"your privacy is in danger"
Dernière réponse : dans Sécurité
Bonjour à tous, pour commencer merci à vous tous pour l'aider que vous apportez au débutant sans défense ![:)]( ":)")
J'ai remarqué que ce problème affectait beaucoup d'internaute. Et aucun des topic déja aborder à ce sujet n'ont pu m'aider, voici ce qu'il y avait :
Au départ un fond d'écran bleu avec "spyware infection bla bla..." et une fenêtre de XP antivirus 2008 qui s'ouvrait tout le temps.
Je suis débutant mais pas débile pour autant alors j'ai utiliser Ccleaner, Adware, kaspersky, j'ai ensuite effectué une réparation du windows.
Tout tourne normalement à l'exception de ce fond d'écran rouge "your privacy is in danger" qui est un lien faire un site internet. Par ailleur, impossible de faire les modification sur le bureau. Clique droit/proprieté il n'y a plus que l'onglet général avec l'URL introuvable du wallpaper.
J'ai remarqué qu'il fallait un rapport, j'en ai sorti un avec Hijackthis et le voici donc :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:02:20, on 06.08.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Wroblevski\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: bgrqfetx - {04B2B073-361D-420E-B5A5-78C4B926E39A} - C:\WINDOWS\bgrqfetx.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O21 - SSODL: tfnslopk - {0EAED4DD-FCD3-4BAC-9CA8-211625371A34} - C:\WINDOWS\tfnslopk.dll
O21 - SSODL: xokvrpwg - {1F894B93-1EB9-4A46-BB65-5C49DE717783} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 5943 bytes
merci à vous![:)]( ":)")
J'ai remarqué que ce problème affectait beaucoup d'internaute. Et aucun des topic déja aborder à ce sujet n'ont pu m'aider, voici ce qu'il y avait :
Au départ un fond d'écran bleu avec "spyware infection bla bla..." et une fenêtre de XP antivirus 2008 qui s'ouvrait tout le temps.
Je suis débutant mais pas débile pour autant alors j'ai utiliser Ccleaner, Adware, kaspersky, j'ai ensuite effectué une réparation du windows.
Tout tourne normalement à l'exception de ce fond d'écran rouge "your privacy is in danger" qui est un lien faire un site internet. Par ailleur, impossible de faire les modification sur le bureau. Clique droit/proprieté il n'y a plus que l'onglet général avec l'URL introuvable du wallpaper.
J'ai remarqué qu'il fallait un rapport, j'en ai sorti un avec Hijackthis et le voici donc :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:02:20, on 06.08.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Wroblevski\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: bgrqfetx - {04B2B073-361D-420E-B5A5-78C4B926E39A} - C:\WINDOWS\bgrqfetx.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O21 - SSODL: tfnslopk - {0EAED4DD-FCD3-4BAC-9CA8-211625371A34} - C:\WINDOWS\tfnslopk.dll
O21 - SSODL: xokvrpwg - {1F894B93-1EB9-4A46-BB65-5C49DE717783} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 5943 bytes
merci à vous
Autres pages sur : your privacy danger
Lassé par la pub ? Créez un compte
et voici le rapport avec SmitFraudFix
SmitFraudFix v2.333
Rapport fait à 14:13:52.96, 06.08.2008
Executé à partir de C:\Documents and Settings\Wroblevski\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Wroblevski
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Wroblevski\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\WROBLE~1\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///C:\\WINDOWS\\privacy_danger\\index.htm"
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
[!] Suspicious: bgrqfetx.dll
Toolbar: bgrqfetx - {04B2B073-361D-420E-B5A5-78C4B926E39A}
TypeLib: {EA91BBFE-28A8-4EC4-9D26-2EDC083D8A2F}
Interface: {E6783AEA-8858-4163-A13F-80B6C2A8F3C0}
Classe: bgrqfetx.bdqa
Classe: bgrqfetx.ToolBar.1
[!] Suspicious: tfnslopk.dll
SSODL: tfnslopk - {0EAED4DD-FCD3-4BAC-9CA8-211625371A34}
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\KASPER~1\\KASPER~1\\mzvkbd.dll,C:\\PROGRA~1\\KASPER~1\\KASPER~1\\adialhk.dll,C:\\PROGRA~1\\KASPER~1\\KASPER~1\\kloehk.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Broadcom 440x 10/100 Integrated Controller - Miniport d'ordonnancement de paquets
DNS Server Search Order: 80.83.47.198
DNS Server Search Order: 80.83.47.11
DNS Server Search Order: 80.83.47.157
DNS Server Search Order: 80.83.47.10
HKLM\SYSTEM\CCS\Services\Tcpip\..\{AF08F250-6E3D-41AC-BB2D-AB14A8214F01}: DhcpNameServer=80.83.47.198 80.83.47.11 80.83.47.157 80.83.47.10
HKLM\SYSTEM\CS1\Services\Tcpip\..\{AF08F250-6E3D-41AC-BB2D-AB14A8214F01}: DhcpNameServer=80.83.47.198 80.83.47.11 80.83.47.157 80.83.47.10
HKLM\SYSTEM\CS2\Services\Tcpip\..\{AF08F250-6E3D-41AC-BB2D-AB14A8214F01}: DhcpNameServer=80.83.47.198 80.83.47.11 80.83.47.157 80.83.47.10
HKLM\SYSTEM\CS3\Services\Tcpip\..\{AF08F250-6E3D-41AC-BB2D-AB14A8214F01}: DhcpNameServer=80.83.47.198 80.83.47.11 80.83.47.157 80.83.47.10
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=80.83.47.198 80.83.47.11 80.83.47.157 80.83.47.10
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=80.83.47.198 80.83.47.11 80.83.47.157 80.83.47.10
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=80.83.47.198 80.83.47.11 80.83.47.157 80.83.47.10
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=80.83.47.198 80.83.47.11 80.83.47.157 80.83.47.10
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
ps : un autre symptôme est apparu, une fenêtre internet s'ouvre avec à nouveau ce Xp antivirus 2008![:(]( ":(")
SmitFraudFix v2.333
Rapport fait à 14:13:52.96, 06.08.2008
Executé à partir de C:\Documents and Settings\Wroblevski\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Wroblevski
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Wroblevski\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\WROBLE~1\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///C:\\WINDOWS\\privacy_danger\\index.htm"
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
[!] Suspicious: bgrqfetx.dll
Toolbar: bgrqfetx - {04B2B073-361D-420E-B5A5-78C4B926E39A}
TypeLib: {EA91BBFE-28A8-4EC4-9D26-2EDC083D8A2F}
Interface: {E6783AEA-8858-4163-A13F-80B6C2A8F3C0}
Classe: bgrqfetx.bdqa
Classe: bgrqfetx.ToolBar.1
[!] Suspicious: tfnslopk.dll
SSODL: tfnslopk - {0EAED4DD-FCD3-4BAC-9CA8-211625371A34}
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\KASPER~1\\KASPER~1\\mzvkbd.dll,C:\\PROGRA~1\\KASPER~1\\KASPER~1\\adialhk.dll,C:\\PROGRA~1\\KASPER~1\\KASPER~1\\kloehk.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Broadcom 440x 10/100 Integrated Controller - Miniport d'ordonnancement de paquets
DNS Server Search Order: 80.83.47.198
DNS Server Search Order: 80.83.47.11
DNS Server Search Order: 80.83.47.157
DNS Server Search Order: 80.83.47.10
HKLM\SYSTEM\CCS\Services\Tcpip\..\{AF08F250-6E3D-41AC-BB2D-AB14A8214F01}: DhcpNameServer=80.83.47.198 80.83.47.11 80.83.47.157 80.83.47.10
HKLM\SYSTEM\CS1\Services\Tcpip\..\{AF08F250-6E3D-41AC-BB2D-AB14A8214F01}: DhcpNameServer=80.83.47.198 80.83.47.11 80.83.47.157 80.83.47.10
HKLM\SYSTEM\CS2\Services\Tcpip\..\{AF08F250-6E3D-41AC-BB2D-AB14A8214F01}: DhcpNameServer=80.83.47.198 80.83.47.11 80.83.47.157 80.83.47.10
HKLM\SYSTEM\CS3\Services\Tcpip\..\{AF08F250-6E3D-41AC-BB2D-AB14A8214F01}: DhcpNameServer=80.83.47.198 80.83.47.11 80.83.47.157 80.83.47.10
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=80.83.47.198 80.83.47.11 80.83.47.157 80.83.47.10
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=80.83.47.198 80.83.47.11 80.83.47.157 80.83.47.10
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=80.83.47.198 80.83.47.11 80.83.47.157 80.83.47.10
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=80.83.47.198 80.83.47.11 80.83.47.157 80.83.47.10
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
ps : un autre symptôme est apparu, une fenêtre internet s'ouvre avec à nouveau ce Xp antivirus 2008
Bonjour,Redémarre en mode sans échec
Lance SmitfraudFix.exe et choisis cette fois l'Option 2 et réponds oui à la ou les questions.
Sauvegarde le rapport sur ton Bureau.
Redémarre normalement.
Poste le rapport généré par SmitfraudFix ainsi qu’un nouveau hijackthis.
***
Télécharge Deckard's System Scanner (DSS) (ou DSS) sur ton Bureau.
NB : Tu dois être connecté avec des droits d'Administrateur.
Attention, il est conseillé de stopper temporairement les logiciels résidents de protection (pare-feu, antivirus, etc.)
Attention, si tu tardes trop, la réponse Abandon sera automatiquement validée
main.txt <- ouvert en premier plan et en plein écran
extra.txt <- ouvert en second plan et en fenêtré (regarde la barre des taches)
S'il s'agit d'une utilisation supplémentaire de DSS :
main.txt <- ouvert en premier plan et en plein écran
Ce que fait DSS :
voici le rapport smitfraudfix.exe en mode sans echec :
SmitFraudFix v2.333
Rapport fait à 14:54:48.03, 06.08.2008
Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Broadcom 440x 10/100 Integrated Controller - Miniport d'ordonnancement de paquets
DNS Server Search Order: 80.83.47.198
DNS Server Search Order: 80.83.47.11
DNS Server Search Order: 80.83.47.157
DNS Server Search Order: 80.83.47.10
HKLM\SYSTEM\CCS\Services\Tcpip\..\{AF08F250-6E3D-41AC-BB2D-AB14A8214F01}: DhcpNameServer=80.83.47.198 80.83.47.11 80.83.47.157 80.83.47.10
HKLM\SYSTEM\CS1\Services\Tcpip\..\{AF08F250-6E3D-41AC-BB2D-AB14A8214F01}: DhcpNameServer=80.83.47.198 80.83.47.11 80.83.47.157 80.83.47.10
HKLM\SYSTEM\CS2\Services\Tcpip\..\{AF08F250-6E3D-41AC-BB2D-AB14A8214F01}: DhcpNameServer=80.83.47.198 80.83.47.11 80.83.47.157 80.83.47.10
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=80.83.47.198 80.83.47.11 80.83.47.157 80.83.47.10
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=80.83.47.198 80.83.47.11 80.83.47.157 80.83.47.10
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=80.83.47.198 80.83.47.11 80.83.47.157 80.83.47.10
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Et celui de hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:59:44, on 06.08.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Wroblevski\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O21 - SSODL: xokvrpwg - {1F894B93-1EB9-4A46-BB65-5C49DE717783} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 5745 bytes
je commence a délécharger Deckard's system scanner
merci encore
SmitFraudFix v2.333
Rapport fait à 14:54:48.03, 06.08.2008
Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Broadcom 440x 10/100 Integrated Controller - Miniport d'ordonnancement de paquets
DNS Server Search Order: 80.83.47.198
DNS Server Search Order: 80.83.47.11
DNS Server Search Order: 80.83.47.157
DNS Server Search Order: 80.83.47.10
HKLM\SYSTEM\CCS\Services\Tcpip\..\{AF08F250-6E3D-41AC-BB2D-AB14A8214F01}: DhcpNameServer=80.83.47.198 80.83.47.11 80.83.47.157 80.83.47.10
HKLM\SYSTEM\CS1\Services\Tcpip\..\{AF08F250-6E3D-41AC-BB2D-AB14A8214F01}: DhcpNameServer=80.83.47.198 80.83.47.11 80.83.47.157 80.83.47.10
HKLM\SYSTEM\CS2\Services\Tcpip\..\{AF08F250-6E3D-41AC-BB2D-AB14A8214F01}: DhcpNameServer=80.83.47.198 80.83.47.11 80.83.47.157 80.83.47.10
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=80.83.47.198 80.83.47.11 80.83.47.157 80.83.47.10
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=80.83.47.198 80.83.47.11 80.83.47.157 80.83.47.10
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=80.83.47.198 80.83.47.11 80.83.47.157 80.83.47.10
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Et celui de hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:59:44, on 06.08.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Wroblevski\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O21 - SSODL: xokvrpwg - {1F894B93-1EB9-4A46-BB65-5C49DE717783} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 5745 bytes
je commence a délécharger Deckard's system scanner
merci encore
Voici le main.txt
Deckard's System Scanner v20071014.68
Run by Wroblevski on 2008-08-06 15:03:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 2 Restore Point(s) --
2: 2008-08-06 13:03:39 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2008-08-06 11:36:36 UTC - RP1 - Point de vérification système
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Wroblevski.exe) ------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:04:41, on 06.08.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Wroblevski\Bureau\dss.exe
C:\DOCUME~1\WROBLE~1\Bureau\Wroblevski.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O21 - SSODL: xokvrpwg - {1F894B93-1EB9-4A46-BB65-5C49DE717783} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 5657 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R3 cmuda3 (C-Media PCI Audio Interface) - c:\windows\system32\drivers\cmudax3.sys <Not Verified; C-Media Inc; C-Media Audio Driver (WDM)>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
S3 iPod Service (Service de l'iPod) - "c:\program files\ipod\bin\ipodservice.exe" (file missing)
S3 WLSetupSvc (Windows Live Setup Service) - "c:\program files\windows live\installer\wlsetupsvc.exe" <Not Verified; Microsoft Corporation; Windows Live installer>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Contrôleur audio multimédia
Device ID: PCI\VEN_8086&DEV_266E&SUBSYS_01991028&REV_03\3&172E68DD&0&F2
Manufacturer:
Name: Contrôleur audio multimédia
PNP Device ID: PCI\VEN_8086&DEV_266E&SUBSYS_01991028&REV_03\3&172E68DD&0&F2
Service:
-- Scheduled Tasks -------------------------------------------------------------
2008-08-04 22:00:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2008-07-06 and 2008-08-06 -----------------------------
2008-08-06 15:00:57 0 d--h----- C:\WINDOWS\$hf_mig$
2008-08-06 14:58:22 0 d-------- C:\WINDOWS\LastGood
2008-08-06 14:13:57 2166 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-06 14:13:24 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-08-06 14:13:23 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-08-06 14:13:23 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-08-06 14:13:23 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-08-06 14:13:23 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-08-06 14:13:23 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-08-06 14:13:23 82944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-08-06 14:13:23 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-08-06 14:00:27 0 d-------- C:\Documents and Settings\Wroblevski\SmitfraudFix <SMITFR~1>
2008-08-06 13:38:31 0 d-------- C:\WINDOWS\pss
2008-08-06 13:34:01 0 d-------- C:\WINDOWS\Prefetch
2008-08-06 12:24:01 96559 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-08-06 12:24:01 87855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-08-06 12:23:30 213024 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-06 12:23:30 1017888 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-06 12:23:30 0 d-------- C:\Program Files\Kaspersky Lab
2008-08-06 12:23:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-06 12:22:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-06 11:57:27 0 dr-h----- C:\Documents and Settings\Wroblevski\Recent
2008-08-06 10:33:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-06 10:19:41 0 d-------- C:\Program Files\RogueRemover FREE
2008-08-06 10:18:11 0 d-------- C:\Program Files\microsoft frontpage
2008-08-06 10:15:19 0 d-------- C:\Documents and Settings\Administrateur\Application Data\rhc9shj0e99l
2008-08-06 10:13:58 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-08-06 10:13:58 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-08-06 10:13:58 0 dr-h----- C:\Documents and Settings\Administrateur\SendTo
2008-08-06 10:13:58 0 d--h----- C:\Documents and Settings\Administrateur\Recent
2008-08-06 10:13:58 524288 --ah----- C:\Documents and Settings\Administrateur\NTUSER.DAT
2008-08-06 10:13:58 0 d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-08-06 10:13:58 0 d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-08-06 10:13:58 0 dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-08-06 10:13:58 0 d--h----- C:\Documents and Settings\Administrateur\Local Settings
2008-08-06 10:13:58 0 d-------- C:\Documents and Settings\Administrateur\Favoris
2008-08-06 10:13:58 0 d---s---- C:\Documents and Settings\Administrateur\Cookies
2008-08-06 10:13:58 0 d-------- C:\Documents and Settings\Administrateur\Bureau
2008-08-06 10:13:58 0 dr-h----- C:\Documents and Settings\Administrateur\Application Data
2008-08-06 10:13:58 0 d---s---- C:\Documents and Settings\Administrateur\Application Data\Microsoft
2008-08-06 10:10:22 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-06 10:10:19 0 d-------- C:\Documents and Settings\Wroblevski\Application Data\Mozilla
2008-08-06 09:50:29 0 d-------- C:\Program Files\CCleaner
2008-08-06 01:21:54 94208 --a------ C:\WINDOWS\system32\pphccshj0e99l.exe
2008-08-06 01:21:54 0 d-------- C:\Documents and Settings\Wroblevski\Application Data\rhc9shj0e99l
2008-08-06 01:21:28 60928 --a------ C:\WINDOWS\system32\blphccshj0e99l.scr <Not Verified; Sysinternals; Sysinternals Blue Screen>
2008-08-06 01:18:58 86016 --a------ C:\WINDOWS\lnvegaow.exe
2008-08-06 01:18:58 139264 --a------ C:\WINDOWS\evoq.exe
2008-08-05 22:35:12 0 d-------- C:\Documents and Settings\Wroblevski\Application Data\CyberLink
2008-08-05 22:34:42 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-08-05 22:34:33 0 d-------- C:\Program Files\Fichiers communs\CyberLink
2008-08-05 22:33:55 0 d-------- C:\Program Files\CyberLink
2008-08-05 22:33:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Temp
2008-08-05 22:05:06 0 d-------- C:\Documents and Settings\Wroblevski\Application Data\dvdcss
2008-08-04 17:29:03 0 d-------- C:\Documents and Settings\Wroblevski\Application Data\Apple Computer
2008-08-04 17:28:46 0 d-------- C:\Program Files\iTunes
2008-08-04 17:28:10 0 d-------- C:\Program Files\QuickTime
2008-08-04 17:28:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-04 17:27:58 0 d-------- C:\Program Files\Apple Software Update
2008-08-04 17:27:52 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-08-04 17:27:38 0 d-------- C:\Program Files\Fichiers communs\Apple
2008-08-04 17:27:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-08-04 13:39:58 139264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-08-04 13:39:58 524288 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-08-04 13:39:58 413760 --a------ C:\WINDOWS\system32\mpg4c32.dll <Not Verified; Microsoft Corporation; Microsoft MPEG-4 Video Codec>
2008-08-04 13:39:58 261632 --a------ C:\WINDOWS\system32\mcdvd_32.dll <Not Verified; MainConcept; MainConcept DV Codec "2.0.4>
2008-08-04 13:39:58 638976 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivXNetworks, Inc.; DivX Video for Windows Codec>
2008-08-04 13:39:58 0 d-------- C:\Program Files\AVSMedia
2008-08-04 13:36:44 0 d-------- C:\Downloads
2008-08-04 13:31:29 0 d-------- C:\Documents and Settings\Wroblevski\Application Data\AVS4YOU
2008-08-04 13:31:26 0 d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-08-04 13:30:44 0 d-------- C:\Program Files\Fichiers communs\AVSMedia
2008-08-04 13:30:24 0 d-------- C:\Program Files\AVS4YOU
2008-08-04 13:29:07 0 d-------- C:\Program Files\FlashGet
2008-08-04 13:21:30 0 d-------- C:\Documents and Settings\Wroblevski\Application Data\vlc
2008-08-04 13:21:14 0 d-------- C:\Documents and Settings\Wroblevski\Application Data\Media Player Classic
2008-08-04 13:18:16 0 d-------- C:\Program Files\VideoLAN
2008-08-04 12:02:40 0 d--hs--c- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-08-04 12:02:31 0 d-------- C:\Program Files\Windows Live
2008-08-04 12:02:22 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-03 23:31:28 32768 --a------ C:\WINDOWS\system32\CMUdaProp3.dll <Not Verified; C-Media Corporation; CMI8738/CMI9738/CMI9739 Audio Device>
2008-08-03 23:31:28 262144 --a------ C:\WINDOWS\system32\CMRMDRV3.exe <Not Verified; C-Media Corporation; CmiRemoveDriver Application>
2008-08-03 23:31:28 28672 --a------ C:\WINDOWS\system32\CMRMDRV3.dll
2008-08-03 23:31:28 917504 --a------ C:\WINDOWS\system\CMDS3D3.dll <Not Verified; C-Media Electronics Inc.; C-Media Cmids3d>
2008-08-03 23:31:28 712704 --a------ C:\WINDOWS\system\AUDIO3D3.dll <Not Verified; Sensaura Ltd; Sensaura>
2008-08-03 23:31:28 712704 --a------ C:\WINDOWS\system\a3d.dll <Not Verified; Sensaura Ltd; Sensaura>
2008-08-03 23:30:36 274432 --a------ C:\WINDOWS\CmiPCIUninstall.exe <Not Verified; C-Media Corporation; CmiUSBUninstall Application>
2008-08-03 23:30:26 1405632 --a------ C:\WINDOWS\system32\drivers\cmudax3.sys <Not Verified; C-Media Inc; C-Media Audio Driver (WDM)>
2008-08-03 23:30:25 36864 --a------ C:\WINDOWS\system32\cmudax3.DLL <Not Verified; C-Media Electronics Ins.; C-Media PCI Audio>
2008-08-03 23:30:25 0 d-------- C:\Program Files\C-Media PCI Audio
2008-08-03 23:28:45 0 d-------- C:\Program Files\QuickZip4
2008-08-03 23:11:48 0 d-------- C:\Program Files\ma-config.com
2008-08-03 23:11:48 0 d-------- C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-08-03 22:52:22 0 d-------- C:\Documents and Settings\All Users\Application Data\media center programs
2008-08-03 20:55:42 0 d--hs---- C:\WINDOWS\Installer
2008-08-03 20:55:41 0 d-------- C:\Program Files\Fichiers communs\ODBC
2008-08-03 20:55:38 0 dr------- C:\Program Files
2008-08-03 20:55:38 0 d-------- C:\Program Files\Fichiers communs
2008-08-03 20:55:38 0 d-------- C:\Program Files\Fichiers communs\SpeechEngines
2008-08-03 20:55:14 0 d--h----- C:\Documents and Settings\Default User\Voisinage réseau
2008-08-03 20:55:14 0 d--h----- C:\Documents and Settings\Default User\Voisinage d'impression
2008-08-03 20:55:14 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-08-03 20:55:14 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-08-03 20:55:14 0 d--h----- C:\Documents and Settings\Default User\Modèles
2008-08-03 20:55:14 0 d-------- C:\Documents and Settings\Default User\Mes documents
2008-08-03 20:55:14 0 dr------- C:\Documents and Settings\Default User\Menu Démarrer
2008-08-03 20:55:14 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-08-03 20:55:14 0 d-------- C:\Documents and Settings\Default User\Favoris
2008-08-03 20:55:14 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-08-03 20:55:14 0 d-------- C:\Documents and Settings\Default User\Bureau
2008-08-03 20:55:14 0 d--h----- C:\Documents and Settings\All Users\Modèles
2008-08-03 20:55:14 0 dr------- C:\Documents and Settings\All Users\Menu Démarrer
2008-08-03 20:55:14 0 d-------- C:\Documents and Settings\All Users\Favoris
2008-08-03 20:55:14 0 dr------- C:\Documents and Settings\All Users\Documents
2008-08-03 20:55:14 0 d-------- C:\Documents and Settings\All Users\Bureau
2008-08-03 20:55:01 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-08-03 20:55:01 0 d-------- C:\WINDOWS\system32\CatRoot
2008-08-03 20:54:55 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-08-03 20:54:55 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-08-03 20:54:55 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-08-03 20:54:55 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-08-03 20:54:32 0 d-------- C:\Documents and Settings
2008-08-03 20:54:31 0 d--hs---- C:\System Volume Information
2008-08-03 20:48:33 0 d-------- C:\WINDOWS
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\WinSxS
2008-08-03 20:48:33 0 dr------- C:\WINDOWS\Web
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\twain_32
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\wins
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\wbem
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\usmt
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\spool
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\ShellExt
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\Setup
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\ras
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\oobe
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\npp
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\mui
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\inetsrv
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\IME
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\icsxml
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\ias
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\export
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\drivers
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-08-03 20:48:33 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\dhcp
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\config
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\3076
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\2052
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\1054
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\1042
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\1041
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\1037
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\1036
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\1033
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\1031
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\1028
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\1025
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\security
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\Resources
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\repair
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\Provisioning
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\PeerNet
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\pchealth
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\mui
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\msapps
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\msagent
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\Media
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\java
2008-08-03 20:48:33 0 d--h----- C:\WINDOWS\inf
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\ime
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\Help
2008-08-03 20:48:33 0 dr--s---- C:\WINDOWS\Fonts
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\Driver Cache
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\Debug
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\Cursors
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\Connection Wizard
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\Config
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\AppPatch
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\addins
2008-08-03 19:56:25 0 d-------- C:\Program Files\Alwil Software
2008-08-03 19:53:43 0 d-------- C:\Program Files\Funcom
2008-08-03 19:52:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Funcom
2008-08-03 19:40:08 0 d-------- C:\WINDOWS\system32\fr-fr
2008-08-03 19:40:07 0 d-------- C:\WINDOWS\system32\fr
2008-08-03 19:40:07 0 d-------- C:\WINDOWS\system32\bits
2008-08-03 19:40:07 0 d-------- C:\WINDOWS\l2schemas
2008-08-03 19:39:09 0 d-------- C:\WINDOWS\ServicePackFiles
2008-08-03 19:37:37 0 d-------- C:\WINDOWS\network diagnostic
2008-08-03 19:36:32 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-08-03 19:34:57 0 d-------- C:\WINDOWS\EHome
2008-08-03 19:30:25 0 d-------- C:\WINDOWS\nview
2008-08-03 19:30:00 0 d-------- C:\NVIDIA
2008-08-03 19:25:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-08-03 19:25:12 0 d-------- C:\WINDOWS\system32\PreInstall
2008-08-03 19:23:41 0 d-------- C:\Documents and Settings\Wroblevski\Application Data\Adobe
2008-08-03 19:23:32 0 d-------- C:\Documents and Settings\Wroblevski\Application Data\Macromedia
2008-08-03 19:22:43 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-08-03 19:22:41 0 d---s---- C:\Documents and Settings\Wroblevski\UserData
2008-08-03 19:21:55 0 d-------- C:\Program Files\Broadcom
2008-08-03 19:21:45 0 d-------- C:\WINDOWS\Downloaded Installations
2008-08-03 19:21:45 0 d-------- C:\Program Files\Fichiers communs\InstallShield
2008-08-03 19:21:35 0 d-------- C:\dell
2008-08-03 19:11:26 0 d-------- C:\Documents and Settings\Wroblevski\Application Data\Identities
2008-08-03 19:11:17 0 d--h----- C:\Documents and Settings\Wroblevski\Voisinage réseau
2008-08-03 19:11:17 0 d--h----- C:\Documents and Settings\Wroblevski\Voisinage d'impression
2008-08-03 19:11:17 0 dr-h----- C:\Documents and Settings\Wroblevski\SendTo
2008-08-03 19:11:17 1572864 --ah----- C:\Documents and Settings\Wroblevski\NTUSER.DAT
2008-08-03 19:11:17 0 d--h----- C:\Documents and Settings\Wroblevski\Modèles
2008-08-03 19:11:17 0 dr------- C:\Documents and Settings\Wroblevski\Mes documents
2008-08-03 19:11:17 0 dr------- C:\Documents and Settings\Wroblevski\Menu Démarrer
2008-08-03 19:11:17 0 d--h----- C:\Documents and Settings\Wroblevski\Local Settings
2008-08-03 19:11:17 0 dr------- C:\Documents and Settings\Wroblevski\Favoris
2008-08-03 19:11:17 0 d---s---- C:\Documents and Settings\Wroblevski\Cookies
2008-08-03 19:11:17 0 d-------- C:\Documents and Settings\Wroblevski\Bureau
2008-08-03 19:11:17 0 dr-h----- C:\Documents and Settings\Wroblevski\Application Data
2008-08-03 19:09:06 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-08-03 19:09:05 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-08-03 19:09:04 229376 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-08-03 19:09:04 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-08-03 19:09:04 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-08-03 19:09:04 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-08-03 19:09:04 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-08-03 19:08:39 229376 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-08-03 19:08:39 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-08-03 19:08:39 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-08-03 19:08:39 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-08-03 19:08:39 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-08-03 19:06:22 0 d-------- C:\WINDOWS\system32\xircom
2008-08-03 19:06:20 262144 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-08-03 19:06:03 0 -rahs---- C:\MSDOS.SYS
2008-08-03 19:06:03 0 -rahs---- C:\IO.SYS
2008-08-03 19:06:03 0 --a------ C:\CONFIG.SYS
2008-08-03 19:06:03 0 --a------ C:\AUTOEXEC.BAT
2008-08-03 19:05:13 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-08-03 19:05:05 0 dr------- C:\WINDOWS\Offline Web Pages
2008-08-03 19:05:05 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-08-03 19:04:55 0 d--h----- C:\Program Files\WindowsUpdate
2008-08-03 19:04:52 0 d-------- C:\Program Files\Services en ligne
2008-08-03 19:04:37 0 d-------- C:\WINDOWS\system32\DirectX
2008-08-03 19:04:08 0 d---s---- C:\WINDOWS\Tasks
2008-08-03 19:04:08 0 d-------- C:\Program Files\Fichiers communs\MSSoap
2008-08-03 19:04:02 0 d-------- C:\WINDOWS\srchasst
2008-08-03 19:04:01 0 d-------- C:\WINDOWS\system32\Macromed
2008-08-03 19:03:51 0 d-------- C:\Program Files\Movie Maker
2008-08-03 19:03:40 0 d-------- C:\WINDOWS\system32\Restore
2008-08-03 19:03:05 23032 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-08-03 19:02:50 0 d-------- C:\WINDOWS\Registration
2008-08-03 19:02:18 0 d-------- C:\Program Files\Messenger
2008-08-03 19:02:15 0 d-------- C:\Program Files\MSN Gaming Zone
2008-08-03 19:01:42 0 d-------- C:\Program Files\Windows NT
2008-08-03 19:01:39 0 d-------- C:\WINDOWS\system32\MsDtc
2008-08-03 19:01:38 0 d-------- C:\WINDOWS\system32\Com
-- Find3M Report ---------------------------------------------------------------
2008-08-06 13:36:19 367658 --a------ C:\WINDOWS\system32\perfh00C.dat
2008-08-06 13:36:19 48616 --a------ C:\WINDOWS\system32\perfc00C.dat
2008-08-04 13:21:17 1097 --a------ C:\Documents and Settings\Wroblevski\Application Data\QuickZip45.ini
2008-08-03 20:55:14 62 --ahs---- C:\Documents and Settings\Wroblevski\Application Data\desktop.ini
2008-08-03 19:37:26 252240 -rahs---- C:\ntldr
2008-05-16 14:01:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-16 14:01:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-16 14:01:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-16 14:01:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-16 14:01:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-16 14:01:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-16 14:01:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-16 14:01:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
06.08.2008 12:29 62728 --a------ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [16.05.2008 14:01]
"nwiz"="nwiz.exe" [16.05.2008 14:01 C:\WINDOWS\system32\nwiz.exe]
"CmPCIaudio"="CMICNFG3.cpl" []
"Flashget"="C:\Program Files\FlashGet\FlashGet.exe" [25.09.2007 10:10]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [22.07.2008 20:42]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [27.05.2008 10:50]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30.07.2008 10:47]
"RemoteControl8"="C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" [20.03.2008 20:23]
"PDVD8LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" [14.12.2007 11:36]
"BDRegion"="C:\Program Files\Cyberlink\Shared Files\brs.exe" [27.06.2008 16:50]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [16.05.2008 14:01]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [25.04.2008 18:21]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [14.04.2008 04:34]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [07.07.2008 09:42]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
*Newly Created Service* - BITS
-- End of Deckard's System Scanner: finished at 2008-08-06 15:06:05 ------------
et ici le extra.txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Édition familiale (build 2600) SP 2.0
Architecture: X86; Language: French
CPU 0: Intel(R) Pentium(R) 4 CPU 3.00GHz
Percentage of Memory in Use: 27%
Physical Memory (total/avail): 1534.08 MiB / 1107.85 MiB
Pagefile Memory (total/avail): 3430.63 MiB / 3172.13 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1914.93 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 149 GiB total, 119.17 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - WDC WD1600JD-75HBB0 - 149.01 GiB - 1 partition
\PARTITION0 (bootable) - Système de fichiers installable - 149 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FirstRunDisabled is set.
FW: Kaspersky Internet Security v8.0.0.357 (Kaspersky Lab)
AV: Kaspersky Internet Security v8.0.0.357 (Kaspersky Lab)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\ma-config.com\\maconfservice.exe"="C:\\Program Files\\ma-config.com\\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\english\\setup.exe"="C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\english\\setup.exe:*:Enabled:Kaspersky Internet Security 2009 Setup"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Wroblevski\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Fichiers communs
COMPUTERNAME=ADONIS
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Wroblevski
LOGONSERVER=\\ADONIS
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\WROBLE~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\WROBLE~1\LOCALS~1\Temp
USERDOMAIN=ADONIS
USERNAME=Wroblevski
USERPROFILE=C:\Documents and Settings\Wroblevski
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Wroblevski (admin)
Administrateur (admin)
-- Add/Remove Programs ---------------------------------------------------------
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Age of Conan : Hyborian Adventures --> "C:\Program Files\Funcom\Age of Conan\unins000.exe"
Apple Mobile Device Support --> MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
AVS Video Converter 4.3.1.371 --> "C:\Program Files\AVSMedia\VideoConverter4\unins000.exe"
AVS Video Converter 6 --> "C:\Program Files\AVS4YOU\AVSVideoConverter6\unins000.exe"
AVS4YOU Software Navigator 1.2 --> "C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
Broadcom 440x 10/100 Integrated Controller --> C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{52504CE6-E909-4113-B232-4AFEC6543A61} /l1036
C-Media PCI Audio --> C:\WINDOWS\CmiPCIUninstall.exe C:\Program Files\C-Media PCI Audio#C-Media PCI Audio#C-Media PCI Audio#
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CyberLink PowerDVD 8 --> "C:\Program Files\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\Setup.exe" /z-uninstall
CyberLink PowerDVD 8 --> "C:\Program Files\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\Setup.exe" /z-uninstall
FlashGet 1.9.6.1073 --> C:\Program Files\FlashGet\uninst.exe
HijackThis 2.0.2 --> "C:\Documents and Settings\Wroblevski\Bureau\HijackThis.exe" /uninstall
iTunes --> MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
Kaspersky Internet Security 2009 --> MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
Kaspersky Internet Security 2009 --> MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
Ma-Config.com --> MsiExec.exe /X{CFF24C43-9C46-4044-9C54-A4D98A3A25FB}
Malwarebytes' RogueRemover --> "C:\Program Files\RogueRemover FREE\unins000.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Quick Zip 4.60.019 --> "C:\Program Files\QuickZip4\unins000.exe"
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
VideoLAN VLC media player 0.8.6i --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live installer --> MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
-- Application Event Log -------------------------------------------------------
Event Record #/Type150 / Warning
Event Submitted/Written: 08/06/2008 01:28:49 PM
Event ID/Source: 4353 / EventSystem
Event Description:
Le système d'événements de COM+ a tenté de déclencher l'événement EventObjectChange::ChangedSubscription mais a reçu un code d'erreur. HRESULT : 80040201.
Event Record #/Type149 / Warning
Event Submitted/Written: 08/06/2008 01:28:49 PM
Event ID/Source: 4356 / EventSystem
Event Description:
Le système d'événements de COM+ n'a pas pu créer d'instance de l'abonné partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}. CoGetObject a renvoyé HRESULT 80070422.
Event Record #/Type148 / Warning
Event Submitted/Written: 08/06/2008 01:28:48 PM
Event ID/Source: 4353 / EventSystem
Event Description:
Le système d'événements de COM+ a tenté de déclencher l'événement EventObjectChange::ChangedSubscription mais a reçu un code d'erreur. HRESULT : 80040201.
Event Record #/Type147 / Warning
Event Submitted/Written: 08/06/2008 01:28:48 PM
Event ID/Source: 4356 / EventSystem
Event Description:
Le système d'événements de COM+ n'a pas pu créer d'instance de l'abonné partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}. CoGetObject a renvoyé HRESULT 80070422.
Event Record #/Type142 / Warning
Event Submitted/Written: 08/06/2008 01:26:34 PM
Event ID/Source: 63 / WinMgmt
Event Description:
Un fournisseur, HiPerfCooker_v1, a été enregistré dans l'espace de noms WMI, Root\WMI, afin d'utiliser le compte LocalSystem. Ce compte bénéficie de privilèges et le fournisseur peut provoquer une violation de sécurité s'il ne représente pas correctement les demandes utilisateur.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type1116 / Error
Event Submitted/Written: 08/06/2008 03:00:41 PM
Event ID/Source: 16391 / BITS
Event Description:
Le format de la liste de travaux BITS n'est pas reconnu. La liste a peut-être été créée par une autre version de BITS. La liste de travaux a été effacée.
Event Record #/Type1094 / Error
Event Submitted/Written: 08/06/2008 02:56:19 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM a reçu l'erreur "%%1084" lors de la mise en route du service EventSystem avec les arguments ""
pour démarrer le serveur :
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Event Record #/Type1091 / Error
Event Submitted/Written: 08/06/2008 02:55:07 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger :
Fips
intelppm
kl1
klbg
KLIF
Event Record #/Type1090 / Error
Event Submitted/Written: 08/06/2008 02:53:50 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM a reçu l'erreur "%%1084" lors de la mise en route du service EventSystem avec les arguments ""
pour démarrer le serveur :
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Event Record #/Type1066 / Error
Event Submitted/Written: 08/06/2008 02:50:16 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM a reçu l'erreur "%%1084" lors de la mise en route du service EventSystem avec les arguments ""
pour démarrer le serveur :
{1BE1F766-5536-11D1-B726-00C04FB926AF}
-- End of Deckard's System Scanner: finished at 2008-08-06 15:06:05 ------------
![:)]( ":)")
Deckard's System Scanner v20071014.68
Run by Wroblevski on 2008-08-06 15:03:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 2 Restore Point(s) --
2: 2008-08-06 13:03:39 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2008-08-06 11:36:36 UTC - RP1 - Point de vérification système
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Wroblevski.exe) ------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:04:41, on 06.08.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Wroblevski\Bureau\dss.exe
C:\DOCUME~1\WROBLE~1\Bureau\Wroblevski.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O21 - SSODL: xokvrpwg - {1F894B93-1EB9-4A46-BB65-5C49DE717783} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 5657 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R3 cmuda3 (C-Media PCI Audio Interface) - c:\windows\system32\drivers\cmudax3.sys <Not Verified; C-Media Inc; C-Media Audio Driver (WDM)>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
S3 iPod Service (Service de l'iPod) - "c:\program files\ipod\bin\ipodservice.exe" (file missing)
S3 WLSetupSvc (Windows Live Setup Service) - "c:\program files\windows live\installer\wlsetupsvc.exe" <Not Verified; Microsoft Corporation; Windows Live installer>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Contrôleur audio multimédia
Device ID: PCI\VEN_8086&DEV_266E&SUBSYS_01991028&REV_03\3&172E68DD&0&F2
Manufacturer:
Name: Contrôleur audio multimédia
PNP Device ID: PCI\VEN_8086&DEV_266E&SUBSYS_01991028&REV_03\3&172E68DD&0&F2
Service:
-- Scheduled Tasks -------------------------------------------------------------
2008-08-04 22:00:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2008-07-06 and 2008-08-06 -----------------------------
2008-08-06 15:00:57 0 d--h----- C:\WINDOWS\$hf_mig$
2008-08-06 14:58:22 0 d-------- C:\WINDOWS\LastGood
2008-08-06 14:13:57 2166 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-06 14:13:24 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-08-06 14:13:23 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-08-06 14:13:23 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-08-06 14:13:23 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-08-06 14:13:23 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-08-06 14:13:23 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-08-06 14:13:23 82944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-08-06 14:13:23 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-08-06 14:00:27 0 d-------- C:\Documents and Settings\Wroblevski\SmitfraudFix <SMITFR~1>
2008-08-06 13:38:31 0 d-------- C:\WINDOWS\pss
2008-08-06 13:34:01 0 d-------- C:\WINDOWS\Prefetch
2008-08-06 12:24:01 96559 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-08-06 12:24:01 87855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-08-06 12:23:30 213024 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-06 12:23:30 1017888 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-06 12:23:30 0 d-------- C:\Program Files\Kaspersky Lab
2008-08-06 12:23:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-06 12:22:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-06 11:57:27 0 dr-h----- C:\Documents and Settings\Wroblevski\Recent
2008-08-06 10:33:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-06 10:19:41 0 d-------- C:\Program Files\RogueRemover FREE
2008-08-06 10:18:11 0 d-------- C:\Program Files\microsoft frontpage
2008-08-06 10:15:19 0 d-------- C:\Documents and Settings\Administrateur\Application Data\rhc9shj0e99l
2008-08-06 10:13:58 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-08-06 10:13:58 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-08-06 10:13:58 0 dr-h----- C:\Documents and Settings\Administrateur\SendTo
2008-08-06 10:13:58 0 d--h----- C:\Documents and Settings\Administrateur\Recent
2008-08-06 10:13:58 524288 --ah----- C:\Documents and Settings\Administrateur\NTUSER.DAT
2008-08-06 10:13:58 0 d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-08-06 10:13:58 0 d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-08-06 10:13:58 0 dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-08-06 10:13:58 0 d--h----- C:\Documents and Settings\Administrateur\Local Settings
2008-08-06 10:13:58 0 d-------- C:\Documents and Settings\Administrateur\Favoris
2008-08-06 10:13:58 0 d---s---- C:\Documents and Settings\Administrateur\Cookies
2008-08-06 10:13:58 0 d-------- C:\Documents and Settings\Administrateur\Bureau
2008-08-06 10:13:58 0 dr-h----- C:\Documents and Settings\Administrateur\Application Data
2008-08-06 10:13:58 0 d---s---- C:\Documents and Settings\Administrateur\Application Data\Microsoft
2008-08-06 10:10:22 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-06 10:10:19 0 d-------- C:\Documents and Settings\Wroblevski\Application Data\Mozilla
2008-08-06 09:50:29 0 d-------- C:\Program Files\CCleaner
2008-08-06 01:21:54 94208 --a------ C:\WINDOWS\system32\pphccshj0e99l.exe
2008-08-06 01:21:54 0 d-------- C:\Documents and Settings\Wroblevski\Application Data\rhc9shj0e99l
2008-08-06 01:21:28 60928 --a------ C:\WINDOWS\system32\blphccshj0e99l.scr <Not Verified; Sysinternals; Sysinternals Blue Screen>
2008-08-06 01:18:58 86016 --a------ C:\WINDOWS\lnvegaow.exe
2008-08-06 01:18:58 139264 --a------ C:\WINDOWS\evoq.exe
2008-08-05 22:35:12 0 d-------- C:\Documents and Settings\Wroblevski\Application Data\CyberLink
2008-08-05 22:34:42 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-08-05 22:34:33 0 d-------- C:\Program Files\Fichiers communs\CyberLink
2008-08-05 22:33:55 0 d-------- C:\Program Files\CyberLink
2008-08-05 22:33:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Temp
2008-08-05 22:05:06 0 d-------- C:\Documents and Settings\Wroblevski\Application Data\dvdcss
2008-08-04 17:29:03 0 d-------- C:\Documents and Settings\Wroblevski\Application Data\Apple Computer
2008-08-04 17:28:46 0 d-------- C:\Program Files\iTunes
2008-08-04 17:28:10 0 d-------- C:\Program Files\QuickTime
2008-08-04 17:28:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-04 17:27:58 0 d-------- C:\Program Files\Apple Software Update
2008-08-04 17:27:52 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-08-04 17:27:38 0 d-------- C:\Program Files\Fichiers communs\Apple
2008-08-04 17:27:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-08-04 13:39:58 139264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-08-04 13:39:58 524288 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-08-04 13:39:58 413760 --a------ C:\WINDOWS\system32\mpg4c32.dll <Not Verified; Microsoft Corporation; Microsoft MPEG-4 Video Codec>
2008-08-04 13:39:58 261632 --a------ C:\WINDOWS\system32\mcdvd_32.dll <Not Verified; MainConcept; MainConcept DV Codec "2.0.4>
2008-08-04 13:39:58 638976 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivXNetworks, Inc.; DivX Video for Windows Codec>
2008-08-04 13:39:58 0 d-------- C:\Program Files\AVSMedia
2008-08-04 13:36:44 0 d-------- C:\Downloads
2008-08-04 13:31:29 0 d-------- C:\Documents and Settings\Wroblevski\Application Data\AVS4YOU
2008-08-04 13:31:26 0 d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-08-04 13:30:44 0 d-------- C:\Program Files\Fichiers communs\AVSMedia
2008-08-04 13:30:24 0 d-------- C:\Program Files\AVS4YOU
2008-08-04 13:29:07 0 d-------- C:\Program Files\FlashGet
2008-08-04 13:21:30 0 d-------- C:\Documents and Settings\Wroblevski\Application Data\vlc
2008-08-04 13:21:14 0 d-------- C:\Documents and Settings\Wroblevski\Application Data\Media Player Classic
2008-08-04 13:18:16 0 d-------- C:\Program Files\VideoLAN
2008-08-04 12:02:40 0 d--hs--c- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-08-04 12:02:31 0 d-------- C:\Program Files\Windows Live
2008-08-04 12:02:22 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-03 23:31:28 32768 --a------ C:\WINDOWS\system32\CMUdaProp3.dll <Not Verified; C-Media Corporation; CMI8738/CMI9738/CMI9739 Audio Device>
2008-08-03 23:31:28 262144 --a------ C:\WINDOWS\system32\CMRMDRV3.exe <Not Verified; C-Media Corporation; CmiRemoveDriver Application>
2008-08-03 23:31:28 28672 --a------ C:\WINDOWS\system32\CMRMDRV3.dll
2008-08-03 23:31:28 917504 --a------ C:\WINDOWS\system\CMDS3D3.dll <Not Verified; C-Media Electronics Inc.; C-Media Cmids3d>
2008-08-03 23:31:28 712704 --a------ C:\WINDOWS\system\AUDIO3D3.dll <Not Verified; Sensaura Ltd; Sensaura>
2008-08-03 23:31:28 712704 --a------ C:\WINDOWS\system\a3d.dll <Not Verified; Sensaura Ltd; Sensaura>
2008-08-03 23:30:36 274432 --a------ C:\WINDOWS\CmiPCIUninstall.exe <Not Verified; C-Media Corporation; CmiUSBUninstall Application>
2008-08-03 23:30:26 1405632 --a------ C:\WINDOWS\system32\drivers\cmudax3.sys <Not Verified; C-Media Inc; C-Media Audio Driver (WDM)>
2008-08-03 23:30:25 36864 --a------ C:\WINDOWS\system32\cmudax3.DLL <Not Verified; C-Media Electronics Ins.; C-Media PCI Audio>
2008-08-03 23:30:25 0 d-------- C:\Program Files\C-Media PCI Audio
2008-08-03 23:28:45 0 d-------- C:\Program Files\QuickZip4
2008-08-03 23:11:48 0 d-------- C:\Program Files\ma-config.com
2008-08-03 23:11:48 0 d-------- C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-08-03 22:52:22 0 d-------- C:\Documents and Settings\All Users\Application Data\media center programs
2008-08-03 20:55:42 0 d--hs---- C:\WINDOWS\Installer
2008-08-03 20:55:41 0 d-------- C:\Program Files\Fichiers communs\ODBC
2008-08-03 20:55:38 0 dr------- C:\Program Files
2008-08-03 20:55:38 0 d-------- C:\Program Files\Fichiers communs
2008-08-03 20:55:38 0 d-------- C:\Program Files\Fichiers communs\SpeechEngines
2008-08-03 20:55:14 0 d--h----- C:\Documents and Settings\Default User\Voisinage réseau
2008-08-03 20:55:14 0 d--h----- C:\Documents and Settings\Default User\Voisinage d'impression
2008-08-03 20:55:14 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-08-03 20:55:14 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-08-03 20:55:14 0 d--h----- C:\Documents and Settings\Default User\Modèles
2008-08-03 20:55:14 0 d-------- C:\Documents and Settings\Default User\Mes documents
2008-08-03 20:55:14 0 dr------- C:\Documents and Settings\Default User\Menu Démarrer
2008-08-03 20:55:14 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-08-03 20:55:14 0 d-------- C:\Documents and Settings\Default User\Favoris
2008-08-03 20:55:14 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-08-03 20:55:14 0 d-------- C:\Documents and Settings\Default User\Bureau
2008-08-03 20:55:14 0 d--h----- C:\Documents and Settings\All Users\Modèles
2008-08-03 20:55:14 0 dr------- C:\Documents and Settings\All Users\Menu Démarrer
2008-08-03 20:55:14 0 d-------- C:\Documents and Settings\All Users\Favoris
2008-08-03 20:55:14 0 dr------- C:\Documents and Settings\All Users\Documents
2008-08-03 20:55:14 0 d-------- C:\Documents and Settings\All Users\Bureau
2008-08-03 20:55:01 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-08-03 20:55:01 0 d-------- C:\WINDOWS\system32\CatRoot
2008-08-03 20:54:55 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-08-03 20:54:55 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-08-03 20:54:55 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-08-03 20:54:55 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-08-03 20:54:32 0 d-------- C:\Documents and Settings
2008-08-03 20:54:31 0 d--hs---- C:\System Volume Information
2008-08-03 20:48:33 0 d-------- C:\WINDOWS
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\WinSxS
2008-08-03 20:48:33 0 dr------- C:\WINDOWS\Web
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\twain_32
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\wins
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\wbem
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\usmt
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\spool
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\ShellExt
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\Setup
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\ras
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\oobe
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\npp
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\mui
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\inetsrv
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\IME
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\icsxml
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\ias
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\export
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\drivers
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-08-03 20:48:33 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\dhcp
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\config
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\3076
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\2052
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\1054
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\1042
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\1041
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\1037
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\1036
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\1033
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\1031
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\1028
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\1025
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\security
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\Resources
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\repair
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\Provisioning
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\PeerNet
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\pchealth
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\mui
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\msapps
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\msagent
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\Media
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\java
2008-08-03 20:48:33 0 d--h----- C:\WINDOWS\inf
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\ime
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\Help
2008-08-03 20:48:33 0 dr--s---- C:\WINDOWS\Fonts
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\Driver Cache
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\Debug
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\Cursors
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\Connection Wizard
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\Config
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\AppPatch
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\addins
2008-08-03 19:56:25 0 d-------- C:\Program Files\Alwil Software
2008-08-03 19:53:43 0 d-------- C:\Program Files\Funcom
2008-08-03 19:52:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Funcom
2008-08-03 19:40:08 0 d-------- C:\WINDOWS\system32\fr-fr
2008-08-03 19:40:07 0 d-------- C:\WINDOWS\system32\fr
2008-08-03 19:40:07 0 d-------- C:\WINDOWS\system32\bits
2008-08-03 19:40:07 0 d-------- C:\WINDOWS\l2schemas
2008-08-03 19:39:09 0 d-------- C:\WINDOWS\ServicePackFiles
2008-08-03 19:37:37 0 d-------- C:\WINDOWS\network diagnostic
2008-08-03 19:36:32 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-08-03 19:34:57 0 d-------- C:\WINDOWS\EHome
2008-08-03 19:30:25 0 d-------- C:\WINDOWS\nview
2008-08-03 19:30:00 0 d-------- C:\NVIDIA
2008-08-03 19:25:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-08-03 19:25:12 0 d-------- C:\WINDOWS\system32\PreInstall
2008-08-03 19:23:41 0 d-------- C:\Documents and Settings\Wroblevski\Application Data\Adobe
2008-08-03 19:23:32 0 d-------- C:\Documents and Settings\Wroblevski\Application Data\Macromedia
2008-08-03 19:22:43 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-08-03 19:22:41 0 d---s---- C:\Documents and Settings\Wroblevski\UserData
2008-08-03 19:21:55 0 d-------- C:\Program Files\Broadcom
2008-08-03 19:21:45 0 d-------- C:\WINDOWS\Downloaded Installations
2008-08-03 19:21:45 0 d-------- C:\Program Files\Fichiers communs\InstallShield
2008-08-03 19:21:35 0 d-------- C:\dell
2008-08-03 19:11:26 0 d-------- C:\Documents and Settings\Wroblevski\Application Data\Identities
2008-08-03 19:11:17 0 d--h----- C:\Documents and Settings\Wroblevski\Voisinage réseau
2008-08-03 19:11:17 0 d--h----- C:\Documents and Settings\Wroblevski\Voisinage d'impression
2008-08-03 19:11:17 0 dr-h----- C:\Documents and Settings\Wroblevski\SendTo
2008-08-03 19:11:17 1572864 --ah----- C:\Documents and Settings\Wroblevski\NTUSER.DAT
2008-08-03 19:11:17 0 d--h----- C:\Documents and Settings\Wroblevski\Modèles
2008-08-03 19:11:17 0 dr------- C:\Documents and Settings\Wroblevski\Mes documents
2008-08-03 19:11:17 0 dr------- C:\Documents and Settings\Wroblevski\Menu Démarrer
2008-08-03 19:11:17 0 d--h----- C:\Documents and Settings\Wroblevski\Local Settings
2008-08-03 19:11:17 0 dr------- C:\Documents and Settings\Wroblevski\Favoris
2008-08-03 19:11:17 0 d---s---- C:\Documents and Settings\Wroblevski\Cookies
2008-08-03 19:11:17 0 d-------- C:\Documents and Settings\Wroblevski\Bureau
2008-08-03 19:11:17 0 dr-h----- C:\Documents and Settings\Wroblevski\Application Data
2008-08-03 19:09:06 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-08-03 19:09:05 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-08-03 19:09:04 229376 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-08-03 19:09:04 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-08-03 19:09:04 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-08-03 19:09:04 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-08-03 19:09:04 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-08-03 19:08:39 229376 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-08-03 19:08:39 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-08-03 19:08:39 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-08-03 19:08:39 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-08-03 19:08:39 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-08-03 19:06:22 0 d-------- C:\WINDOWS\system32\xircom
2008-08-03 19:06:20 262144 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-08-03 19:06:03 0 -rahs---- C:\MSDOS.SYS
2008-08-03 19:06:03 0 -rahs---- C:\IO.SYS
2008-08-03 19:06:03 0 --a------ C:\CONFIG.SYS
2008-08-03 19:06:03 0 --a------ C:\AUTOEXEC.BAT
2008-08-03 19:05:13 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-08-03 19:05:05 0 dr------- C:\WINDOWS\Offline Web Pages
2008-08-03 19:05:05 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-08-03 19:04:55 0 d--h----- C:\Program Files\WindowsUpdate
2008-08-03 19:04:52 0 d-------- C:\Program Files\Services en ligne
2008-08-03 19:04:37 0 d-------- C:\WINDOWS\system32\DirectX
2008-08-03 19:04:08 0 d---s---- C:\WINDOWS\Tasks
2008-08-03 19:04:08 0 d-------- C:\Program Files\Fichiers communs\MSSoap
2008-08-03 19:04:02 0 d-------- C:\WINDOWS\srchasst
2008-08-03 19:04:01 0 d-------- C:\WINDOWS\system32\Macromed
2008-08-03 19:03:51 0 d-------- C:\Program Files\Movie Maker
2008-08-03 19:03:40 0 d-------- C:\WINDOWS\system32\Restore
2008-08-03 19:03:05 23032 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-08-03 19:02:50 0 d-------- C:\WINDOWS\Registration
2008-08-03 19:02:18 0 d-------- C:\Program Files\Messenger
2008-08-03 19:02:15 0 d-------- C:\Program Files\MSN Gaming Zone
2008-08-03 19:01:42 0 d-------- C:\Program Files\Windows NT
2008-08-03 19:01:39 0 d-------- C:\WINDOWS\system32\MsDtc
2008-08-03 19:01:38 0 d-------- C:\WINDOWS\system32\Com
-- Find3M Report ---------------------------------------------------------------
2008-08-06 13:36:19 367658 --a------ C:\WINDOWS\system32\perfh00C.dat
2008-08-06 13:36:19 48616 --a------ C:\WINDOWS\system32\perfc00C.dat
2008-08-04 13:21:17 1097 --a------ C:\Documents and Settings\Wroblevski\Application Data\QuickZip45.ini
2008-08-03 20:55:14 62 --ahs---- C:\Documents and Settings\Wroblevski\Application Data\desktop.ini
2008-08-03 19:37:26 252240 -rahs---- C:\ntldr
2008-05-16 14:01:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-16 14:01:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-16 14:01:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-16 14:01:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-16 14:01:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-16 14:01:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-16 14:01:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-16 14:01:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
06.08.2008 12:29 62728 --a------ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [16.05.2008 14:01]
"nwiz"="nwiz.exe" [16.05.2008 14:01 C:\WINDOWS\system32\nwiz.exe]
"CmPCIaudio"="CMICNFG3.cpl" []
"Flashget"="C:\Program Files\FlashGet\FlashGet.exe" [25.09.2007 10:10]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [22.07.2008 20:42]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [27.05.2008 10:50]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30.07.2008 10:47]
"RemoteControl8"="C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" [20.03.2008 20:23]
"PDVD8LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" [14.12.2007 11:36]
"BDRegion"="C:\Program Files\Cyberlink\Shared Files\brs.exe" [27.06.2008 16:50]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [16.05.2008 14:01]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [25.04.2008 18:21]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [14.04.2008 04:34]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [07.07.2008 09:42]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
*Newly Created Service* - BITS
-- End of Deckard's System Scanner: finished at 2008-08-06 15:06:05 ------------
et ici le extra.txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Édition familiale (build 2600) SP 2.0
Architecture: X86; Language: French
CPU 0: Intel(R) Pentium(R) 4 CPU 3.00GHz
Percentage of Memory in Use: 27%
Physical Memory (total/avail): 1534.08 MiB / 1107.85 MiB
Pagefile Memory (total/avail): 3430.63 MiB / 3172.13 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1914.93 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 149 GiB total, 119.17 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - WDC WD1600JD-75HBB0 - 149.01 GiB - 1 partition
\PARTITION0 (bootable) - Système de fichiers installable - 149 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FirstRunDisabled is set.
FW: Kaspersky Internet Security v8.0.0.357 (Kaspersky Lab)
AV: Kaspersky Internet Security v8.0.0.357 (Kaspersky Lab)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\ma-config.com\\maconfservice.exe"="C:\\Program Files\\ma-config.com\\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\english\\setup.exe"="C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\english\\setup.exe:*:Enabled:Kaspersky Internet Security 2009 Setup"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Wroblevski\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Fichiers communs
COMPUTERNAME=ADONIS
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Wroblevski
LOGONSERVER=\\ADONIS
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\WROBLE~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\WROBLE~1\LOCALS~1\Temp
USERDOMAIN=ADONIS
USERNAME=Wroblevski
USERPROFILE=C:\Documents and Settings\Wroblevski
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Wroblevski (admin)
Administrateur (admin)
-- Add/Remove Programs ---------------------------------------------------------
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Age of Conan : Hyborian Adventures --> "C:\Program Files\Funcom\Age of Conan\unins000.exe"
Apple Mobile Device Support --> MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
AVS Video Converter 4.3.1.371 --> "C:\Program Files\AVSMedia\VideoConverter4\unins000.exe"
AVS Video Converter 6 --> "C:\Program Files\AVS4YOU\AVSVideoConverter6\unins000.exe"
AVS4YOU Software Navigator 1.2 --> "C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
Broadcom 440x 10/100 Integrated Controller --> C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{52504CE6-E909-4113-B232-4AFEC6543A61} /l1036
C-Media PCI Audio --> C:\WINDOWS\CmiPCIUninstall.exe C:\Program Files\C-Media PCI Audio#C-Media PCI Audio#C-Media PCI Audio#
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CyberLink PowerDVD 8 --> "C:\Program Files\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\Setup.exe" /z-uninstall
CyberLink PowerDVD 8 --> "C:\Program Files\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\Setup.exe" /z-uninstall
FlashGet 1.9.6.1073 --> C:\Program Files\FlashGet\uninst.exe
HijackThis 2.0.2 --> "C:\Documents and Settings\Wroblevski\Bureau\HijackThis.exe" /uninstall
iTunes --> MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
Kaspersky Internet Security 2009 --> MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
Kaspersky Internet Security 2009 --> MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
Ma-Config.com --> MsiExec.exe /X{CFF24C43-9C46-4044-9C54-A4D98A3A25FB}
Malwarebytes' RogueRemover --> "C:\Program Files\RogueRemover FREE\unins000.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Quick Zip 4.60.019 --> "C:\Program Files\QuickZip4\unins000.exe"
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
VideoLAN VLC media player 0.8.6i --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live installer --> MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
-- Application Event Log -------------------------------------------------------
Event Record #/Type150 / Warning
Event Submitted/Written: 08/06/2008 01:28:49 PM
Event ID/Source: 4353 / EventSystem
Event Description:
Le système d'événements de COM+ a tenté de déclencher l'événement EventObjectChange::ChangedSubscription mais a reçu un code d'erreur. HRESULT : 80040201.
Event Record #/Type149 / Warning
Event Submitted/Written: 08/06/2008 01:28:49 PM
Event ID/Source: 4356 / EventSystem
Event Description:
Le système d'événements de COM+ n'a pas pu créer d'instance de l'abonné partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}. CoGetObject a renvoyé HRESULT 80070422.
Event Record #/Type148 / Warning
Event Submitted/Written: 08/06/2008 01:28:48 PM
Event ID/Source: 4353 / EventSystem
Event Description:
Le système d'événements de COM+ a tenté de déclencher l'événement EventObjectChange::ChangedSubscription mais a reçu un code d'erreur. HRESULT : 80040201.
Event Record #/Type147 / Warning
Event Submitted/Written: 08/06/2008 01:28:48 PM
Event ID/Source: 4356 / EventSystem
Event Description:
Le système d'événements de COM+ n'a pas pu créer d'instance de l'abonné partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}. CoGetObject a renvoyé HRESULT 80070422.
Event Record #/Type142 / Warning
Event Submitted/Written: 08/06/2008 01:26:34 PM
Event ID/Source: 63 / WinMgmt
Event Description:
Un fournisseur, HiPerfCooker_v1, a été enregistré dans l'espace de noms WMI, Root\WMI, afin d'utiliser le compte LocalSystem. Ce compte bénéficie de privilèges et le fournisseur peut provoquer une violation de sécurité s'il ne représente pas correctement les demandes utilisateur.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type1116 / Error
Event Submitted/Written: 08/06/2008 03:00:41 PM
Event ID/Source: 16391 / BITS
Event Description:
Le format de la liste de travaux BITS n'est pas reconnu. La liste a peut-être été créée par une autre version de BITS. La liste de travaux a été effacée.
Event Record #/Type1094 / Error
Event Submitted/Written: 08/06/2008 02:56:19 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM a reçu l'erreur "%%1084" lors de la mise en route du service EventSystem avec les arguments ""
pour démarrer le serveur :
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Event Record #/Type1091 / Error
Event Submitted/Written: 08/06/2008 02:55:07 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger :
Fips
intelppm
kl1
klbg
KLIF
Event Record #/Type1090 / Error
Event Submitted/Written: 08/06/2008 02:53:50 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM a reçu l'erreur "%%1084" lors de la mise en route du service EventSystem avec les arguments ""
pour démarrer le serveur :
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Event Record #/Type1066 / Error
Event Submitted/Written: 08/06/2008 02:50:16 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM a reçu l'erreur "%%1084" lors de la mise en route du service EventSystem avec les arguments ""
pour démarrer le serveur :
{1BE1F766-5536-11D1-B726-00C04FB926AF}
-- End of Deckard's System Scanner: finished at 2008-08-06 15:06:05 ------------
Re,
Je suis bénévole et j'ai une vie privée, sans compter que j'ai beaucoup de sujet en cours et je fais de mon mieux pour venir en aide à tout le monde. Sois patient, je t'ai pris en charge, je ne te lâcherai pas tant que ton PC ne sera pas propre.![;)]( ";)")
***
1) Relance HijackThis (clique droit -> lancer en tant qu'adminstrateur sous Vista), clique sur "do a system scan only", coche ces lignes ( si présentes ) :
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
Ferme toutes les applications en cours (particulièrement ton navigateur Internet).
Puis Fix Checked ! N.B : Il est très important de fermer toutes les applications en cours et de se déconnecter d'internet pour fixer avec hijackthis au risque d'interférer avec les résultats de la manip'.
2) Télécharger OTMoveIt2 par OldTimer.
Enregistrer ce fichier sur le Bureau.
Faire un double clic sur OTMoveIt2.exe pour lancer l'exécution de l'outil. (Note: Si vous utilisez Vista, faire un clic droit sur le fichier puis choisir Exécuter en tant qu'administrateur).
Copier les lignes de la zone "Code" ci-dessous en les sélectionnant TOUTES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):
N.B : Le bureeau va disparaître, c'est normal !
Retourner dans la fenêtre de OTMoveIt2, faire un clic droit dans la zone "Paste Standard List of Files/Folders to Move" (sous la barre jaune clair) puis choisir Coller.
Cliquer sur le bouton rouge Moveit!.
Copier tout ce qui se trouve dans la zone Results (sous la barre verte) en sélectionnant TOUTES LES LIGNES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier), et coller ces résulats en réponse sur le forum.
Fermer OTMoveIt2
Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire afin de terminer le processus de déplacement. Si le redémarrage de la machine vous est demandé, choisir Oui/Yes. Dans ce cas, après le redémarrage, ouvrir le Bloc-notes (Démarrer->Tous les programmes->Accessoires->Bloc-notes), cliquer sur Fichier->Ouvrir, dans la zone "Nom du fichier" taper *.log et appuyer sur la touche Entrée, naviguer jusqu'au dossier C:\_OTMoveIt\MovedFiles, puis ouvrir le fichier .log le plus récent; ensuite faire un copier/coller du contenu de ce document en réponse sur le forum.
Si tu obtiens un message comme quoi le rapport ne peut pas être créé, copie/colle ce qui apparaît dans la colonne droite de l’outil.
3) Reposte un nouveau rapport DSS scan, main.txt
![;)]( ";)")
Je suis bénévole et j'ai une vie privée, sans compter que j'ai beaucoup de sujet en cours et je fais de mon mieux pour venir en aide à tout le monde. Sois patient, je t'ai pris en charge, je ne te lâcherai pas tant que ton PC ne sera pas propre.
***
1) Relance HijackThis (clique droit -> lancer en tant qu'adminstrateur sous Vista), clique sur "do a system scan only", coche ces lignes ( si présentes ) :
Citation :
O21 - SSODL: xokvrpwg - {1F894B93-1EB9-4A46-BB65-5C49DE717783} - O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
Ferme toutes les applications en cours (particulièrement ton navigateur Internet).
Puis Fix Checked ! N.B : Il est très important de fermer toutes les applications en cours et de se déconnecter d'internet pour fixer avec hijackthis au risque d'interférer avec les résultats de la manip'.
2) Télécharger OTMoveIt2 par OldTimer.
[kill explorer]
C:\Documents and Settings\Administrateur\Application Data\rhc9shj0e99l
C:\WINDOWS\system32\pphccshj0e99l.exe
C:\Documents and Settings\Wroblevski\Application Data\rhc9shj0e99l
C:\WINDOWS\lnvegaow.exe
C:\WINDOWS\evoq.exe
purity
emptytemp
[start explorer]
C:\Documents and Settings\Administrateur\Application Data\rhc9shj0e99l
C:\WINDOWS\system32\pphccshj0e99l.exe
C:\Documents and Settings\Wroblevski\Application Data\rhc9shj0e99l
C:\WINDOWS\lnvegaow.exe
C:\WINDOWS\evoq.exe
purity
emptytemp
[start explorer]
N.B : Le bureeau va disparaître, c'est normal !
Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire afin de terminer le processus de déplacement. Si le redémarrage de la machine vous est demandé, choisir Oui/Yes. Dans ce cas, après le redémarrage, ouvrir le Bloc-notes (Démarrer->Tous les programmes->Accessoires->Bloc-notes), cliquer sur Fichier->Ouvrir, dans la zone "Nom du fichier" taper *.log et appuyer sur la touche Entrée, naviguer jusqu'au dossier C:\_OTMoveIt\MovedFiles, puis ouvrir le fichier .log le plus récent; ensuite faire un copier/coller du contenu de ce document en réponse sur le forum.
Si tu obtiens un message comme quoi le rapport ne peut pas être créé, copie/colle ce qui apparaît dans la colonne droite de l’outil.
3) Reposte un nouveau rapport DSS scan, main.txt
Bonjour bonjour ![:)]( ":)")
Je pense bien que tu as une vie privée, je parlais en faite du rapport. Pas de souci prend ton temps !![:bounce:]( ":bounce:")
Impossible de lancer hijackthis en tant que administrateur "run-time error 481 invalid picture"
nouveau symptome : si je laisse tourner l'ordinateur pendant un certain temps, il s'éteint avec écran bleu puis redémarre en boucle à cet écran bleu jusqu'à ce que je le reset. Probablement un problème hardware sans rapport avec l'inféction ? dois-je faire un drivefitness test avec UBCD ?
sinon, voici le rapport de OTmoveIT2 :
Explorer killed successfully
C:\Documents and Settings\Administrateur\Application Data\rhc9shj0e99l\Quarantine\Packages moved successfully.
C:\Documents and Settings\Administrateur\Application Data\rhc9shj0e99l\Quarantine\BrowserObjects moved successfully.
C:\Documents and Settings\Administrateur\Application Data\rhc9shj0e99l\Quarantine\Autorun\StartMenuCurrentUser moved successfully.
C:\Documents and Settings\Administrateur\Application Data\rhc9shj0e99l\Quarantine\Autorun\StartMenuAllUsers moved successfully.
C:\Documents and Settings\Administrateur\Application Data\rhc9shj0e99l\Quarantine\Autorun\HKLM\RunOnce moved successfully.
C:\Documents and Settings\Administrateur\Application Data\rhc9shj0e99l\Quarantine\Autorun\HKLM moved successfully.
C:\Documents and Settings\Administrateur\Application Data\rhc9shj0e99l\Quarantine\Autorun\HKCU\RunOnce moved successfully.
C:\Documents and Settings\Administrateur\Application Data\rhc9shj0e99l\Quarantine\Autorun\HKCU moved successfully.
C:\Documents and Settings\Administrateur\Application Data\rhc9shj0e99l\Quarantine\Autorun moved successfully.
C:\Documents and Settings\Administrateur\Application Data\rhc9shj0e99l\Quarantine moved successfully.
C:\Documents and Settings\Administrateur\Application Data\rhc9shj0e99l moved successfully.
C:\WINDOWS\system32\pphccshj0e99l.exe moved successfully.
C:\Documents and Settings\Wroblevski\Application Data\rhc9shj0e99l\Quarantine\Packages moved successfully.
C:\Documents and Settings\Wroblevski\Application Data\rhc9shj0e99l\Quarantine\BrowserObjects moved successfully.
C:\Documents and Settings\Wroblevski\Application Data\rhc9shj0e99l\Quarantine\Autorun\StartMenuCurrentUser moved successfully.
C:\Documents and Settings\Wroblevski\Application Data\rhc9shj0e99l\Quarantine\Autorun\StartMenuAllUsers moved successfully.
C:\Documents and Settings\Wroblevski\Application Data\rhc9shj0e99l\Quarantine\Autorun\HKLM\RunOnce moved successfully.
C:\Documents and Settings\Wroblevski\Application Data\rhc9shj0e99l\Quarantine\Autorun\HKLM moved successfully.
C:\Documents and Settings\Wroblevski\Application Data\rhc9shj0e99l\Quarantine\Autorun\HKCU\RunOnce moved successfully.
C:\Documents and Settings\Wroblevski\Application Data\rhc9shj0e99l\Quarantine\Autorun\HKCU moved successfully.
C:\Documents and Settings\Wroblevski\Application Data\rhc9shj0e99l\Quarantine\Autorun moved successfully.
C:\Documents and Settings\Wroblevski\Application Data\rhc9shj0e99l\Quarantine moved successfully.
C:\Documents and Settings\Wroblevski\Application Data\rhc9shj0e99l moved successfully.
C:\WINDOWS\lnvegaow.exe moved successfully.
C:\WINDOWS\evoq.exe moved successfully.
< purity >
< emptytemp >
File delete failed. C:\DOCUME~1\WROBLE~1\LOCALS~1\Temp\etilqs_2QvJQ73GhN38PzWqz8b1 scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08072008_140319
Files moved on Reboot...
File C:\DOCUME~1\WROBLE~1\LOCALS~1\Temp\etilqs_2QvJQ73GhN38PzWqz8b1 not found!
et voici le main.txt
Deckard's System Scanner v20071014.68
Run by Wroblevski on 2008-08-07 14:19:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Wroblevski.exe) ------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:20:27, on 07.08.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Wroblevski\Bureau\dss.exe
C:\DOCUME~1\WROBLE~1\Bureau\WROBLE~1.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O21 - SSODL: xokvrpwg - {1F894B93-1EB9-4A46-BB65-5C49DE717783} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 6042 bytes
-- Files created between 2008-07-07 and 2008-08-07 -----------------------------
2008-08-06 15:16:36 0 d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-06 15:00:57 0 d--h----- C:\WINDOWS\$hf_mig$
2008-08-06 14:13:57 2166 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-06 14:13:24 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-08-06 14:13:23 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-08-06 14:13:23 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-08-06 14:13:23 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-08-06 14:13:23 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-08-06 14:13:23 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-08-06 14:13:23 82944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-08-06 14:13:23 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-08-06 14:00:27 0 d-------- C:\Documents and Settings\Wroblevski\SmitfraudFix <SMITFR~1>
2008-08-06 13:38:31 0 d-------- C:\WINDOWS\pss
2008-08-06 13:34:01 0 d-------- C:\WINDOWS\Prefetch
2008-08-06 12:24:01 96976 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-08-06 12:24:01 87855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-08-06 12:23:30 237600 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-06 12:23:30 1017888 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-06 12:23:30 0 d-------- C:\Program Files\Kaspersky Lab
2008-08-06 12:23:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-06 12:22:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-06 11:57:27 0 dr-h----- C:\Documents and Settings\Wroblevski\Recent
2008-08-06 10:33:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-06 10:19:41 0 d-------- C:\Program Files\RogueRemover FREE
2008-08-06 10:18:11 0 d-------- C:\Program Files\microsoft frontpage
2008-08-06 10:13:58 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-08-06 10:13:58 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-08-06 10:13:58 0 dr-h----- C:\Documents and Settings\Administrateur\SendTo
2008-08-06 10:13:58 0 d--h----- C:\Documents and Settings\Administrateur\Recent
2008-08-06 10:13:58 524288 --ah----- C:\Documents and Settings\Administrateur\NTUSER.DAT
2008-08-06 10:13:58 0 d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-08-06 10:13:58 0 d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-08-06 10:13:58 0 dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-08-06 10:13:58 0 d--h----- C:\Documents and Settings\Administrateur\Local Settings
2008-08-06 10:13:58 0 d-------- C:\Documents and Settings\Administrateur\Favoris
2008-08-06 10:13:58 0 d---s---- C:\Documents and Settings\Administrateur\Cookies
2008-08-06 10:13:58 0 d-------- C:\Documents and Settings\Administrateur\Bureau
2008-08-06 10:13:58 0 dr-h----- C:\Documents and Settings\Administrateur\Application Data
2008-08-06 10:13:58 0 d---s---- C:\Documents and Settings\Administrateur\Application Data\Microsoft
2008-08-06 10:10:22 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-06 10:10:19 0 d-------- C:\Documents and Settings\Wroblevski\Application Data\Mozilla
2008-08-06 09:50:29 0 d-------- C:\Program Files\CCleaner
2008-08-06 01:21:28 60928 --a------ C:\WINDOWS\system32\blphccshj0e99l.scr <Not Verified; Sysinternals; Sysinternals Blue Screen>
2008-08-05 22:35:12 0 d-------- C:\Documents and Settings\Wroblevski\Application Data\CyberLink
2008-08-05 22:34:42 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-08-05 22:34:33 0 d-------- C:\Program Files\Fichiers communs\CyberLink
2008-08-05 22:33:55 0 d-------- C:\Program Files\CyberLink
2008-08-05 22:33:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Temp
2008-08-05 22:05:06 0 d-------- C:\Documents and Settings\Wroblevski\Application Data\dvdcss
2008-08-04 17:29:03 0 d-------- C:\Documents and Settings\Wroblevski\Application Data\Apple Computer
2008-08-04 17:28:46 0 d-------- C:\Program Files\iTunes
2008-08-04 17:28:10 0 d-------- C:\Program Files\QuickTime
2008-08-04 17:28:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-04 17:27:58 0 d-------- C:\Program Files\Apple Software Update
2008-08-04 17:27:52 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-08-04 17:27:38 0 d-------- C:\Program Files\Fichiers communs\Apple
2008-08-04 17:27:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-08-04 13:39:58 139264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-08-04 13:39:58 524288 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-08-04 13:39:58 413760 --a------ C:\WINDOWS\system32\mpg4c32.dll <Not Verified; Microsoft Corporation; Microsoft MPEG-4 Video Codec>
2008-08-04 13:39:58 261632 --a------ C:\WINDOWS\system32\mcdvd_32.dll <Not Verified; MainConcept; MainConcept DV Codec "2.0.4>
2008-08-04 13:39:58 638976 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivXNetworks, Inc.; DivX Video for Windows Codec>
2008-08-04 13:39:58 0 d-------- C:\Program Files\AVSMedia
2008-08-04 13:36:44 0 d-------- C:\Downloads
2008-08-04 13:31:29 0 d-------- C:\Documents and Settings\Wroblevski\Application Data\AVS4YOU
2008-08-04 13:31:26 0 d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-08-04 13:30:44 0 d-------- C:\Program Files\Fichiers communs\AVSMedia
2008-08-04 13:30:24 0 d-------- C:\Program Files\AVS4YOU
2008-08-04 13:29:07 0 d-------- C:\Program Files\FlashGet
2008-08-04 13:21:30 0 d-------- C:\Documents and Settings\Wroblevski\Application Data\vlc
2008-08-04 13:21:14 0 d-------- C:\Documents and Settings\Wroblevski\Application Data\Media Player Classic
2008-08-04 13:18:16 0 d-------- C:\Program Files\VideoLAN
2008-08-04 12:02:40 0 d--hs--c- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-08-04 12:02:31 0 d-------- C:\Program Files\Windows Live
2008-08-04 12:02:22 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-03 23:31:28 32768 --a------ C:\WINDOWS\system32\CMUdaProp3.dll <Not Verified; C-Media Corporation; CMI8738/CMI9738/CMI9739 Audio Device>
2008-08-03 23:31:28 262144 --a------ C:\WINDOWS\system32\CMRMDRV3.exe <Not Verified; C-Media Corporation; CmiRemoveDriver Application>
2008-08-03 23:31:28 28672 --a------ C:\WINDOWS\system32\CMRMDRV3.dll
2008-08-03 23:31:28 917504 --a------ C:\WINDOWS\system\CMDS3D3.dll <Not Verified; C-Media Electronics Inc.; C-Media Cmids3d>
2008-08-03 23:31:28 712704 --a------ C:\WINDOWS\system\AUDIO3D3.dll <Not Verified; Sensaura Ltd; Sensaura>
2008-08-03 23:31:28 712704 --a------ C:\WINDOWS\system\a3d.dll <Not Verified; Sensaura Ltd; Sensaura>
2008-08-03 23:30:36 274432 --a------ C:\WINDOWS\CmiPCIUninstall.exe <Not Verified; C-Media Corporation; CmiUSBUninstall Application>
2008-08-03 23:30:26 1405632 --a------ C:\WINDOWS\system32\drivers\cmudax3.sys <Not Verified; C-Media Inc; C-Media Audio Driver (WDM)>
2008-08-03 23:30:25 36864 --a------ C:\WINDOWS\system32\cmudax3.DLL <Not Verified; C-Media Electronics Ins.; C-Media PCI Audio>
2008-08-03 23:30:25 0 d-------- C:\Program Files\C-Media PCI Audio
2008-08-03 23:28:45 0 d-------- C:\Program Files\QuickZip4
2008-08-03 23:11:48 0 d-------- C:\Program Files\ma-config.com
2008-08-03 23:11:48 0 d-------- C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-08-03 22:52:22 0 d-------- C:\Documents and Settings\All Users\Application Data\media center programs
2008-08-03 20:55:42 0 d--hs---- C:\WINDOWS\Installer
2008-08-03 20:55:41 0 d-------- C:\Program Files\Fichiers communs\ODBC
2008-08-03 20:55:38 0 dr------- C:\Program Files
2008-08-03 20:55:38 0 d-------- C:\Program Files\Fichiers communs
2008-08-03 20:55:38 0 d-------- C:\Program Files\Fichiers communs\SpeechEngines
2008-08-03 20:55:14 0 d--h----- C:\Documents and Settings\Default User\Voisinage réseau
2008-08-03 20:55:14 0 d--h----- C:\Documents and Settings\Default User\Voisinage d'impression
2008-08-03 20:55:14 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-08-03 20:55:14 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-08-03 20:55:14 0 d--h----- C:\Documents and Settings\Default User\Modèles
2008-08-03 20:55:14 0 d-------- C:\Documents and Settings\Default User\Mes documents
2008-08-03 20:55:14 0 dr------- C:\Documents and Settings\Default User\Menu Démarrer
2008-08-03 20:55:14 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-08-03 20:55:14 0 d-------- C:\Documents and Settings\Default User\Favoris
2008-08-03 20:55:14 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-08-03 20:55:14 0 d-------- C:\Documents and Settings\Default User\Bureau
2008-08-03 20:55:14 0 d--h----- C:\Documents and Settings\All Users\Modèles
2008-08-03 20:55:14 0 dr------- C:\Documents and Settings\All Users\Menu Démarrer
2008-08-03 20:55:14 0 d-------- C:\Documents and Settings\All Users\Favoris
2008-08-03 20:55:14 0 dr------- C:\Documents and Settings\All Users\Documents
2008-08-03 20:55:14 0 d-------- C:\Documents and Settings\All Users\Bureau
2008-08-03 20:55:01 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-08-03 20:55:01 0 d-------- C:\WINDOWS\system32\CatRoot
2008-08-03 20:54:55 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-08-03 20:54:55 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-08-03 20:54:55 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-08-03 20:54:55 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-08-03 20:54:32 0 d-------- C:\Documents and Settings
2008-08-03 20:54:31 0 d--hs---- C:\System Volume Information
2008-08-03 20:48:33 0 d-------- C:\WINDOWS
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\WinSxS
2008-08-03 20:48:33 0 dr------- C:\WINDOWS\Web
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\twain_32
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\wins
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\wbem
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\usmt
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\spool
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\ShellExt
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\Setup
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\ras
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\oobe
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\npp
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\mui
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\inetsrv
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\IME
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\icsxml
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\ias
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\export
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\drivers
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-08-03 20:48:33 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\dhcp
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\config
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\3076
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\2052
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\1054
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\1042
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\1041
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\1037
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\1036
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\1033
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\1031
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\1028
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\1025
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\security
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\Resources
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\repair
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\Provisioning
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\PeerNet
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\pchealth
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\mui
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\msapps
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\msagent
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\Media
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\java
2008-08-03 20:48:33 0 d--h----- C:\WINDOWS\inf
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\ime
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\Help
2008-08-03 20:48:33 0 dr--s---- C:\WINDOWS\Fonts
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\Driver Cache
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\Debug
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\Cursors
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\Connection Wizard
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\Config
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\AppPatch
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\addins
2008-08-03 19:56:25 0 d-------- C:\Program Files\Alwil Software
2008-08-03 19:53:43 0 d-------- C:\Program Files\Funcom
2008-08-03 19:52:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Funcom
2008-08-03 19:40:08 0 d-------- C:\WINDOWS\system32\fr-fr
2008-08-03 19:40:07 0 d-------- C:\WINDOWS\system32\fr
2008-08-03 19:40:07 0 d-------- C:\WINDOWS\system32\bits
2008-08-03 19:40:07 0 d-------- C:\WINDOWS\l2schemas
2008-08-03 19:39:09 0 d-------- C:\WINDOWS\ServicePackFiles
2008-08-03 19:37:37 0 d-------- C:\WINDOWS\network diagnostic
2008-08-03 19:36:32 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-08-03 19:34:57 0 d-------- C:\WINDOWS\EHome
2008-08-03 19:30:25 0 d-------- C:\WINDOWS\nview
2008-08-03 19:30:00 0 d-------- C:\NVIDIA
2008-08-03 19:25:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-08-03 19:25:12 0 d-------- C:\WINDOWS\system32\PreInstall
2008-08-03 19:23:41 0 d-------- C:\Documents and Settings\Wroblevski\Application Data\Adobe
2008-08-03 19:23:32 0 d-------- C:\Documents and Settings\Wroblevski\Application Data\Macromedia
2008-08-03 19:22:43 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-08-03 19:22:41 0 d---s---- C:\Documents and Settings\Wroblevski\UserData
2008-08-03 19:21:55 0 d-------- C:\Program Files\Broadcom
2008-08-03 19:21:45 0 d-------- C:\WINDOWS\Downloaded Installations
2008-08-03 19:21:45 0 d-------- C:\Program Files\Fichiers communs\InstallShield
2008-08-03 19:21:35 0 d-------- C:\dell
2008-08-03 19:11:26 0 d-------- C:\Documents and Settings\Wroblevski\Application Data\Identities
2008-08-03 19:11:17 0 d--h----- C:\Documents and Settings\Wroblevski\Voisinage réseau
2008-08-03 19:11:17 0 d--h----- C:\Documents and Settings\Wroblevski\Voisinage d'impression
2008-08-03 19:11:17 0 dr-h----- C:\Documents and Settings\Wroblevski\SendTo
2008-08-03 19:11:17 1572864 --ah----- C:\Documents and Settings\Wroblevski\NTUSER.DAT
2008-08-03 19:11:17 0 d--h----- C:\Documents and Settings\Wroblevski\Modèles
2008-08-03 19:11:17 0 dr------- C:\Documents and Settings\Wroblevski\Mes documents
2008-08-03 19:11:17 0 dr------- C:\Documents and Settings\Wroblevski\Menu Démarrer
2008-08-03 19:11:17 0 d--h----- C:\Documents and Settings\Wroblevski\Local Settings
2008-08-03 19:11:17 0 dr------- C:\Documents and Settings\Wroblevski\Favoris
2008-08-03 19:11:17 0 d---s---- C:\Documents and Settings\Wroblevski\Cookies
2008-08-03 19:11:17 0 d-------- C:\Documents and Settings\Wroblevski\Bureau
2008-08-03 19:11:17 0 dr-h----- C:\Documents and Settings\Wroblevski\Application Data
2008-08-03 19:09:06 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-08-03 19:09:05 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-08-03 19:09:04 229376 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-08-03 19:09:04 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-08-03 19:09:04 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-08-03 19:09:04 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-08-03 19:09:04 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-08-03 19:08:39 229376 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-08-03 19:08:39 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-08-03 19:08:39 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-08-03 19:08:39 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-08-03 19:08:39 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-08-03 19:06:22 0 d-------- C:\WINDOWS\system32\xircom
2008-08-03 19:06:20 262144 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-08-03 19:06:03 0 -rahs---- C:\MSDOS.SYS
2008-08-03 19:06:03 0 -rahs---- C:\IO.SYS
2008-08-03 19:06:03 0 --a------ C:\CONFIG.SYS
2008-08-03 19:06:03 0 --a------ C:\AUTOEXEC.BAT
2008-08-03 19:05:13 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-08-03 19:05:05 0 dr------- C:\WINDOWS\Offline Web Pages
2008-08-03 19:05:05 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-08-03 19:04:55 0 d--h----- C:\Program Files\WindowsUpdate
2008-08-03 19:04:52 0 d-------- C:\Program Files\Services en ligne
2008-08-03 19:04:37 0 d-------- C:\WINDOWS\system32\DirectX
2008-08-03 19:04:08 0 d---s---- C:\WINDOWS\Tasks
2008-08-03 19:04:08 0 d-------- C:\Program Files\Fichiers communs\MSSoap
2008-08-03 19:04:02 0 d-------- C:\WINDOWS\srchasst
2008-08-03 19:04:01 0 d-------- C:\WINDOWS\system32\Macromed
2008-08-03 19:03:51 0 d-------- C:\Program Files\Movie Maker
2008-08-03 19:03:40 0 d-------- C:\WINDOWS\system32\Restore
2008-08-03 19:03:05 23032 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-08-03 19:02:50 0 d-------- C:\WINDOWS\Registration
2008-08-03 19:02:18 0 d-------- C:\Program Files\Messenger
2008-08-03 19:02:15 0 d-------- C:\Program Files\MSN Gaming Zone
2008-08-03 19:01:42 0 d-------- C:\Program Files\Windows NT
2008-08-03 19:01:39 0 d-------- C:\WINDOWS\system32\MsDtc
2008-08-03 19:01:38 0 d-------- C:\WINDOWS\system32\Com
-- Find3M Report ---------------------------------------------------------------
2008-08-06 13:36:19 367658 --a------ C:\WINDOWS\system32\perfh00C.dat
2008-08-06 13:36:19 48616 --a------ C:\WINDOWS\system32\perfc00C.dat
2008-08-04 13:21:17 1097 --a------ C:\Documents and Settings\Wroblevski\Application Data\QuickZip45.ini
2008-08-03 20:55:14 62 --ahs---- C:\Documents and Settings\Wroblevski\Application Data\desktop.ini
2008-08-03 19:37:26 252240 -rahs---- C:\ntldr
2008-05-16 14:01:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-16 14:01:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-16 14:01:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-16 14:01:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-16 14:01:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-16 14:01:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-16 14:01:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-16 14:01:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
06.08.2008 12:29 62728 --a------ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [16.05.2008 14:01]
"nwiz"="nwiz.exe" [16.05.2008 14:01 C:\WINDOWS\system32\nwiz.exe]
"CmPCIaudio"="CMICNFG3.cpl" []
"Flashget"="C:\Program Files\FlashGet\FlashGet.exe" [25.09.2007 10:10]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [22.07.2008 20:42]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [27.05.2008 10:50]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30.07.2008 10:47]
"RemoteControl8"="C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" [20.03.2008 20:23]
"PDVD8LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" [14.12.2007 11:36]
"BDRegion"="C:\Program Files\Cyberlink\Shared Files\brs.exe" [27.06.2008 16:50]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [16.05.2008 14:01]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [25.04.2008 18:21]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [14.04.2008 04:34]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [07.07.2008 09:42]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
-- End of Deckard's System Scanner: finished at 2008-08-07 14:21:42 ------------
merci![:)]( ":)")
Je pense bien que tu as une vie privée, je parlais en faite du rapport. Pas de souci prend ton temps !
Impossible de lancer hijackthis en tant que administrateur "run-time error 481 invalid picture"
nouveau symptome : si je laisse tourner l'ordinateur pendant un certain temps, il s'éteint avec écran bleu puis redémarre en boucle à cet écran bleu jusqu'à ce que je le reset. Probablement un problème hardware sans rapport avec l'inféction ? dois-je faire un drivefitness test avec UBCD ?
sinon, voici le rapport de OTmoveIT2 :
Explorer killed successfully
C:\Documents and Settings\Administrateur\Application Data\rhc9shj0e99l\Quarantine\Packages moved successfully.
C:\Documents and Settings\Administrateur\Application Data\rhc9shj0e99l\Quarantine\BrowserObjects moved successfully.
C:\Documents and Settings\Administrateur\Application Data\rhc9shj0e99l\Quarantine\Autorun\StartMenuCurrentUser moved successfully.
C:\Documents and Settings\Administrateur\Application Data\rhc9shj0e99l\Quarantine\Autorun\StartMenuAllUsers moved successfully.
C:\Documents and Settings\Administrateur\Application Data\rhc9shj0e99l\Quarantine\Autorun\HKLM\RunOnce moved successfully.
C:\Documents and Settings\Administrateur\Application Data\rhc9shj0e99l\Quarantine\Autorun\HKLM moved successfully.
C:\Documents and Settings\Administrateur\Application Data\rhc9shj0e99l\Quarantine\Autorun\HKCU\RunOnce moved successfully.
C:\Documents and Settings\Administrateur\Application Data\rhc9shj0e99l\Quarantine\Autorun\HKCU moved successfully.
C:\Documents and Settings\Administrateur\Application Data\rhc9shj0e99l\Quarantine\Autorun moved successfully.
C:\Documents and Settings\Administrateur\Application Data\rhc9shj0e99l\Quarantine moved successfully.
C:\Documents and Settings\Administrateur\Application Data\rhc9shj0e99l moved successfully.
C:\WINDOWS\system32\pphccshj0e99l.exe moved successfully.
C:\Documents and Settings\Wroblevski\Application Data\rhc9shj0e99l\Quarantine\Packages moved successfully.
C:\Documents and Settings\Wroblevski\Application Data\rhc9shj0e99l\Quarantine\BrowserObjects moved successfully.
C:\Documents and Settings\Wroblevski\Application Data\rhc9shj0e99l\Quarantine\Autorun\StartMenuCurrentUser moved successfully.
C:\Documents and Settings\Wroblevski\Application Data\rhc9shj0e99l\Quarantine\Autorun\StartMenuAllUsers moved successfully.
C:\Documents and Settings\Wroblevski\Application Data\rhc9shj0e99l\Quarantine\Autorun\HKLM\RunOnce moved successfully.
C:\Documents and Settings\Wroblevski\Application Data\rhc9shj0e99l\Quarantine\Autorun\HKLM moved successfully.
C:\Documents and Settings\Wroblevski\Application Data\rhc9shj0e99l\Quarantine\Autorun\HKCU\RunOnce moved successfully.
C:\Documents and Settings\Wroblevski\Application Data\rhc9shj0e99l\Quarantine\Autorun\HKCU moved successfully.
C:\Documents and Settings\Wroblevski\Application Data\rhc9shj0e99l\Quarantine\Autorun moved successfully.
C:\Documents and Settings\Wroblevski\Application Data\rhc9shj0e99l\Quarantine moved successfully.
C:\Documents and Settings\Wroblevski\Application Data\rhc9shj0e99l moved successfully.
C:\WINDOWS\lnvegaow.exe moved successfully.
C:\WINDOWS\evoq.exe moved successfully.
< purity >
< emptytemp >
File delete failed. C:\DOCUME~1\WROBLE~1\LOCALS~1\Temp\etilqs_2QvJQ73GhN38PzWqz8b1 scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08072008_140319
Files moved on Reboot...
File C:\DOCUME~1\WROBLE~1\LOCALS~1\Temp\etilqs_2QvJQ73GhN38PzWqz8b1 not found!
et voici le main.txt
Deckard's System Scanner v20071014.68
Run by Wroblevski on 2008-08-07 14:19:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Wroblevski.exe) ------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:20:27, on 07.08.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Wroblevski\Bureau\dss.exe
C:\DOCUME~1\WROBLE~1\Bureau\WROBLE~1.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O21 - SSODL: xokvrpwg - {1F894B93-1EB9-4A46-BB65-5C49DE717783} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 6042 bytes
-- Files created between 2008-07-07 and 2008-08-07 -----------------------------
2008-08-06 15:16:36 0 d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-06 15:00:57 0 d--h----- C:\WINDOWS\$hf_mig$
2008-08-06 14:13:57 2166 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-06 14:13:24 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-08-06 14:13:23 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-08-06 14:13:23 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-08-06 14:13:23 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-08-06 14:13:23 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-08-06 14:13:23 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-08-06 14:13:23 82944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-08-06 14:13:23 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-08-06 14:00:27 0 d-------- C:\Documents and Settings\Wroblevski\SmitfraudFix <SMITFR~1>
2008-08-06 13:38:31 0 d-------- C:\WINDOWS\pss
2008-08-06 13:34:01 0 d-------- C:\WINDOWS\Prefetch
2008-08-06 12:24:01 96976 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-08-06 12:24:01 87855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-08-06 12:23:30 237600 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-06 12:23:30 1017888 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-06 12:23:30 0 d-------- C:\Program Files\Kaspersky Lab
2008-08-06 12:23:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-06 12:22:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-06 11:57:27 0 dr-h----- C:\Documents and Settings\Wroblevski\Recent
2008-08-06 10:33:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-06 10:19:41 0 d-------- C:\Program Files\RogueRemover FREE
2008-08-06 10:18:11 0 d-------- C:\Program Files\microsoft frontpage
2008-08-06 10:13:58 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-08-06 10:13:58 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-08-06 10:13:58 0 dr-h----- C:\Documents and Settings\Administrateur\SendTo
2008-08-06 10:13:58 0 d--h----- C:\Documents and Settings\Administrateur\Recent
2008-08-06 10:13:58 524288 --ah----- C:\Documents and Settings\Administrateur\NTUSER.DAT
2008-08-06 10:13:58 0 d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-08-06 10:13:58 0 d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-08-06 10:13:58 0 dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-08-06 10:13:58 0 d--h----- C:\Documents and Settings\Administrateur\Local Settings
2008-08-06 10:13:58 0 d-------- C:\Documents and Settings\Administrateur\Favoris
2008-08-06 10:13:58 0 d---s---- C:\Documents and Settings\Administrateur\Cookies
2008-08-06 10:13:58 0 d-------- C:\Documents and Settings\Administrateur\Bureau
2008-08-06 10:13:58 0 dr-h----- C:\Documents and Settings\Administrateur\Application Data
2008-08-06 10:13:58 0 d---s---- C:\Documents and Settings\Administrateur\Application Data\Microsoft
2008-08-06 10:10:22 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-06 10:10:19 0 d-------- C:\Documents and Settings\Wroblevski\Application Data\Mozilla
2008-08-06 09:50:29 0 d-------- C:\Program Files\CCleaner
2008-08-06 01:21:28 60928 --a------ C:\WINDOWS\system32\blphccshj0e99l.scr <Not Verified; Sysinternals; Sysinternals Blue Screen>
2008-08-05 22:35:12 0 d-------- C:\Documents and Settings\Wroblevski\Application Data\CyberLink
2008-08-05 22:34:42 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-08-05 22:34:33 0 d-------- C:\Program Files\Fichiers communs\CyberLink
2008-08-05 22:33:55 0 d-------- C:\Program Files\CyberLink
2008-08-05 22:33:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Temp
2008-08-05 22:05:06 0 d-------- C:\Documents and Settings\Wroblevski\Application Data\dvdcss
2008-08-04 17:29:03 0 d-------- C:\Documents and Settings\Wroblevski\Application Data\Apple Computer
2008-08-04 17:28:46 0 d-------- C:\Program Files\iTunes
2008-08-04 17:28:10 0 d-------- C:\Program Files\QuickTime
2008-08-04 17:28:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-04 17:27:58 0 d-------- C:\Program Files\Apple Software Update
2008-08-04 17:27:52 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-08-04 17:27:38 0 d-------- C:\Program Files\Fichiers communs\Apple
2008-08-04 17:27:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-08-04 13:39:58 139264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-08-04 13:39:58 524288 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-08-04 13:39:58 413760 --a------ C:\WINDOWS\system32\mpg4c32.dll <Not Verified; Microsoft Corporation; Microsoft MPEG-4 Video Codec>
2008-08-04 13:39:58 261632 --a------ C:\WINDOWS\system32\mcdvd_32.dll <Not Verified; MainConcept; MainConcept DV Codec "2.0.4>
2008-08-04 13:39:58 638976 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivXNetworks, Inc.; DivX Video for Windows Codec>
2008-08-04 13:39:58 0 d-------- C:\Program Files\AVSMedia
2008-08-04 13:36:44 0 d-------- C:\Downloads
2008-08-04 13:31:29 0 d-------- C:\Documents and Settings\Wroblevski\Application Data\AVS4YOU
2008-08-04 13:31:26 0 d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-08-04 13:30:44 0 d-------- C:\Program Files\Fichiers communs\AVSMedia
2008-08-04 13:30:24 0 d-------- C:\Program Files\AVS4YOU
2008-08-04 13:29:07 0 d-------- C:\Program Files\FlashGet
2008-08-04 13:21:30 0 d-------- C:\Documents and Settings\Wroblevski\Application Data\vlc
2008-08-04 13:21:14 0 d-------- C:\Documents and Settings\Wroblevski\Application Data\Media Player Classic
2008-08-04 13:18:16 0 d-------- C:\Program Files\VideoLAN
2008-08-04 12:02:40 0 d--hs--c- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-08-04 12:02:31 0 d-------- C:\Program Files\Windows Live
2008-08-04 12:02:22 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-03 23:31:28 32768 --a------ C:\WINDOWS\system32\CMUdaProp3.dll <Not Verified; C-Media Corporation; CMI8738/CMI9738/CMI9739 Audio Device>
2008-08-03 23:31:28 262144 --a------ C:\WINDOWS\system32\CMRMDRV3.exe <Not Verified; C-Media Corporation; CmiRemoveDriver Application>
2008-08-03 23:31:28 28672 --a------ C:\WINDOWS\system32\CMRMDRV3.dll
2008-08-03 23:31:28 917504 --a------ C:\WINDOWS\system\CMDS3D3.dll <Not Verified; C-Media Electronics Inc.; C-Media Cmids3d>
2008-08-03 23:31:28 712704 --a------ C:\WINDOWS\system\AUDIO3D3.dll <Not Verified; Sensaura Ltd; Sensaura>
2008-08-03 23:31:28 712704 --a------ C:\WINDOWS\system\a3d.dll <Not Verified; Sensaura Ltd; Sensaura>
2008-08-03 23:30:36 274432 --a------ C:\WINDOWS\CmiPCIUninstall.exe <Not Verified; C-Media Corporation; CmiUSBUninstall Application>
2008-08-03 23:30:26 1405632 --a------ C:\WINDOWS\system32\drivers\cmudax3.sys <Not Verified; C-Media Inc; C-Media Audio Driver (WDM)>
2008-08-03 23:30:25 36864 --a------ C:\WINDOWS\system32\cmudax3.DLL <Not Verified; C-Media Electronics Ins.; C-Media PCI Audio>
2008-08-03 23:30:25 0 d-------- C:\Program Files\C-Media PCI Audio
2008-08-03 23:28:45 0 d-------- C:\Program Files\QuickZip4
2008-08-03 23:11:48 0 d-------- C:\Program Files\ma-config.com
2008-08-03 23:11:48 0 d-------- C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-08-03 22:52:22 0 d-------- C:\Documents and Settings\All Users\Application Data\media center programs
2008-08-03 20:55:42 0 d--hs---- C:\WINDOWS\Installer
2008-08-03 20:55:41 0 d-------- C:\Program Files\Fichiers communs\ODBC
2008-08-03 20:55:38 0 dr------- C:\Program Files
2008-08-03 20:55:38 0 d-------- C:\Program Files\Fichiers communs
2008-08-03 20:55:38 0 d-------- C:\Program Files\Fichiers communs\SpeechEngines
2008-08-03 20:55:14 0 d--h----- C:\Documents and Settings\Default User\Voisinage réseau
2008-08-03 20:55:14 0 d--h----- C:\Documents and Settings\Default User\Voisinage d'impression
2008-08-03 20:55:14 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-08-03 20:55:14 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-08-03 20:55:14 0 d--h----- C:\Documents and Settings\Default User\Modèles
2008-08-03 20:55:14 0 d-------- C:\Documents and Settings\Default User\Mes documents
2008-08-03 20:55:14 0 dr------- C:\Documents and Settings\Default User\Menu Démarrer
2008-08-03 20:55:14 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-08-03 20:55:14 0 d-------- C:\Documents and Settings\Default User\Favoris
2008-08-03 20:55:14 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-08-03 20:55:14 0 d-------- C:\Documents and Settings\Default User\Bureau
2008-08-03 20:55:14 0 d--h----- C:\Documents and Settings\All Users\Modèles
2008-08-03 20:55:14 0 dr------- C:\Documents and Settings\All Users\Menu Démarrer
2008-08-03 20:55:14 0 d-------- C:\Documents and Settings\All Users\Favoris
2008-08-03 20:55:14 0 dr------- C:\Documents and Settings\All Users\Documents
2008-08-03 20:55:14 0 d-------- C:\Documents and Settings\All Users\Bureau
2008-08-03 20:55:01 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-08-03 20:55:01 0 d-------- C:\WINDOWS\system32\CatRoot
2008-08-03 20:54:55 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-08-03 20:54:55 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-08-03 20:54:55 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-08-03 20:54:55 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-08-03 20:54:32 0 d-------- C:\Documents and Settings
2008-08-03 20:54:31 0 d--hs---- C:\System Volume Information
2008-08-03 20:48:33 0 d-------- C:\WINDOWS
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\WinSxS
2008-08-03 20:48:33 0 dr------- C:\WINDOWS\Web
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\twain_32
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\wins
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\wbem
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\usmt
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\spool
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\ShellExt
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\Setup
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\ras
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\oobe
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\npp
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\mui
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\inetsrv
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\IME
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\icsxml
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\ias
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\export
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\drivers
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-08-03 20:48:33 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\dhcp
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\config
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\3076
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\2052
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\1054
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\1042
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\1041
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\1037
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\1036
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\1033
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\1031
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\1028
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system32\1025
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\system
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\security
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\Resources
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\repair
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\Provisioning
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\PeerNet
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\pchealth
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\mui
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\msapps
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\msagent
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\Media
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\java
2008-08-03 20:48:33 0 d--h----- C:\WINDOWS\inf
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\ime
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\Help
2008-08-03 20:48:33 0 dr--s---- C:\WINDOWS\Fonts
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\Driver Cache
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\Debug
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\Cursors
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\Connection Wizard
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\Config
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\AppPatch
2008-08-03 20:48:33 0 d-------- C:\WINDOWS\addins
2008-08-03 19:56:25 0 d-------- C:\Program Files\Alwil Software
2008-08-03 19:53:43 0 d-------- C:\Program Files\Funcom
2008-08-03 19:52:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Funcom
2008-08-03 19:40:08 0 d-------- C:\WINDOWS\system32\fr-fr
2008-08-03 19:40:07 0 d-------- C:\WINDOWS\system32\fr
2008-08-03 19:40:07 0 d-------- C:\WINDOWS\system32\bits
2008-08-03 19:40:07 0 d-------- C:\WINDOWS\l2schemas
2008-08-03 19:39:09 0 d-------- C:\WINDOWS\ServicePackFiles
2008-08-03 19:37:37 0 d-------- C:\WINDOWS\network diagnostic
2008-08-03 19:36:32 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-08-03 19:34:57 0 d-------- C:\WINDOWS\EHome
2008-08-03 19:30:25 0 d-------- C:\WINDOWS\nview
2008-08-03 19:30:00 0 d-------- C:\NVIDIA
2008-08-03 19:25:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-08-03 19:25:12 0 d-------- C:\WINDOWS\system32\PreInstall
2008-08-03 19:23:41 0 d-------- C:\Documents and Settings\Wroblevski\Application Data\Adobe
2008-08-03 19:23:32 0 d-------- C:\Documents and Settings\Wroblevski\Application Data\Macromedia
2008-08-03 19:22:43 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-08-03 19:22:41 0 d---s---- C:\Documents and Settings\Wroblevski\UserData
2008-08-03 19:21:55 0 d-------- C:\Program Files\Broadcom
2008-08-03 19:21:45 0 d-------- C:\WINDOWS\Downloaded Installations
2008-08-03 19:21:45 0 d-------- C:\Program Files\Fichiers communs\InstallShield
2008-08-03 19:21:35 0 d-------- C:\dell
2008-08-03 19:11:26 0 d-------- C:\Documents and Settings\Wroblevski\Application Data\Identities
2008-08-03 19:11:17 0 d--h----- C:\Documents and Settings\Wroblevski\Voisinage réseau
2008-08-03 19:11:17 0 d--h----- C:\Documents and Settings\Wroblevski\Voisinage d'impression
2008-08-03 19:11:17 0 dr-h----- C:\Documents and Settings\Wroblevski\SendTo
2008-08-03 19:11:17 1572864 --ah----- C:\Documents and Settings\Wroblevski\NTUSER.DAT
2008-08-03 19:11:17 0 d--h----- C:\Documents and Settings\Wroblevski\Modèles
2008-08-03 19:11:17 0 dr------- C:\Documents and Settings\Wroblevski\Mes documents
2008-08-03 19:11:17 0 dr------- C:\Documents and Settings\Wroblevski\Menu Démarrer
2008-08-03 19:11:17 0 d--h----- C:\Documents and Settings\Wroblevski\Local Settings
2008-08-03 19:11:17 0 dr------- C:\Documents and Settings\Wroblevski\Favoris
2008-08-03 19:11:17 0 d---s---- C:\Documents and Settings\Wroblevski\Cookies
2008-08-03 19:11:17 0 d-------- C:\Documents and Settings\Wroblevski\Bureau
2008-08-03 19:11:17 0 dr-h----- C:\Documents and Settings\Wroblevski\Application Data
2008-08-03 19:09:06 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-08-03 19:09:05 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-08-03 19:09:04 229376 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-08-03 19:09:04 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-08-03 19:09:04 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-08-03 19:09:04 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-08-03 19:09:04 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-08-03 19:08:39 229376 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-08-03 19:08:39 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-08-03 19:08:39 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-08-03 19:08:39 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-08-03 19:08:39 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-08-03 19:06:22 0 d-------- C:\WINDOWS\system32\xircom
2008-08-03 19:06:20 262144 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-08-03 19:06:03 0 -rahs---- C:\MSDOS.SYS
2008-08-03 19:06:03 0 -rahs---- C:\IO.SYS
2008-08-03 19:06:03 0 --a------ C:\CONFIG.SYS
2008-08-03 19:06:03 0 --a------ C:\AUTOEXEC.BAT
2008-08-03 19:05:13 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-08-03 19:05:05 0 dr------- C:\WINDOWS\Offline Web Pages
2008-08-03 19:05:05 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-08-03 19:04:55 0 d--h----- C:\Program Files\WindowsUpdate
2008-08-03 19:04:52 0 d-------- C:\Program Files\Services en ligne
2008-08-03 19:04:37 0 d-------- C:\WINDOWS\system32\DirectX
2008-08-03 19:04:08 0 d---s---- C:\WINDOWS\Tasks
2008-08-03 19:04:08 0 d-------- C:\Program Files\Fichiers communs\MSSoap
2008-08-03 19:04:02 0 d-------- C:\WINDOWS\srchasst
2008-08-03 19:04:01 0 d-------- C:\WINDOWS\system32\Macromed
2008-08-03 19:03:51 0 d-------- C:\Program Files\Movie Maker
2008-08-03 19:03:40 0 d-------- C:\WINDOWS\system32\Restore
2008-08-03 19:03:05 23032 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-08-03 19:02:50 0 d-------- C:\WINDOWS\Registration
2008-08-03 19:02:18 0 d-------- C:\Program Files\Messenger
2008-08-03 19:02:15 0 d-------- C:\Program Files\MSN Gaming Zone
2008-08-03 19:01:42 0 d-------- C:\Program Files\Windows NT
2008-08-03 19:01:39 0 d-------- C:\WINDOWS\system32\MsDtc
2008-08-03 19:01:38 0 d-------- C:\WINDOWS\system32\Com
-- Find3M Report ---------------------------------------------------------------
2008-08-06 13:36:19 367658 --a------ C:\WINDOWS\system32\perfh00C.dat
2008-08-06 13:36:19 48616 --a------ C:\WINDOWS\system32\perfc00C.dat
2008-08-04 13:21:17 1097 --a------ C:\Documents and Settings\Wroblevski\Application Data\QuickZip45.ini
2008-08-03 20:55:14 62 --ahs---- C:\Documents and Settings\Wroblevski\Application Data\desktop.ini
2008-08-03 19:37:26 252240 -rahs---- C:\ntldr
2008-05-16 14:01:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-16 14:01:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-16 14:01:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-16 14:01:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-16 14:01:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-16 14:01:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-16 14:01:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-16 14:01:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
06.08.2008 12:29 62728 --a------ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [16.05.2008 14:01]
"nwiz"="nwiz.exe" [16.05.2008 14:01 C:\WINDOWS\system32\nwiz.exe]
"CmPCIaudio"="CMICNFG3.cpl" []
"Flashget"="C:\Program Files\FlashGet\FlashGet.exe" [25.09.2007 10:10]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [22.07.2008 20:42]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [27.05.2008 10:50]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30.07.2008 10:47]
"RemoteControl8"="C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" [20.03.2008 20:23]
"PDVD8LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" [14.12.2007 11:36]
"BDRegion"="C:\Program Files\Cyberlink\Shared Files\brs.exe" [27.06.2008 16:50]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [16.05.2008 14:01]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [25.04.2008 18:21]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [14.04.2008 04:34]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [07.07.2008 09:42]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
-- End of Deckard's System Scanner: finished at 2008-08-07 14:21:42 ------------
merci
Re,
Je pense que le problème vient de l'infection![;)]( ";)")
Ouvre Spybot , clique sur l'onglet Mode et choisis Mode Avancé
Ne tiens pas compte de l'avertissement
En bas à gauche , clique sur Outils
Toujours dans la colonne de gauche , clique sur Résident ( pas dans la fenêtre centrale )
Et décoche l'option Resident "TeaTimer"
1) Relance HijackThis (clique droit -> lancer en tant qu'adminstrateur sous Vista), clique sur "do a system scan only", coche ces lignes ( si présentes ) :
Ferme toutes les applications en cours (particulièrement ton navigateur Internet).
Puis Fix Checked ! N.B : Il est très important de fermer toutes les applications en cours et de se déconnecter d'internet pour fixer avec hijackthis au risque d'interférer avec les résultats de la manip'.
Redémarre le PC pour que les changements soient pris en compte.
2) D'abord je veux être sûr que tu puisses voir les fichiers/dossiers cachés :
[~]Aller dans poste de travail/outils/option des dossiers/affichage/afficher les fichiers et dossiers cachés/Appliquer - - > OK
[~]Aller dans poste de travail/outils/option des dossiers/affichage/décocher masquer les fichiers protégés du système d'exploitation./Appliquer - - > OK
Tu recocheras après.
[~] Poste de travail/outils/option des dossiers/affichage/décocher masquer les extensions dont le type est connu./Appliquer - - > OK
Supprime le fichier en gras suivant :
C:\WINDOWS\system32\blphccshj0e99l.scr
3) Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
4) Poste un nouveau dss scan, main.txt
![;)]( ";)")
Je pense que le problème vient de l'infection
Ouvre Spybot , clique sur l'onglet Mode et choisis Mode Avancé
Ne tiens pas compte de l'avertissement
En bas à gauche , clique sur Outils
Toujours dans la colonne de gauche , clique sur Résident ( pas dans la fenêtre centrale )
Et décoche l'option Resident "TeaTimer"
1) Relance HijackThis (clique droit -> lancer en tant qu'adminstrateur sous Vista), clique sur "do a system scan only", coche ces lignes ( si présentes ) :
O21 - SSODL: xokvrpwg - {1F894B93-1EB9-4A46-BB65-5C49DE717783} - (no file)
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
Ferme toutes les applications en cours (particulièrement ton navigateur Internet).
Puis Fix Checked ! N.B : Il est très important de fermer toutes les applications en cours et de se déconnecter d'internet pour fixer avec hijackthis au risque d'interférer avec les résultats de la manip'.
Redémarre le PC pour que les changements soient pris en compte.
2) D'abord je veux être sûr que tu puisses voir les fichiers/dossiers cachés :
[~]Aller dans poste de travail/outils/option des dossiers/affichage/afficher les fichiers et dossiers cachés/Appliquer - - > OK
[~]Aller dans poste de travail/outils/option des dossiers/affichage/décocher masquer les fichiers protégés du système d'exploitation./Appliquer - - > OK
Tu recocheras après.
[~] Poste de travail/outils/option des dossiers/affichage/décocher masquer les extensions dont le type est connu./Appliquer - - > OK
Supprime le fichier en gras suivant :
C:\WINDOWS\system32\blphccshj0e99l.scr
3) Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
4) Poste un nouveau dss scan, main.txt
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumVirus your privacy in danger et quot
- ForumVirus privacy is in danger
- ForumWarning your're in danger your computer.
- ForumFond ecran non modifiable privacy in danger
- ForumVirus privacy in danger
- ForumVirus warning you're in danger
- ForumWarning you're in danger virus
- ForumWarning you 039 re in danger.
- ForumWarning you are in danger
- ForumVirus warning our're in danger.
- Voir plus
