate_GenuineIntel.dll
2007-09-21 16:31 23040 --a------ C:\Windows\system32\drivers\tunnel.sys
2007-09-21 16:31 178688 --a------ C:\Windows\System32\iphlpsvc.dll
2007-09-21 16:31 16896 --a------ C:\Windows\System32\wfapigp.dll
2007-09-21 16:31 15360 --a------ C:\Windows\system32\drivers\TUNMP.SYS
2007-09-21 16:28 537600 --a------ C:\Windows\AppPatch\AcLayers.dll
2007-09-21 16:28 449536 --a------ C:\Windows\AppPatch\AcSpecfc.dll
2007-09-21 16:28 2144256 --a------ C:\Windows\AppPatch\AcGenral.dll
2007-09-21 16:28 173056 --a------ C:\Windows\AppPatch\AcXtrnal.dll
2007-09-21 16:26 88576 --a------ C:\Windows\System32\avifil32.dll
2007-09-21 16:26 82944 --a------ C:\Windows\System32\mciavi32.dll
2007-09-21 16:26 8138240 --a------ C:\Windows\System32\ssBranded.scr
2007-09-21 16:26 712192 --a------ C:\Windows\System32\WindowsCodecs.dll
2007-09-21 16:26 704000 --a------ C:\Windows\System32\PhotoScreensaver.scr
2007-09-21 16:26 69632 --a------ C:\Windows\System32\sendmail.dll
2007-09-21 16:26 65024 --a------ C:\Windows\System32\avicap32.dll
2007-09-21 16:26 61440 --a------ C:\Windows\System32\ntprint.exe
2007-09-21 16:26 3504824 --a------ C:\Windows\System32\ntkrnlpa.exe
2007-09-21 16:26 3470008 --a------ C:\Windows\System32\ntoskrnl.exe
2007-09-21 16:26 31232 --a------ C:\Windows\System32\msvidc32.dll
2007-09-21 16:26 269824 --a------ C:\Windows\System32\schannel.dll
2007-09-21 16:26 220160 --a------ C:\Windows\System32\ntprint.dll
2007-09-21 16:26 1984512 --a------ C:\Windows\System32\authui.dll
2007-09-21 16:26 12800 --a------ C:\Windows\System32\msrle32.dll
2007-09-21 16:26 123904 --a------ C:\Windows\System32\msvfw32.dll
2007-09-21 16:26 120320 --a------ C:\Windows\System32\dhcpcsvc6.dll
2007-09-21 16:26 10240 --a------ C:\Windows\System32\dhcpcmonitor.dll
2007-09-21 16:25 56320 --a------ C:\Windows\System32\iesetup.dll
2007-09-21 16:25 52736 --a------ C:\Windows\AppPatch\iebrshim.dll
2007-09-21 16:25 26624 --a------ C:\Windows\System32\ieUnatt.exe
2007-09-21 16:06 --------- d--hs---l C:\ProgramData\Favoris
2007-09-21 16:06 --------- d--hs---l C:\ProgramData\Bureau
2007-09-21 16:06 --------- d--hs---l C:\Program Files\Fichiers communs
2007-09-11 22:28 86016 --a------ C:\Windows\System32\nvsvc.dll
2007-09-11 22:28 8497696 --a------ C:\Windows\System32\nvcpl.dll
2007-09-11 22:28 81920 --a------ C:\Windows\System32\nvmctray.dll
2007-09-11 22:28 7623968 --a------ C:\Windows\system32\drivers\nvlddmkm.sys
2007-09-11 22:28 753664 --a------ C:\Windows\System32\nvcplui.exe
2007-09-11 22:28 6942720 --a------ C:\Windows\System32\nvoglv32.dll
2007-09-11 22:28 6344704 --a------ C:\Windows\System32\nvdisps.dll
2007-09-11 22:28 5509120 --a------ C:\Windows\System32\nvdispsr.dll
2007-09-11 22:28 4988928 --a------ C:\Windows\System32\nvd3dum.dll
2007-09-11 22:28 458752 --a------ C:\Windows\System32\nvmccssr.dll
2007-09-11 22:28 45056 --a------ C:\Windows\System32\nvmccsrs.dll
2007-09-11 22:28 36864 --a------ C:\Windows\System32\nvcod100.dll
2007-09-11 22:28 36864 --a------ C:\Windows\System32\nvcod.dll
2007-09-11 22:28 364544 --a------ C:\Windows\System32\nvapi.dll
2007-09-11 22:28 3629056 --a------ C:\Windows\System32\nvvitvsr.dll
2007-09-11 22:28 356352 --a------ C:\Windows\System32\nvudisp.exe
2007-09-11 22:28 3551232 --a------ C:\Windows\System32\nvvitvs.dll
2007-09-11 22:28 3334144 --a------ C:\Windows\System32\nvgames.dll
2007-09-11 22:28 3166208 --a------ C:\Windows\System32\nvgamesr.dll
2007-09-11 22:28 307200 --a------ C:\Windows\System32\nvexpbar.dll
2007-09-11 22:28 2854912 --a------ C:\Windows\System32\nvmoblsr.dll
2007-09-11 22:28 2441216 --a------ C:\Windows\System32\nvwssr.dll
2007-09-11 22:28 2371584 --a------ C:\Windows\System32\nvwss.dll
2007-09-11 22:28 229376 --a------ C:\Windows\System32\nvmccs.dll
2007-09-11 22:28 188416 --a------ C:\Windows\System32\nvmccss.dll
2007-09-11 22:28 1521664 --a------ C:\Windows\System32\nvwgf2um.dll
2007-09-11 22:28 147456 --a------ C:\Windows\System32\nvcolor.exe
2007-09-11 22:28 1150976 --a------ C:\Windows\System32\nvmobls.dll
2007-09-11 22:28 1073152 --a------ C:\Windows\System32\nvcpluir.dll
2007-08-21 02:26 81920 --a------ C:\Windows\System32\dpl100.dll
2007-08-21 02:26 196608 --a------ C:\Windows\System32\dtu100.dll
2007-08-16 00:33 524288 --a------ C:\Windows\System32\DivXsm.exe
2007-08-16 00:33 3596288 --a------ C:\Windows\System32\qt-dx331.dll
2007-08-16 00:33 200704 --a------ C:\Windows\System32\ssldivx.dll
2007-08-16 00:33 1044480 --a------ C:\Windows\System32\libdivx.dll
2007-08-16 00:31 593920 --a------ C:\Windows\System32\dpuGUI11.dll
2007-08-16 00:31 57344 --a------ C:\Windows\System32\dpv11.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-21 16:33]
"MSConfig"="C:\Windows\System32\msconfig.exe" [2006-11-02 11:45]
"CTHelper"="CTHELPER.EXE" [2007-02-12 19:47 C:\Windows\System32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-02-12 19:47 C:\Windows\System32\Ctxfihlp.exe]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-26 16:53]
"NeroFilterCheck"="C:\Windows\system32\NeroCheck.exe" [2001-07-09 11:50]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DevconDefaultDB"=C:\Windows\system32\READREG /PSCONV={NO} /FAIL=1
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~2\KASPER~1.0\r3hook.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\Windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lancement rapide d'Adobe Reader.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lancement rapide d'Adobe Reader.lnk
backup=C:\Windows\pss\Lancement rapide d'Adobe Reader.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
CTXFIHLP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvMediaCenter"=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
"NvCplDaemon"=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
"NvSvc"=RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
R0 CLFS;Common Log (CLFS);C:\Windows\system32\CLFS.sys
R0 crcdisk;Crcdisk Filter Driver;C:\Windows\system32\drivers\crcdisk.sys
R0 Ecache;ReadyBoost Caching Driver;C:\Windows\system32\drivers\ecache.sys
R0 FileInfo;File Information FS MiniFilter;C:\Windows\system32\drivers\fileinfo.sys
R0 msisadrv;Pilote de classe ISA/EISA;C:\Windows\system32\drivers\msisadrv.sys
R0 spldr;Security Processor Loader Driver;C:\Windows\system32\drivers\spldr.sys
R0 volmgr;Pilote du Gestionnaire de volume;C:\Windows\system32\drivers\volmgr.sys
R0 volmgrx;Dynamic Volume Manager;C:\Windows\system32\drivers\volmgrx.sys
R1 DfsC;Dfs Client Driver;C:\Windows\system32\Drivers\dfsc.sys
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys
R1 nsiproxy;NSI proxy service;C:\Windows\system32\drivers\nsiproxy.sys
R1 RDPENCDD;RDP Encoder Mirror Driver;C:\Windows\system32\drivers\rdpencdd.sys
R1 Smb;Protocoles TCP/IP et TCP/IPv6 orienté messages (session SMB);C:\Windows\system32\DRIVERS\smb.sys
R1 tdx;Pilote de prise en charge TDI héritée NetIO;C:\Windows\system32\DRIVERS\tdx.sys
R1 Wanarpv6;Remote Access IPv6 ARP Driver;C:\Windows\system32\DRIVERS\wanarp.sys
R2 AeLookupSvc;Expérience d’application;C:\Windows\system32\svchost.exe -k netsvcs
R2 AudioEndpointBuilder;Générateur de points de terminaison du service Audio Windows;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
R2 BFE;Moteur de filtrage de base;C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
R2 DPS;Service de stratégie de diagnostic;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
R2 FDResPub;Publication des ressources de découverte de fonctions;C:\Windows\system32\svchost.exe -k LocalService
R2 gpsvc;Client de stratégie de groupe;C:\Windows\system32\svchost.exe -k netsvcs
R2 IKEEXT;Modules de génération de clés IKE et AuthIP;C:\Windows\system32\svchost.exe -k netsvcs
R2 iphlpsvc;Assistance IP;C:\Windows\System32\svchost.exe -k NetSvcs
R2 KtmRm;Service KtmRm pour Distributed Transaction Coordinator;C:\Windows\System32\svchost.exe -k NetworkService
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;C:\Windows\system32\DRIVERS\lltdio.sys
R2 luafv;UAC File Virtualization;C:\Windows\system32\drivers\luafv.sys
R2 MMCSS;Planificateur de classes multimédias;C:\Windows\system32\svchost.exe -k netsvcs
R2 MpsSvc;Pare-feu Windows;C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
R2 netprofm;Service Liste des réseaux;C:\Windows\System32\svchost.exe -k LocalService
R2 NlaSvc;Connaissance des emplacements réseau;C:\Windows\System32\svchost.exe -k NetworkService
R2 nsi;Service Interface du magasin réseau;C:\Windows\system32\svchost.exe -k LocalService
R2 PcaSvc;Service de l’Assistant Compatibilité des programmes;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
R2 PEAUTH;PEAUTH;C:\Windows\system32\drivers\peauth.sys
R2 ProfSvc;Service de profil utilisateur;C:\Windows\system32\svchost.exe -k netsvcs
R2 SysMain;Superfetch;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
R2 TabletInputService;Service Panneau de saisie Tablet PC;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
R2 tcpipreg;TCP/IP Registry Compatibility;C:\Windows\system32\drivers\tcpipreg.sys
R2 UxSms;Gestionnaire de sessions du Gestionnaire de fenêtrage;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
R2 WerSvc;Service de rapport d'erreurs Windows;C:\Windows\System32\svchost.exe -k WerSvcGroup
R2 WPDBusEnum;Service Énumérateur d’appareil mobile;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
R3 Appinfo;Informations d'application;C:\Windows\system32\svchost.exe -k netsvcs
R3 bowser;Bowser;C:\Windows\system32\DRIVERS\bowser.sys
R3 DXGKrnl;LDDM Graphics Subsystem;C:\Windows\system32\drivers\dxgkrnl.sys
R3 iScsiPrt;Pilote iScsiPort;C:\Windows\system32\DRIVERS\msiscsi.sys
R3 monitor;Service Pilote de fonction de classe Moniteur Microsoft;C:\Windows\system32\DRIVERS\monitor.sys
R3 mpsdrv;Pilote d’autorisation du Pare-feu Windows;C:\Windows\system32\drivers\mpsdrv.sys
R3 mrxsmb10;SMB 1.x MiniRedirector;C:\Windows\system32\DRIVERS\mrxsmb10.sys
R3 mrxsmb20;SMB 2.0 MiniRedirector;C:\Windows\system32\DRIVERS\mrxsmb20.sys
R3 nvlddmkm;nvlddmkm;C:\Windows\system32\DRIVERS\nvlddmkm.sys
R3 RTL8169;Pilote Realtek 8169 NT;C:\Windows\system32\DRIVERS\Rtlh86.sys
R3 srv2;srv2;C:\Windows\system32\DRIVERS\srv2.sys
R3 srvnet;srvnet;C:\Windows\system32\DRIVERS\srvnet.sys
R3 tunnel;Pilote de carte miniport Microsoft IPv6 Tunnel;C:\Windows\system32\DRIVERS\tunnel.sys
R3 umbus;Pilote d’énumérateur UMBus;C:\Windows\system32\DRIVERS\umbus.sys
R3 WdiSystemHost;Hôte système de diagnostics;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
S2 EMDMgmt;Service ReadyBoost;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
S2 slsvc;Licence du logiciel;C:\Windows\system32\SLsvc.exe
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;C:\Windows\system32\drivers\brfiltlo.sys
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;C:\Windows\system32\drivers\brfiltup.sys
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\Windows\system32\drivers\brusbser.sys
S3 CertPropSvc;Propagation du certificat;C:\Windows\system32\svchost.exe -k netsvcs
S3 DFSR;Réplication DFS;C:\Windows\system32\DFSR.exe
S3 dot3svc;Configuration automatique de réseau câblé;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 E1G60;Intel(R) PRO/1000 NDIS 6 Adapter Driver;C:\Windows\system32\DRIVERS\E1G60I32.sys
S3 EapHost;Protocole EAP (Extensible Authentication Protocol);C:\Windows\System32\svchost.exe -k netsvcs
S3 fdPHost;Hôte du fournisseur de découverte de fonctions;C:\Windows\system32\svchost.exe -k LocalService
S3 Filetrace;FileTrace;C:\Windows\system32\drivers\filetrace.sys
S3 hkmsvc;Gestion des clés et des certificats d'intégrité;C:\Windows\System32\svchost.exe -k netsvcs
S3 IPBusEnum;Énumérateur de bus IP PnP-X;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 KeyIso;Isolation de clé CNG;C:\Windows\system32\lsass.exe
S3 lltdsvc;Mappage de découverte de topologie de la couche de liaison;C:\Windows\System32\svchost.exe -k LocalService
S3 MSiSCSI;Service Initiateur iSCSI de Microsoft;C:\Windows\system32\svchost.exe -k netsvcs
S3 MsRPC;MsRPC;C:\Windows\system32\drivers\MsRPC.sys
S3 napagent;Agent de protection d’accès réseau;C:\Windows\System32\svchost.exe -k NetworkService
S3 NativeWifiP;NativeWiFi Filter;C:\Windows\system32\DRIVERS\nwifi.sys
S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
S3 p2psvc;Groupement de mise en réseau de pairs;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
S3 pla;Journaux & alertes de performance;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
S3 PNRPAutoReg;Service de publication des noms d’ordinateurs PNRP;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
S3 PNRPsvc;Protocole de résolution de noms d'homologues;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
S3 QWAVE;Expérience audio-vidéo haute qualité Windows;C:\Windows\system32\svchost.exe -k LocalService
S3 QWAVEdrv;Pilote QWAVE;C:\Windows\system32\drivers\qwavedrv.sys
S3 SCPolicySvc;Stratégie de retrait de la carte à puce;C:\Windows\system32\svchost.exe -k netsvcs
S3 SDRSVC;Sauvegarde Windows;C:\Windows\system32\svchost.exe -k SDRSVC
S3 SessionEnv;Configuration des services Terminal Server;C:\Windows\System32\svchost.exe -k netsvcs
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;C:\Windows\system32\drivers\sffp_mmc.sys
S3 SLUINotify;Service de notification de l’interface utilisateur SL;C:\Windows\system32\svchost.exe -k LocalService
S3 TBS;Services de base de module de plateforme sécurisée;C:\Windows\System32\svchost.exe -k LocalService
S3 THREADORDER;Serveur de priorités des threads;C:\Windows\system32\svchost.exe -k LocalService
S3 TrustedInstaller;Programme d’installation de modules Windows;C:\Windows\servicing\TrustedInstaller.exe
S3 tssecsrv;Terminal Services Security Filter Driver;C:\Windows\system32\DRIVERS\tssecsrv.sys
S3 UI0Detect;Détection de services interactifs;C:\Windows\system32\UI0Detect.exe
S3 uliagpkx;Uli AGP Bus Filter;C:\Windows\system32\drivers\uliagpkx.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\Windows\system32\DRIVERS\USBSTOR.SYS
S3 vga;vga;C:\Windows\system32\DRIVERS\vgapnp.sys
S3 wcncsvc;Windows Connect Now - Registre de configuration;C:\Windows\System32\svchost.exe -k LocalService
S3 WcsPlugInService;Système de couleurs Windows;C:\Windows\system32\svchost.exe -k wcssvc
S3 WdiServiceHost;Service hôte WDIServiceHost;C:\Windows\System32\svchost.exe -k wdisvc
S3 Wecsvc;Collecteur d'événements de Windows;C:\Windows\system32\svchost.exe -k NetworkService
S3 wercplsupport;Prise en charge de l’application Rapports et solutions aux problèmes du Panneau de configuration;C:\Windows\System32\svchost.exe -k netsvcs
S3 WinHttpAutoProxySvc;Service de découverte automatique de Proxy Web pour les services HTTP Windows;C:\Windows\system32\svchost.exe -k LocalService
S3 WinRM;Gestion à distance de Windows (Gestion WSM);C:\Windows\System32\svchost.exe -k NetworkService
S3 Wlansvc;Service de configuration automatique WLAN;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 WPCSvc;Contrôle parental;C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
S4 adp94xx;adp94xx;C:\Windows\system32\drivers\adp94xx.sys
S4 adpahci;adpahci;C:\Windows\system32\drivers\adpahci.sys
S4 amdide;amdide;C:\Windows\system32\drivers\amdide.sys
S4 arc;arc;C:\Windows\system32\drivers\arc.sys
S4 arcsas;arcsas;C:\Windows\system32\drivers\arcsas.sys
S4 Brserid;Brother MFC Serial Port Interface Driver (WDM);C:\Windows\system32\drivers\brserid.sys
S4 BrSerWdm;Brother WDM Serial driver;C:\Windows\system32\drivers\brserwdm.sys
S4 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\Windows\system32\drivers\brusbmdm.sys
S4 circlass;Consumer IR Devices;C:\Windows\system32\drivers\circlass.sys
S4 Crusoe;Transmeta Crusoe Processor Driver;C:\Windows\system32\drivers\crusoe.sys
S4 elxstor;elxstor;C:\Windows\system32\drivers\elxstor.sys
S4 HpCISSs;HpCISSs;C:\Windows\system32\drivers\hpcisss.sys
S4 iaStorV;Intel RAID Controller Vista;C:\Windows\system32\drivers\iastorv.sys
S4 iirsp;iirsp;C:\Windows\system32\drivers\iirsp.sys
S4 IPMIDRV;IPMIDRV;C:\Windows\system32\drivers\ipmidrv.sys
S4 iteraid;ITERAID_Service_Install;C:\Windows\system32\drivers\iteraid.sys
S4 LSI_FC;LSI_FC;C:\Windows\system32\drivers\lsi_fc.sys
S4 LSI_SAS;LSI_SAS;C:\Windows\system32\drivers\lsi_sas.sys
S4 LSI_SCSI;LSI_SCSI;C:\Windows\system32\drivers\lsi_scsi.sys
S4 megasas;megasas;C:\Windows\system32\drivers\megasas.sys
S4 mpio;Microsoft Multi-Path Bus Driver;C:\Windows\system32\drivers\mpio.sys
S4 msahci;msahci;C:\Windows\system32\drivers\msahci.sys
S4 msdsm;Microsoft Multi-Path Device Specific Module;C:\Windows\system32\drivers\msdsm.sys
S4 nfrd960;nfrd960;C:\Windows\system32\drivers\nfrd960.sys
S4 ntrigdigi;N-trig HID Tablet Driver;C:\Windows\system32\drivers\ntrigdigi.sys
S4 nvstor;nvstor;C:\Windows\system32\drivers\nvstor.sys
S4 ql2300;QLogic Fibre Channel Miniport Driver;C:\Windows\system32\drivers\ql2300.sys
S4 ql40xx;QLogic iSCSI Miniport Driver;C:\Windows\system32\drivers\ql40xx.sys
S4 SiSRaid2;SiSRaid2;C:\Windows\system32\drivers\sisraid2.sys
S4 SiSRaid4;SiSRaid4;C:\Windows\system32\drivers\sisraid4.sys
S4 uliahci;uliahci;C:\Windows\system32\drivers\uliahci.sys
S4 ulsata2;ulsata2;C:\Windows\system32\drivers\ulsata2.sys
S4 usbcir;eHome Infrared Receiver (USBCIR);C:\Windows\system32\drivers\usbcir.sys
S4 ViaC7;VIA C7 Processor Driver;C:\Windows\system32\drivers\viac7.sys
S4 vsmraid;vsmraid;C:\Windows\system32\drivers\vsmraid.sys
S4 WacomPen;Wacom Serial Pen HID Driver;C:\Windows\system32\drivers\wacompen.sys
S4 Wd;Microsoft Watchdog Timer Driver;C:\Windows\system32\drivers\wd.sys
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
NetworkServiceNetworkRestricted PolicyAgent
LocalServiceNoNetwork PLA DPS BFE mpssvc
NetworkService CryptSvc DHCP TermService KtmRm DNSCache NapAgent nlasvc WinRM WECSVC Tapisrv
WerSvcGroup wersvc
swprv swprv
LocalServiceNetworkRestricted DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc WPCSvc PnrpAutoReg
regsvc RemoteRegistry
wcssvc WcsPlugInService
DcomLaunch PlugPlay DcomLaunch
wdisvc WdiServiceHost
sdrsvc sdrsvc
secsvcs WinDefend
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
wercplsupport
Themes
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
ProfSvc
EapHost
winmgmt
schedule
SessionEnv
browser
hkmsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a50111dd-6853-11dc-84d8-001a9250005f}]
AutoRun\command- G:\Autorun.exe
*Newly Created Service* - CATCHME
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-04 22:17:26
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwEnumerateKey, ZwQueryKey, ZwOpenKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile, ZwQueryDirectoryFile, ZwQuerySystemInformation
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-04 22:18:34
C:\ComboFix2.txt ... 2007-10-04 20:50
.
--- E O F ---
ComboFix 07-10-04.6 - Gaet 2007-10-04 22:15:42.3 - NTFSx86
Microsoft© Windows VistaT dition Familiale Basique 6.0.6000.0.1252.1.1036.18.2175 [GMT 2:00]
Running from: C:\Users\Gaet\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2007-09-04 to 2007-10-04 ))))))))))))))))))))))))))))))))))))
.
2007-10-04 20:46 51,200 --a------ C:\Windows\NirCmd.exe
2007-10-02 22:44 <REP> dr-h----- C:\Users\Gaet\AppData\Roaming\SecuROM
2007-10-02 22:32 621,056 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2007-10-02 22:32 36,864 --a------ C:\Windows\System32\cdd.dll
2007-10-02 22:26 81,768 --a------ C:\Windows\System32\xinput1_3.dll
2007-10-02 22:26 669,184 --a------ C:\Windows\System32\pbsvc.exe
2007-10-02 22:26 444,776 --a------ C:\Windows\System32\d3dx10_35.dll
2007-10-02 22:26 443,752 --a------ C:\Windows\System32\d3dx10_34.dll
2007-10-02 22:26 3,727,720 --a------ C:\Windows\System32\d3dx9_35.dll
2007-10-02 22:26 3,497,832 --a------ C:\Windows\System32\d3dx9_34.dll
2007-10-02 22:26 22,328 --a------ C:\Users\Gaet\AppData\Roaming\PnkBstrK.sys
2007-10-02 22:26 1,358,192 --a------ C:\Windows\System32\D3DCompiler_35.dll
2007-10-02 22:26 1,124,720 --a------ C:\Windows\System32\D3DCompiler_34.dll
2007-09-29 19:40 82,061 --a------ C:\Windows\System32\drivers\klick.dat
2007-09-29 19:40 81,549 --a------ C:\Windows\System32\drivers\klin.dat
2007-09-29 19:39 <REP> d-------- C:\Users\All Users\Kaspersky Lab
2007-09-29 19:39 <REP> d-------- C:\ProgramData\Kaspersky Lab
2007-09-29 19:39 <REP> d-------- C:\Program Files\Kaspersky Lab
2007-09-29 19:38 4,666,400 --ahs---- C:\Windows\System32\drivers\fidbox.dat
2007-09-28 23:51 7,680 --a------ C:\Windows\System32\drivers\ASACPI.sys
2007-09-28 23:51 24,576 -ra------ C:\Windows\System32\AsIO.dll
2007-09-28 23:51 12,664 -ra------ C:\Windows\System32\drivers\AsIO.sys
2007-09-28 23:45 66,560 --------- C:\Windows\System32\CmdRtr.dll
2007-09-28 23:45 103,936 --------- C:\Windows\System32\APOMngr.dll
2007-09-28 23:00 <REP> d-------- C:\Program Files\Navilog1
2007-09-28 22:27 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2007-09-28 22:27 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2007-09-28 18:46 356,352 --a------ C:\Windows\System32\NVUNINST.EXE
2007-09-28 18:46 <REP> d-------- C:\NVIDIA
2007-09-26 01:38 <REP> d-------- C:\Users\All Users\GRAW2
2007-09-26 01:38 <REP> d-------- C:\ProgramData\GRAW2
2007-09-26 00:54 <REP> d-------- C:\Windows\System32\AGEIA
2007-09-26 00:54 <REP> d-------- C:\Program Files\AGEIA Technologies
2007-09-26 00:53 <REP> d-------- C:\Users\All Users\Media Center Programs
2007-09-26 00:53 <REP> d-------- C:\ProgramData\Media Center Programs
2007-09-26 00:53 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-26 00:49 <REP> d-------- C:\Program Files\UBISOFT
2007-09-26 00:48 <REP> d-------- C:\Users\Gaet\AppData\Roaming\InstallShield
2007-09-26 00:38 57,856 --a------ C:\Windows\System32\SLUINotify.dll
2007-09-26 00:38 566,784 --a------ C:\Windows\System32\SLCommDlg.dll
2007-09-26 00:38 39,936 --a------ C:\Windows\System32\slcinst.dll
2007-09-26 00:38 351,232 --a------ C:\Windows\System32\SLUI.exe
2007-09-26 00:38 33,280 --a------ C:\Windows\System32\slwmi.dll
2007-09-26 00:38 268,288 --a------ C:\Windows\System32\mcbuilder.exe
2007-09-26 00:38 223,232 --a------ C:\Windows\System32\SLC.dll
2007-09-26 00:38 2,605,568 --a------ C:\Windows\System32\SLsvc.exe
2007-09-26 00:38 186,368 --a------ C:\Windows\System32\SLLUA.exe
2007-09-25 10:25 <REP> d-------- C:\Users\Gaet\AppData\Roaming\uTorrent
2007-09-25 10:25 <REP> d-------- C:\Program Files\uTorrent
2007-09-24 02:59 <REP> d-------- C:\Users\Gaet\AppData\Roaming\DivX
2007-09-24 00:20 <REP> d-------- C:\Users\Gaet\AppData\Roaming\teamspeak2
2007-09-23 10:55 <REP> d-------- C:\Users\Gaet\AppData\Roaming\eMule
2007-09-23 10:55 <REP> d-------- C:\Program Files\eMule
2007-09-23 10:46 <REP> d-------- C:\Users\All Users\eMule
2007-09-23 10:46 <REP> d-------- C:\ProgramData\eMule
2007-09-22 21:00 <REP> d-------- C:\Users\Gaet\AppData\Roaming\vlc
2007-09-22 13:51 43,520 --a------ C:\Windows\System32\CmdLineExt03.dll
2007-09-22 12:50 <REP> d-------- C:\Users\Gaet\AppData\Roaming\PeerNetworking
2007-09-22 12:14 536 --a------ C:\Windows\eReg.dat
2007-09-22 12:03 57,344 --a------ C:\Windows\System32\Mfc42loc.dll
2007-09-22 11:56 <REP> d-------- C:\Program Files\EA GAMES
2007-09-22 11:05 <REP> d-------- C:\Users\All Users\Office Genuine Advantage
2007-09-22 11:05 <REP> d-------- C:\ProgramData\Office Genuine Advantage
2007-09-21 19:06 22,328 --a------ C:\Windows\System32\drivers\PnkBstrK.sys
2007-09-21 19:06 103,736 --a------ C:\Windows\System32\PnkBstrB.exe
2007-09-21 19:04 66,872 --a------ C:\Windows\System32\PnkBstrA.exe
2007-09-21 18:45 <REP> d-------- C:\Program Files\Common Files\PX Storage Engine
2007-09-21 18:44 <REP> d-------- C:\Program Files\DivX
2007-09-21 18:34 <REP> d-------- C:\Windows\pss
2007-09-21 18:32 <REP> d-------- C:\Users\Gaet\AppData\Roaming\Skype
2007-09-21 18:26 2,297,552 --a------ C:\Windows\System32\d3dx9_26.dll
2007-09-21 18:24 <REP> d-------- C:\Program Files\BitComet
2007-09-21 18:13 <REP> d-------- C:\Users\Gaet\AppData\Roaming\Ahead
2007-09-21 18:12 <REP> d-------- C:\Program Files\Nero
2007-09-21 18:12 <REP> d-------- C:\Program Files\Common Files\Ahead
2007-09-21 18:05 <REP> d-------- C:\Program Files\Microsoft Works
2007-09-21 18:04 <REP> d-------- C:\Program Files\Microsoft.NET
2007-09-21 18:02 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
2007-09-21 18:01 <REP> d-------- C:\Windows\SHELLNEW
2007-09-21 18:00 <REP> d-------- C:\Users\All Users\Microsoft Help
2007-09-21 18:00 <REP> d-------- C:\ProgramData\Microsoft Help
2007-09-21 17:56 <REP> dr-h----- C:\MSOCache
2007-09-21 17:32 <REP> d-------- C:\Program Files\CCleaner
2007-09-21 17:30 <REP> d-------- C:\Program Files\ASUS
2007-09-21 17:27 <REP> d-------- C:\Program Files\MSXML 4.0
2007-09-21 17:20 <REP> d-------- C:\Users\Gaet\AppData\Roaming\Apple Computer
2007-09-21 17:20 <REP> d-------- C:\Program Files\Skype
2007-09-21 17:20 <REP> d-------- C:\Program Files\Common Files\Skype
2007-09-21 17:19 <REP> d-------- C:\Users\All Users\Skype
2007-09-21 17:19 <REP> d-------- C:\ProgramData\Skype
2007-09-21 17:17 <REP> d-------- C:\Program Files\QuickTime
2007-09-21 17:16 <REP> d-------- C:\Users\All Users\Apple Computer
2007-09-21 17:16 <REP> d-------- C:\ProgramData\Apple Computer
2007-09-21 17:15 <REP> d-------- C:\Windows\PCHEALTH
2007-09-21 17:15 <REP> d-------- C:\Program Files\MSN Messenger
2007-09-21 17:13 <REP> d-------- C:\Program Files\VideoLAN
2007-09-21 17:13 <REP> d-------- C:\Program Files\Teamspeak2_RC2
2007-09-21 17:11 0 --a------ C:\Windows\nsreg.dat
2007-09-21 17:11 <REP> d-------- C:\Users\Gaet\AppData\Roaming\Talkback
2007-09-21 17:03 <REP> d-------- C:\Program Files\Alcohol Soft
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-03 00:50 65120 --ahs---- C:\Windows\system32\drivers\fidbox.idx
2007-09-21 18:26 802816 --a------ C:\Windows\system32\drivers\tcpip.sys
2007-09-21 18:05 --------- d-------- C:\Program Files\MSBuild
2007-09-21 16:42 174 --ahs---- C:\Program Files\desktop.ini
2007-09-21 16:39 --------- d-------- C:\Program Files\Windows Mail
2007-09-21 16:39 --------- d-------- C:\Program Files\Windows Defender
2007-09-21 16:39 --------- d-------- C:\Program Files\Windows Calendar
2007-09-21 16:35 8192 --a------ C:\Windows\System32\riched32.dll
2007-09-21 16:35 77824 --a------ C:\Windows\System32\rascfg.dll
2007-09-21 16:35 70144 --a------ C:\Windows\system32\drivers\pacer.sys
2007-09-21 16:35 694784 --a------ C:\Windows\System32\localspl.dll
2007-09-21 16:35 61952 --a------ C:\Windows\system32\drivers\wanarp.sys
2007-09-21 16:35 52736 --a------ C:\Windows\System32\rasdiag.dll
2007-09-21 16:35 48640 --a------ C:\Windows\system32\drivers\ndproxy.sys
2007-09-21 16:35 384000 --a------ C:\Windows\System32\netcfgx.dll
2007-09-21 16:35 33280 --a------ C:\Windows\System32\traffic.dll
2007-09-21 16:35 32768 --a------ C:\Windows\System32\rasmxs.dll
2007-09-21 16:35 286208 --a------ C:\Windows\System32\ipnathlp.dll
2007-09-21 16:35 22016 --a------ C:\Windows\System32\rasser.dll
2007-09-21 16:35 20480 --a------ C:\Windows\system32\drivers\ndistapi.sys
2007-09-21 16:35 15360 --a------ C:\Windows\System32\pacerprf.dll
2007-09-21 16:35 13824 --a------ C:\Windows\System32\wshqos.dll
2007-09-21 16:35 13824 --a------ C:\Windows\System32\icsunattend.exe
2007-09-21 16:35 134656 --a------ C:\Windows\System32\dps.dll
2007-09-21 16:31 86016 --a------ C:\Windows\System32\icfupgd.dll
2007-09-21 16:31 63488 --a------ C:\Windows\system32\drivers\mpsdrv.sys
2007-09-21 16:31 61952 --a------ C:\Windows\System32\cmifw.dll
2007-09-21 16:31 414208 --a------ C:\Windows\System32\msscp.dll
2007-09-21 16:31 396800 --a------ C:\Windows\System32\MPSSVC.dll
2007-09-21 16:31 392192 --a------ C:\Windows\System32\FirewallAPI.dll
2007-09-21 16:31 374456 --a------ C:\Windows\System32\mcupdate_GenuineIntel.dll
2007-09-21 16:31 23040 --a------ C:\Windows\system32\drivers\tunnel.sys
2007-09-21 16:31 178688 --a------ C:\Windows\System32\iphlpsvc.dll
2007-09-21 16:31 16896 --a------ C:\Windows\System32\wfapigp.dll
2007-09-21 16:31 15360 --a------ C:\Windows\system32\drivers\TUNMP.SYS
2007-09-21 16:28 537600 --a------ C:\Windows\AppPatch\AcLayers.dll
2007-09-21 16:28 449536 --a------ C:\Windows\AppPatch\AcSpecfc.dll
2007-09-21 16:28 2144256 --a------ C:\Windows\AppPatch\AcGenral.dll
2007-09-21 16:28 173056 --a------ C:\Windows\AppPatch\AcXtrnal.dll
2007-09-21 16:26 88576 --a------ C:\Windows\System32\avifil32.dll
2007-09-21 16:26 82944 --a------ C:\Windows\System32\mciavi32.dll
2007-09-21 16:26 8138240 --a------ C:\Windows\System32\ssBranded.scr
2007-09-21 16:26 712192 --a------ C:\Windows\System32\WindowsCodecs.dll
2007-09-21 16:26 704000 --a------ C:\Windows\System32\PhotoScreensaver.scr
2007-09-21 16:26 69632 --a------ C:\Windows\System32\sendmail.dll
2007-09-21 16:26 65024 --a------ C:\Windows\System32\avicap32.dll
2007-09-21 16:26 61440 --a------ C:\Windows\System32\ntprint.exe
2007-09-21 16:26 3504824 --a------ C:\Windows\System32\ntkrnlpa.exe
2007-09-21 16:26 3470008 --a------ C:\Windows\System32\ntoskrnl.exe
2007-09-21 16:26 31232 --a------ C:\Windows\System32\msvidc32.dll
2007-09-21 16:26 269824 --a------ C:\Windows\System32\schannel.dll
2007-09-21 16:26 220160 --a------ C:\Windows\System32\ntprint.dll
2007-09-21 16:26 1984512 --a------ C:\Windows\System32\authui.dll
2007-09-21 16:26 12800 --a------ C:\Windows\System32\msrle32.dll
2007-09-21 16:26 123904 --a------ C:\Windows\System32\msvfw32.dll
2007-09-21 16:26 120320 --a------ C:\Windows\System32\dhcpcsvc6.dll
2007-09-21 16:26 10240 --a------ C:\Windows\System32\dhcpcmonitor.dll
2007-09-21 16:25 56320 --a------ C:\Windows\System32\iesetup.dll
2007-09-21 16:25 52736 --a------ C:\Windows\AppPatch\iebrshim.dll
2007-09-21 16:25 26624 --a------ C:\Windows\System32\ieUnatt.exe
2007-09-21 16:06 --------- d--hs---l C:\ProgramData\Favoris
2007-09-21 16:06 --------- d--hs---l C:\ProgramData\Bureau
2007-09-21 16:06 --------- d--hs---l C:\Program Files\Fichiers communs
2007-09-11 22:28 86016 --a------ C:\Windows\System32\nvsvc.dll
2007-09-11 22:28 8497696 --a------ C:\Windows\System32\nvcpl.dll
2007-09-11 22:28 81920 --a------ C:\Windows\System32\nvmctray.dll
2007-09-11 22:28 7623968 --a------ C:\Windows\system32\drivers\nvlddmkm.sys
2007-09-11 22:28 753664 --a------ C:\Windows\System32\nvcplui.exe
2007-09-11 22:28 6942720 --a------ C:\Windows\System32\nvoglv32.dll
2007-09-11 22:28 6344704 --a------ C:\Windows\System32\nvdisps.dll
2007-09-11 22:28 5509120 --a------ C:\Windows\System32\nvdispsr.dll
2007-09-11 22:28 4988928 --a------ C:\Windows\System32\nvd3dum.dll
2007-09-11 22:28 458752 --a------ C:\Windows\System32\nvmccssr.dll
2007-09-11 22:28 45056 --a------ C:\Windows\System32\nvmccsrs.dll
2007-09-11 22:28 36864 --a------ C:\Windows\System32\nvcod100.dll
2007-09-11 22:28 36864 --a------ C:\Windows\System32\nvcod.dll
2007-09-11 22:28 364544 --a------ C:\Windows\System32\nvapi.dll
2007-09-11 22:28 3629056 --a------ C:\Windows\System32\nvvitvsr.dll
2007-09-11 22:28 356352 --a------ C:\Windows\System32\nvudisp.exe
2007-09-11 22:28 3551232 --a------ C:\Windows\System32\nvvitvs.dll
2007-09-11 22:28 3334144 --a------ C:\Windows\System32\nvgames.dll
2007-09-11 22:28 3166208 --a------ C:\Windows\System32\nvgamesr.dll
2007-09-11 22:28 307200 --a------ C:\Windows\System32\nvexpbar.dll
2007-09-11 22:28 2854912 --a------ C:\Windows\System32\nvmoblsr.dll
2007-09-11 22:28 2441216 --a------ C:\Windows\System32\nvwssr.dll
2007-09-11 22:28 2371584 --a------ C:\Windows\System32\nvwss.dll
2007-09-11 22:28 229376 --a------ C:\Windows\System32\nvmccs.dll
2007-09-11 22:28 188416 --a------ C:\Windows\System32\nvmccss.dll
2007-09-11 22:28 1521664 --a------ C:\Windows\System32\nvwgf2um.dll
2007-09-11 22:28 147456 --a------ C:\Windows\System32\nvcolor.exe
2007-09-11 22:28 1150976 --a------ C:\Windows\System32\nvmobls.dll
2007-09-11 22:28 1073152 --a------ C:\Windows\System32\nvcpluir.dll
2007-08-21 02:26 81920 --a------ C:\Windows\System32\dpl100.dll
2007-08-21 02:26 196608 --a------ C:\Windows\System32\dtu100.dll
2007-08-16 00:33 524288 --a------ C:\Windows\System32\DivXsm.exe
2007-08-16 00:33 3596288 --a------ C:\Windows\System32\qt-dx331.dll
2007-08-16 00:33 200704 --a------ C:\Windows\System32\ssldivx.dll
2007-08-16 00:33 1044480 --a------ C:\Windows\System32\libdivx.dll
2007-08-16 00:31 593920 --a------ C:\Windows\System32\dpuGUI11.dll
2007-08-16 00:31 57344 --a------ C:\Windows\System32\dpv11.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-21 16:33]
"MSConfig"="C:\Windows\System32\msconfig.exe" [2006-11-02 11:45]
"CTHelper"="CTHELPER.EXE" [2007-02-12 19:47 C:\Windows\System32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-02-12 19:47 C:\Windows\System32\Ctxfihlp.exe]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-26 16:53]
"NeroFilterCheck"="C:\Windows\system32\NeroCheck.exe" [2001-07-09 11:50]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DevconDefaultDB"=C:\Windows\system32\READREG /PSCONV={NO} /FAIL=1
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~2\KASPER~1.0\r3hook.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\Windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lancement rapide d'Adobe Reader.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lancement rapide d'Adobe Reader.lnk
backup=C:\Windows\pss\Lancement rapide d'Adobe Reader.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
CTXFIHLP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvMediaCenter"=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
"NvCplDaemon"=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
"NvSvc"=RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
R0 CLFS;Common Log (CLFS);C:\Windows\system32\CLFS.sys
R0 crcdisk;Crcdisk Filter Driver;C:\Windows\system32\drivers\crcdisk.sys
R0 Ecache;ReadyBoost Caching Driver;C:\Windows\system32\drivers\ecache.sys
R0 FileInfo;File Information FS MiniFilter;C:\Windows\system32\drivers\fileinfo.sys
R0 msisadrv;Pilote de classe ISA/EISA;C:\Windows\system32\drivers\msisadrv.sys
R0 spldr;Security Processor Loader Driver;C:\Windows\system32\drivers\spldr.sys
R0 volmgr;Pilote du Gestionnaire de volume;C:\Windows\system32\drivers\volmgr.sys
R0 volmgrx;Dynamic Volume Manager;C:\Windows\system32\drivers\volmgrx.sys
R1 DfsC;Dfs Client Driver;C:\Windows\system32\Drivers\dfsc.sys
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys
R1 nsiproxy;NSI proxy service;C:\Windows\system32\drivers\nsiproxy.sys
R1 RDPENCDD;RDP Encoder Mirror Driver;C:\Windows\system32\drivers\rdpencdd.sys
R1 Smb;Protocoles TCP/IP et TCP/IPv6 orienté messages (session SMB);C:\Windows\system32\DRIVERS\smb.sys
R1 tdx;Pilote de prise en charge TDI héritée NetIO;C:\Windows\system32\DRIVERS\tdx.sys
R1 Wanarpv6;Remote Access IPv6 ARP Driver;C:\Windows\system32\DRIVERS\wanarp.sys
R2 AeLookupSvc;Expérience d’application;C:\Windows\system32\svchost.exe -k netsvcs
R2 AudioEndpointBuilder;Générateur de points de terminaison du service Audio Windows;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
R2 BFE;Moteur de filtrage de base;C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
R2 DPS;Service de stratégie de diagnostic;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
R2 FDResPub;Publication des ressources de découverte de fonctions;C:\Windows\system32\svchost.exe -k LocalService
R2 gpsvc;Client de stratégie de groupe;C:\Windows\system32\svchost.exe -k netsvcs
R2 IKEEXT;Modules de génération de clés IKE et AuthIP;C:\Windows\system32\svchost.exe -k netsvcs
R2 iphlpsvc;Assistance IP;C:\Windows\System32\svchost.exe -k NetSvcs
R2 KtmRm;Service KtmRm pour Distributed Transaction Coordinator;C:\Windows\System32\svchost.exe -k NetworkService
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;C:\Windows\system32\DRIVERS\lltdio.sys
R2 luafv;UAC File Virtualization;C:\Windows\system32\drivers\luafv.sys
R2 MMCSS;Planificateur de classes multimédias;C:\Windows\system32\svchost.exe -k netsvcs
R2 MpsSvc;Pare-feu Windows;C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
R2 netprofm;Service Liste des réseaux;C:\Windows\System32\svchost.exe -k LocalService
R2 NlaSvc;Connaissance des emplacements réseau;C:\Windows\System32\svchost.exe -k NetworkService
R2 nsi;Service Interface du magasin réseau;C:\Windows\system32\svchost.exe -k LocalService
R2 PcaSvc;Service de l’Assistant Compatibilité des programmes;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
R2 PEAUTH;PEAUTH;C:\Windows\system32\drivers\peauth.sys
R2 ProfSvc;Service de profil utilisateur;C:\Windows\system32\svchost.exe -k netsvcs
R2 SysMain;Superfetch;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
R2 TabletInputService;Service Panneau de saisie Tablet PC;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
R2 tcpipreg;TCP/IP Registry Compatibility;C:\Windows\system32\drivers\tcpipreg.sys
R2 UxSms;Gestionnaire de sessions du Gestionnaire de fenêtrage;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
R2 WerSvc;Service de rapport d'erreurs Windows;C:\Windows\System32\svchost.exe -k WerSvcGroup
R2 WPDBusEnum;Service Énumérateur d’appareil mobile;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
R3 Appinfo;Informations d'application;C:\Windows\system32\svchost.exe -k netsvcs
R3 bowser;Bowser;C:\Windows\system32\DRIVERS\bowser.sys
R3 DXGKrnl;LDDM Graphics Subsystem;C:\Windows\system32\drivers\dxgkrnl.sys
R3 iScsiPrt;Pilote iScsiPort;C:\Windows\system32\DRIVERS\msiscsi.sys
R3 monitor;Service Pilote de fonction de classe Moniteur Microsoft;C:\Windows\system32\DRIVERS\monitor.sys
R3 mpsdrv;Pilote d’autorisation du Pare-feu Windows;C:\Windows\system32\drivers\mpsdrv.sys
R3 mrxsmb10;SMB 1.x MiniRedirector;C:\Windows\system32\DRIVERS\mrxsmb10.sys
R3 mrxsmb20;SMB 2.0 MiniRedirector;C:\Windows\system32\DRIVERS\mrxsmb20.sys
R3 nvlddmkm;nvlddmkm;C:\Windows\system32\DRIVERS\nvlddmkm.sys
R3 RTL8169;Pilote Realtek 8169 NT;C:\Windows\system32\DRIVERS\Rtlh86.sys
R3 srv2;srv2;C:\Windows\system32\DRIVERS\srv2.sys
R3 srvnet;srvnet;C:\Windows\system32\DRIVERS\srvnet.sys
R3 tunnel;Pilote de carte miniport Microsoft IPv6 Tunnel;C:\Windows\system32\DRIVERS\tunnel.sys
R3 umbus;Pilote d’énumérateur UMBus;C:\Windows\system32\DRIVERS\umbus.sys
R3 WdiSystemHost;Hôte système de diagnostics;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
S2 EMDMgmt;Service ReadyBoost;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
S2 slsvc;Licence du logiciel;C:\Windows\system32\SLsvc.exe
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;C:\Windows\system32\drivers\brfiltlo.sys
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;C:\Windows\system32\drivers\brfiltup.sys
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\Windows\system32\drivers\brusbser.sys
S3 CertPropSvc;Propagation du certificat;C:\Windows\system32\svchost.exe -k netsvcs
S3 DFSR;Réplication DFS;C:\Windows\system32\DFSR.exe
S3 dot3svc;Configuration automatique de réseau câblé;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 E1G60;Intel(R) PRO/1000 NDIS 6 Adapter Driver;C:\Windows\system32\DRIVERS\E1G60I32.sys
S3 EapHost;Protocole EAP (Extensible Authentication Protocol);C:\Windows\System32\svchost.exe -k netsvcs
S3 fdPHost;Hôte du fournisseur de découverte de fonctions;C:\Windows\system32\svchost.exe -k LocalService
S3 Filetrace;FileTrace;C:\Windows\system32\drivers\filetrace.sys
S3 hkmsvc;Gestion des clés et des certificats d'intégrité;C:\Windows\System32\svchost.exe -k netsvcs
S3 IPBusEnum;Énumérateur de bus IP PnP-X;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 KeyIso;Isolation de clé CNG;C:\Windows\system32\lsass.exe
S3 lltdsvc;Mappage de découverte de topologie de la couche de liaison;C:\Windows\System32\svchost.exe -k LocalService
S3 MSiSCSI;Service Initiateur iSCSI de Microsoft;C:\Windows\system32\svchost.exe -k netsvcs
S3 MsRPC;MsRPC;C:\Windows\system32\drivers\MsRPC.sys
S3 napagent;Agent de protection d’accès réseau;C:\Windows\System32\svchost.exe -k NetworkService
S3 NativeWifiP;NativeWiFi Filter;C:\Windows\system32\DRIVERS\nwifi.sys
S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
S3 p2psvc;Groupement de mise en réseau de pairs;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
S3 pla;Journaux & alertes de performance;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
S3 PNRPAutoReg;Service de publication des noms d’ordinateurs PNRP;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
S3 PNRPsvc;Protocole de résolution de noms d'homologues;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
S3 QWAVE;Expérience audio-vidéo haute qualité Windows;C:\Windows\system32\svchost.exe -k LocalService
S3 QWAVEdrv;Pilote QWAVE;C:\Windows\system32\drivers\qwavedrv.sys
S3 SCPolicySvc;Stratégie de retrait de la carte à puce;C:\Windows\system32\svchost.exe -k netsvcs
S3 SDRSVC;Sauvegarde Windows;C:\Windows\system32\svchost.exe -k SDRSVC
S3 SessionEnv;Configuration des services Terminal Server;C:\Windows\System32\svchost.exe -k netsvcs
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;C:\Windows\system32\drivers\sffp_mmc.sys
S3 SLUINotify;Service de notification de l’interface utilisateur SL;C:\Windows\system32\svchost.exe -k LocalService
S3 TBS;Services de base de module de plateforme sécurisée;C:\Windows\System32\svchost.exe -k LocalService
S3 THREADORDER;Serveur de priorités des threads;C:\Windows\system32\svchost.exe -k LocalService
S3 TrustedInstaller;Programme d’installation de modules Windows;C:\Windows\servicing\TrustedInstaller.exe
S3 tssecsrv;Terminal Services Security Filter Driver;C:\Windows\system32\DRIVERS\tssecsrv.sys
S3 UI0Detect;Détection de services interactifs;C:\Windows\system32\UI0Detect.exe
S3 uliagpkx;Uli AGP Bus Filter;C:\Windows\system32\drivers\uliagpkx.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\Windows\system32\DRIVERS\USBSTOR.SYS
S3 vga;vga;C:\Windows\system32\DRIVERS\vgapnp.sys
S3 wcncsvc;Windows Connect Now - Registre de configuration;C:\Windows\System32\svchost.exe -k LocalService
S3 WcsPlugInService;Système de couleurs Windows;C:\Windows\system32\svchost.exe -k wcssvc
S3 WdiServiceHost;Service hôte WDIServiceHost;C:\Windows\System32\svchost.exe -k wdisvc
S3 Wecsvc;Collecteur d'événements de Windows;C:\Windows\system32\svchost.exe -k NetworkService
S3 wercplsupport;Prise en charge de l’application Rapports et solutions aux problèmes du Panneau de configuration;C:\Windows\System32\svchost.exe -k netsvcs
S3 WinHttpAutoProxySvc;Service de découverte automatique de Proxy Web pour les services HTTP Windows;C:\Windows\system32\svchost.exe -k LocalService
S3 WinRM;Gestion à distance de Windows (Gestion WSM);C:\Windows\System32\svchost.exe -k NetworkService
S3 Wlansvc;Service de configuration automatique WLAN;C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 WPCSvc;Contrôle parental;C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
S4 adp94xx;adp94xx;C:\Windows\system32\drivers\adp94xx.sys
S4 adpahci;adpahci;C:\Windows\system32\drivers\adpahci.sys
S4 amdide;amdide;C:\Windows\system32\drivers\amdide.sys
S4 arc;arc;C:\Windows\system32\drivers\arc.sys
S4 arcsas;arcsas;C:\Windows\system32\drivers\arcsas.sys
S4 Brserid;Brother MFC Serial Port Interface Driver (WDM);C:\Windows\system32\drivers\brserid.sys
S4 BrSerWdm;Brother WDM Serial driver;C:\Windows\system32\drivers\brserwdm.sys
S4 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\Windows\system32\drivers\brusbmdm.sys
S4 circlass;Consumer IR Devices;C:\Windows\system32\drivers\circlass.sys
S4 Crusoe;Transmeta Crusoe Processor Driver;C:\Windows\system32\drivers\crusoe.sys
S4 elxstor;elxstor;C:\Windows\system32\drivers\elxstor.sys
S4 HpCISSs;HpCISSs;C:\Windows\system32\drivers\hpcisss.sys
S4 iaStorV;Intel RAID Controller Vista;C:\Windows\system32\drivers\iastorv.sys
S4 iirsp;iirsp;C:\Windows\system32\drivers\iirsp.sys
S4 IPMIDRV;IPMIDRV;C:\Windows\system32\drivers\ipmidrv.sys
S4 iteraid;ITERAID_Service_Install;C:\Windows\system32\drivers\iteraid.sys
S4 LSI_FC;LSI_FC;C:\Windows\system32\drivers\lsi_fc.sys
S4 LSI_SAS;LSI_SAS;C:\Windows\system32\drivers\lsi_sas.sys
S4 LSI_SCSI;LSI_SCSI;C:\Windows\system32\drivers\lsi_scsi.sys
S4 megasas;megasas;C:\Windows\system32\drivers\megasas.sys
S4 mpio;Microsoft Multi-Path Bus Driver;C:\Windows\system32\drivers\mpio.sys
S4 msahci;msahci;C:\Windows\system32\drivers\msahci.sys
S4 msdsm;Microsoft Multi-Path Device Specific Module;C:\Windows\system32\drivers\msdsm.sys
S4 nfrd960;nfrd960;C:\Windows\system32\drivers\nfrd960.sys
S4 ntrigdigi;N-trig HID Tablet Driver;C:\Windows\system32\drivers\ntrigdigi.sys
S4 nvstor;nvstor;C:\Windows\system32\drivers\nvstor.sys
S4 ql2300;QLogic Fibre Channel Miniport Driver;C:\Windows\system32\drivers\ql2300.sys
S4 ql40xx;QLogic iSCSI Miniport Driver;C:\Windows\system32\drivers\ql40xx.sys
S4 SiSRaid2;SiSRaid2;C:\Windows\system32\drivers\sisraid2.sys
S4 SiSRaid4;SiSRaid4;C:\Windows\system32\drivers\sisraid4.sys
S4 uliahci;uliahci;C:\Windows\system32\drivers\uliahci.sys
S4 ulsata2;ulsata2;C:\Windows\system32\drivers\ulsata2.sys
S4 usbcir;eHome Infrared Receiver (USBCIR);C:\Windows\system32\drivers\usbcir.sys
S4 ViaC7;VIA C7 Processor Driver;C:\Windows\system32\drivers\viac7.sys
S4 vsmraid;vsmraid;C:\Windows\system32\drivers\vsmraid.sys
S4 WacomPen;Wacom Serial Pen HID Driver;C:\Windows\system32\drivers\wacompen.sys
S4 Wd;Microsoft Watchdog Timer Driver;C:\Windows\system32\drivers\wd.sys
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
NetworkServiceNetworkRestricted PolicyAgent
LocalServiceNoNetwork PLA DPS BFE mpssvc
NetworkService CryptSvc DHCP TermService KtmRm DNSCache NapAgent nlasvc WinRM WECSVC Tapisrv
WerSvcGroup wersvc
swprv swprv
LocalServiceNetworkRestricted DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc WPCSvc PnrpAutoReg
regsvc RemoteRegistry
wcssvc WcsPlugInService
DcomLaunch PlugPlay DcomLaunch
wdisvc WdiServiceHost
sdrsvc sdrsvc
secsvcs WinDefend
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
wercplsupport
Themes
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
ProfSvc
EapHost
winmgmt
schedule
SessionEnv
browser
hkmsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a50111dd-6853-11dc-84d8-001a9250005f}]
AutoRun\command- G:\Autorun.exe
*Newly Created Service* - CATCHME
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-04 22:17:26
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwEnumerateKey, ZwQueryKey, ZwOpenKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile, ZwQueryDirectoryFile, ZwQuerySystemInformation
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-04 22:18:34
C:\ComboFix2.txt ... 2007-10-04 20:50
.
--- E O F ---
Voici le piti ![:)]( ":)")
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:19, on 2007-10-06
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ASUS\AASP\1.00.33\aaCenter.exe
C:\Windows\system32\conime.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Gaet\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /PSCONV={NO} /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /PSCONV={NO} /FAIL=1 (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~2\KASPER~1.0\r3hook.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
--
End of file - 4182 bytes
++
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:19, on 2007-10-06
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ASUS\AASP\1.00.33\aaCenter.exe
C:\Windows\system32\conime.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Gaet\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /PSCONV={NO} /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /PSCONV={NO} /FAIL=1 (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~2\KASPER~1.0\r3hook.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
--
End of file - 4182 bytes
++
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumVirus net-worm.win32.kido.ih autorun recycle
- solutionsWin32 autorun tmp
- ForumVirus win32 autorun-bfs
- ForumVirus win32 autorun-ayy wrm
- ForumVirus win32 vb-bqd
- ForumWin32 autorun
- ForumVirus win32 autorun-hd
- ForumSupprimer win32 autorun tmp
- ForumVirus win32 sdbot-3267 et win32 sdbot-gen44
- ForumVirus win32 horst-n trj
- Voir plus
