PC refuse de fonctionner après 3 heures d'utilisation
Dernière réponse : dans Sécurité
Alors voilà,
Depuis bientôt 6 mois, j'ai eu un virus, qui m'a téléchargé un espèce de faux antivirus et qui m'empêchait d'ouvrir toutes mes applications, sauf Internet. Grâce à Google, j'ai pu supprimer ce virus mais depuis, j'expérimente un énorme problème. Effectivement, après environ 3 heures/3 heures et demie d'utilisation, mon PC refuse de fonctionner. Si je suis en train de surfer sur le web. tous les caractères se superposent et la barre bleu en haut disparait. Si je ferme la fenêtre et que j'essaie de cliquer sur une application, j'obtiens un problème d'erreur ou le logo de l'application se blanchit. De plus, lorsque ce problème survient, le texte "Démarrer" de la barre Démarrer ne s'affiche plus et la barre bleue en bas devient inutilisable.
Voici quelques-uns des messages d'erreur que j'obtiens :
- L'application n'a pas réussi à s'initialiser correctement (0xc000012d). Cliquez sur OK pour arrêter l'application.
- L'application n'a pas réussi à s'initialiser correctement (0xc0000044). Cliquez sur OK pour arrêter l'application.
- L'application ou la DLL C:\Program Files\Mozilla Firefox\xul.dll n'est pas une image Windows valide.
- Le quota disponible est insuffisant pour traiter cette demande.
- L'application ou la DLL C:\windows\WinSxS\x86_Microsoft.VC80.CRT_1FC8B3B9A1E18E3B_8.0.50727.4053_x_ww_e6967989\MSVOR80.dll n'est pas une image Windows valide.
- L'application ou la DLL C:\windows\system32\ole32.dll n'est pas une image Windows valide.
- Ressources systèmes insuffisantes pour terminer le service demandé.
- [...] n'est pas une application win32 valide.
Il y a environ 2 mois, l'ordinateur refusait de s'ouvrir. Je suis allé le mener chez le technicien. Celui-ci l'a fait démarrer normalement, mais n'a pas réparer mon problème. Il y a une semaine, je suis retourné chez le technicien et il a été incapable de fixer mon problème. Veuillez noter que je suis sous un compte Administrateur et que tous les droits sont activés sur ce compte. Veuillez m'aider, je ne sais plus quoi faire.
Merci,
Matt
Depuis bientôt 6 mois, j'ai eu un virus, qui m'a téléchargé un espèce de faux antivirus et qui m'empêchait d'ouvrir toutes mes applications, sauf Internet. Grâce à Google, j'ai pu supprimer ce virus mais depuis, j'expérimente un énorme problème. Effectivement, après environ 3 heures/3 heures et demie d'utilisation, mon PC refuse de fonctionner. Si je suis en train de surfer sur le web. tous les caractères se superposent et la barre bleu en haut disparait. Si je ferme la fenêtre et que j'essaie de cliquer sur une application, j'obtiens un problème d'erreur ou le logo de l'application se blanchit. De plus, lorsque ce problème survient, le texte "Démarrer" de la barre Démarrer ne s'affiche plus et la barre bleue en bas devient inutilisable.
Voici quelques-uns des messages d'erreur que j'obtiens :
- L'application n'a pas réussi à s'initialiser correctement (0xc000012d). Cliquez sur OK pour arrêter l'application.
- L'application n'a pas réussi à s'initialiser correctement (0xc0000044). Cliquez sur OK pour arrêter l'application.
- L'application ou la DLL C:\Program Files\Mozilla Firefox\xul.dll n'est pas une image Windows valide.
- Le quota disponible est insuffisant pour traiter cette demande.
- L'application ou la DLL C:\windows\WinSxS\x86_Microsoft.VC80.CRT_1FC8B3B9A1E18E3B_8.0.50727.4053_x_ww_e6967989\MSVOR80.dll n'est pas une image Windows valide.
- L'application ou la DLL C:\windows\system32\ole32.dll n'est pas une image Windows valide.
- Ressources systèmes insuffisantes pour terminer le service demandé.
- [...] n'est pas une application win32 valide.
Il y a environ 2 mois, l'ordinateur refusait de s'ouvrir. Je suis allé le mener chez le technicien. Celui-ci l'a fait démarrer normalement, mais n'a pas réparer mon problème. Il y a une semaine, je suis retourné chez le technicien et il a été incapable de fixer mon problème. Veuillez noter que je suis sous un compte Administrateur et que tous les droits sont activés sur ce compte. Veuillez m'aider, je ne sais plus quoi faire.
Merci,
Matt
Autres pages sur : refuse fonctionner heures utilisation
Lassé par la pub ? Créez un compte
De plus, avant, l'heure affichée en bas en droite de l'écran demeurait gelée à l'heure précise où l'ordinateur bugait. Toutefois, depuis que j'ai enlevé quelques programmes, celle-ci ne gèle plus, mais le problème demeure. Lorsque je redémarre l'ordinateur, tout fonctionne correctement, jusqu'après 3 heures/3 heures 30.
Bonjour
Ce que je te propose:
On regarde s'il y a des restes d'infections, mais si je ne vois rien de flagrant, tu posteras en hardware pour vérifier ton matériel...
1
Télécharge![]()
DDS et sauvegarde-le sur ton bureau.
Désactive tout script bloquant, tels qu'un antivirus, un logiciel comme ad-block, noscript etc.
Double-clique sur dds.scr pour lancer l'outil.
Une fois le scan fini, un document texte, DDS.txt, va s'ouvrir .
Clique Oui à la prochaine invite Optional Scan.
Sauvegarde les deux rapports sur ton bureau et poste-moi uniquement le DDS.txt.
<@_@>**<@_@>**<@_@>**<@_@>**<@_@>**@_@>**<@_@><@_@>**<@_@>**<@_@>**<@_@>**
++
****
2
Télécharge GMER à partir de ce lien : http://www.gmer.net/files.php - clic sur "Download EXE" et télécharge le fichier sur ton bureau.
Voir le tutorial GMER, ça peut peut-être t'aider : http://www.malekal.com/tutorial_GMER.php
Désactive tes logiciels de protection (antivirus, antispyware etc) et ferme tous les programmes ouverts.
Double-clique sur le fichier GMER téléchargé.
IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
Clique sur l'onglet "rootkit"
A droite, coche tout.
Clique maintenant sur Scan.
Lorsque le scan est terminé, clique sur Copy.
Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
Le rapport doit alors apparaître.
Enregistre le fichier sur ton Bureau et poste le contenu ici.
++++++++++++++++++++++++
Ce que je te propose:
On regarde s'il y a des restes d'infections, mais si je ne vois rien de flagrant, tu posteras en hardware pour vérifier ton matériel...
1
Télécharge
DDS et sauvegarde-le sur ton bureau.<@_@>**<@_@>**<@_@>**<@_@>**<@_@>**@_@>**<@_@><@_@>**<@_@>**<@_@>**<@_@>**
++
****
2
Télécharge GMER à partir de ce lien : http://www.gmer.net/files.php - clic sur "Download EXE" et télécharge le fichier sur ton bureau.
Voir le tutorial GMER, ça peut peut-être t'aider : http://www.malekal.com/tutorial_GMER.php
IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
Le rapport doit alors apparaître.
++++++++++++++++++++++++
Merci beaucoup de t'occuper de mon cas.
Alors voici les fichiers :
DDS :
DDS (Ver_10-11-27.01) - NTFSx86
Run by Andr‚ at 17:16:41,84 on 2010-11-27
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professionnel 5.1.2600.3.1252.2.1036.18.1014.380 [GMT -5:00]
AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ESET Smart Security 4.2 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
============== Running Processes ===============
C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\windows\system32\spoolsv.exe
svchost.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\windows\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\windows\Explorer.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\StkASv2K.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\windows\system32\wuauclt.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\windows\system32\wscntfy.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\ArcSoft\TotalMedia Extreme\BackUp & Recorder\uBBMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Andre\Bureau\dds.scr
============== Pseudo HJT Report ===============
uSearch Page = ${URL_SEARCHPAGE}
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uSearch Bar =
mSearch Page = ${URL_SEARCHPAGE}
mStart Page = hxxp://www.bigseekpro.com/hypercam/{4328C0FE-3F76-4D6A-98FD-C805966A5C42}
uInternet Settings,ProxyOverride = <local>
mSearchAssistant =
uURLSearchHooks: PHPNukeFR Toolbar: {1c491116-c175-45e1-a570-6fb14fea8b7b} - c:\program files\phpnukefr\tbPHP1.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Aide pour le lien d'Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelper.dll
BHO: PHPNukeFR Toolbar: {1c491116-c175-45e1-a570-6fb14fea8b7b} - c:\program files\phpnukefr\tbPHP1.dll
BHO: {3d0057a9-f084-429b-a8b0-ad5fd7b03b9b} - No File
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: PHPNukeFR Toolbar: {1c491116-c175-45e1-a570-6fb14fea8b7b} - c:\program files\phpnukefr\tbPHP1.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB: {A057A204-BACC-4D26-9A9E-3AF287E2699B} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TkBellExe] "c:\program files\fichiers communs\real\update_ob\realsched.exe" -osboot
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [UVS11 Preload] c:\program files\ulead systems\ulead videostudio 11\uvPL.exe
mRun: [ArcSoft Connection Service] c:\program files\fichiers communs\arcsoft\connection service\bin\ACDaemon.exe
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\totalm~1.lnk - c:\program files\arcsoft\totalmedia extreme\backup & recorder\uBBMonitor.exe
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Free YouTube to Mp3 Converter - c:\documents and settings\andre\application data\dvdvideosoftiehelpers\youtubetomp3.htm
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
LSP: c:\program files\fichiers communs\pc tools\lsp\PCTLsp.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} - hxxp://musicmix.messenger.msn.com/Medialogic.CAB
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/...
DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://152.1.131.130/activex/AMC.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - hxxp://bmm.imgag.com/imgag/cp/install/crusher-caf.cab
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://gogo.hangame.com/common/HanSetup1010.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\rqRjgDts
LSA: Notification Packages = scecli AsWlnPkg
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://search.swagbucks.com/
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\andre\application data\mozilla\firefox\profiles\kzakl3kh.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\andre\application data\mozilla\firefox\profiles\kzakl3kh.default\extensions\flashplugin@idm\platform\winnt\plugins\npidmdcp.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: IDM FlashPlugin: flashplugin@idm - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\flashplugin@idm
FF - Extension: Foxdie: Foxdie@tanjihay.com - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\Foxdie@tanjihay.com
FF - Extension: Foxdie (Graphite): FoxdieGraphite@tanjihay.com - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\FoxdieGraphite@tanjihay.com
FF - Extension: Foxdie for Firefox: foxdie_ext_ocelot@foxdie.us - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\foxdie_ext_ocelot@foxdie.us
FF - Extension: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
FF - Extension: Qute: {36C13C8F-54F1-412e-8177-2E411719162D} - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
FF - Extension: RefControl: {455D905A-D37C-4643-A9E2-F6FEFAA0424A} - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}
FF - Extension: ChatZilla: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
FF - Extension: Media Converter: {6e764c17-863a-450f-bdd0-6772bd5aaa18} - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
FF - Extension: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
FF - Extension: Noia 2.0 (eXtreme): {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
FF - Extension: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Extension: JSView: {cf15270e-cf08-4def-b4ea-6a5ac23f3bca} - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\{cf15270e-cf08-4def-b4ea-6a5ac23f3bca}
FF - Extension: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Extension: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Extension: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Extension: FoxReplace: fox@replace.fx - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\fox@replace.fx
FF - Extension: Noia 2.0 eXtreme OPT: noia2_option@kk.noia - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\noia2_option@kk.noia
FF - Extension: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, true);
============= SERVICES / DRIVERS ===============
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-4-26 207280]
R1 archlp;archlp;c:\windows\system32\drivers\ArcHlp.sys [2010-11-26 91264]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-4-15 165584]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-7-29 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-8-3 95896]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-15 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-9 40384]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-4-26 198608]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-11-4 810144]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-10-12 47640]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-4-26 365280]
R3 ArcCD;ArcCD Filter Driver Service;c:\windows\system32\drivers\ArcCD.sys [2010-11-26 36224]
R3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [2007-4-21 9344]
S0 xdrmkdii;xdrmkdii;c:\windows\system32\drivers\qweoyvaz.sys --> c:\windows\system32\drivers\qweoyvaz.sys [?]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys --> c:\windows\system32\drivers\avgldx86.sys [?]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys --> c:\windows\system32\drivers\avgmfx86.sys [?]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys --> c:\windows\system32\drivers\avgtdix.sys [?]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe --> c:\progra~1\avg\avg8\avgemc.exe [?]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe --> c:\progra~1\avg\avg8\avgwdsvc.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-9 136176]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]
S2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;"c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe" --> c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [?]
S2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe --> c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [?]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-9 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-9 40384]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-14 34448]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\screamingbaudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-4-26 1141712]
S3 StkCMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\drivers\StkCMini.sys [2010-11-21 1579144]
S4 ArcUdfs;ArcUdfs FileSystem Driver Service;c:\windows\system32\drivers\ArcUdfs.sys [2010-11-26 134912]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
=============== Created Last 30 ================
2010-11-27 02:22:47 7680 ----a-w- c:\windows\system32\drivers\ArcRec.sys
2010-11-27 02:22:47 36224 ----a-w- c:\windows\system32\drivers\ArcCD.sys
2010-11-27 02:22:47 134912 ----a-w- c:\windows\system32\drivers\ArcUdfs.sys
2010-11-27 02:22:45 11776 ----a-w- c:\windows\system32\drivers\afc.sys
2010-11-27 02:21:16 91264 ----a-w- c:\windows\system32\drivers\ArcHlp.sys
2010-11-27 02:21:04 61440 ----a-w- c:\windows\system32\MMCEDT.exe
2010-11-27 02:20:59 -------- d-----w- c:\docume~1\andre\locals~1\applic~1\ArcSoft
2010-11-27 02:20:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\ArcSoft
2010-11-27 02:20:36 400128 ----a-w- c:\windows\system32\MSLUP60.dll
2010-11-27 02:20:36 256768 ----a-w- c:\windows\system32\MSLURT.dll
2010-11-26 13:39:18 -------- d-----w- c:\program files\Velvetmatter
2010-11-23 12:52:53 -------- d-----w- c:\program files\ESET
2010-11-23 00:29:08 -------- d-----w- c:\docume~1\andre\applic~1\Process Hacker 2
2010-11-21 20:06:12 -------- d-----w- c:\program files\Noel Danjou
2010-11-21 20:04:17 24576 ----a-w- c:\windows\system32\StkAUSD.dll
2010-11-21 20:04:03 692224 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\iKernel.dll
2010-11-21 20:04:03 57344 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\ctor.dll
2010-11-21 20:04:03 5632 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
2010-11-21 20:04:03 237568 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\iscript.dll
2010-11-21 20:04:03 155648 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\iuser.dll
2010-11-21 20:04:02 282756 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\setup.dll
2010-11-21 20:04:02 163972 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\iGdi.dll
2010-11-21 19:49:39 -------- d-----w- c:\program files\USB_video_device
2010-11-21 19:02:37 -------- d-----w- c:\docume~1\andre\locals~1\applic~1\VHS to DVD
2010-11-21 18:51:52 -------- d-----w- c:\program files\fichiers communs\InterVideo
2010-11-21 18:51:42 -------- d-----w- c:\docume~1\alluse~1\applic~1\InterVideo
2010-11-21 18:51:39 210456 ----a-w- c:\windows\system32\IVIresizeW7.dll
2010-11-21 18:51:39 194072 ----a-w- c:\windows\system32\IVIresizePX.dll
2010-11-21 18:51:38 26136 ----a-w- c:\windows\system32\IVIresize.dll
2010-11-21 18:51:38 206360 ----a-w- c:\windows\system32\IVIresizeA6.dll
2010-11-21 18:51:38 198168 ----a-w- c:\windows\system32\IVIresizeP6.dll
2010-11-21 18:51:38 198168 ----a-w- c:\windows\system32\IVIresizeM6.dll
2010-11-21 18:51:32 212992 ----a-w- c:\program files\fichiers communs\installshield\engine\6\intel 32\ILog.dll
2010-11-21 18:48:53 -------- d-----w- c:\program files\Ulead Systems
2010-11-21 18:48:53 -------- d-----w- c:\program files\fichiers communs\Ulead Systems
2010-11-21 18:17:23 -------- d-----w- c:\program files\honestech VHS to DVD 2.0 SE
2010-11-21 18:16:50 -------- d-----w- c:\program files\honestech
2010-11-21 18:15:25 84616 ----a-w- c:\windows\StkUnist.exe
2010-11-21 18:15:25 76424 ----a-w- c:\windows\system32\StkCWIA.dll
2010-11-21 18:15:25 55944 ----a-w- c:\windows\system32\StkSSrv.dll
2010-11-21 18:15:25 347152 ----a-w- c:\windows\VideoView.exe
2010-11-21 18:15:25 31368 ----a-w- c:\windows\system32\StkCSrv.exe
2010-11-21 18:15:25 236168 ----a-w- c:\windows\system32\StkCProp.ax
2010-11-21 18:15:25 113288 ----a-w- c:\windows\StkC112X.exe
2010-11-21 18:15:24 25608 ----a-w- c:\windows\system32\drivers\StkCSam.sys
2010-11-21 18:15:24 197648 ----a-w- c:\windows\system32\drivers\StkCSF.sys
2010-11-21 18:15:22 1579144 ----a-w- c:\windows\system32\drivers\StkCMini.sys
2010-11-21 18:15:22 13874824 ----a-w- c:\windows\system32\drivers\StkCPipe.sys
2010-10-29 01:24:28 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-29 01:24:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-29 01:24:28 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
==================== Find3M ====================
2010-10-21 22:48:32 1294336 ----a-w- c:\windows\system32\SET115.tmp
2010-10-19 20:51:33 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-18 16:23:26 974848 ------w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:24 974848 ------w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:24 954368 ------w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:24 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-10 05:50:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:50:15 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:50:15 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr
2010-09-01 11:51:51 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:55:16 1852928 ------w- c:\windows\system32\win32k.sys
2006-05-03 10:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
============= FINISH: 17:18:05,54 ===============
Alors voici les fichiers :
DDS :
DDS (Ver_10-11-27.01) - NTFSx86
Run by Andr‚ at 17:16:41,84 on 2010-11-27
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professionnel 5.1.2600.3.1252.2.1036.18.1014.380 [GMT -5:00]
AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ESET Smart Security 4.2 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
============== Running Processes ===============
C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\windows\system32\spoolsv.exe
svchost.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\windows\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\windows\Explorer.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\StkASv2K.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\windows\system32\wuauclt.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\windows\system32\wscntfy.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\ArcSoft\TotalMedia Extreme\BackUp & Recorder\uBBMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Andre\Bureau\dds.scr
============== Pseudo HJT Report ===============
uSearch Page = ${URL_SEARCHPAGE}
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uSearch Bar =
mSearch Page = ${URL_SEARCHPAGE}
mStart Page = hxxp://www.bigseekpro.com/hypercam/{4328C0FE-3F76-4D6A-98FD-C805966A5C42}
uInternet Settings,ProxyOverride = <local>
mSearchAssistant =
uURLSearchHooks: PHPNukeFR Toolbar: {1c491116-c175-45e1-a570-6fb14fea8b7b} - c:\program files\phpnukefr\tbPHP1.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Aide pour le lien d'Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelper.dll
BHO: PHPNukeFR Toolbar: {1c491116-c175-45e1-a570-6fb14fea8b7b} - c:\program files\phpnukefr\tbPHP1.dll
BHO: {3d0057a9-f084-429b-a8b0-ad5fd7b03b9b} - No File
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: PHPNukeFR Toolbar: {1c491116-c175-45e1-a570-6fb14fea8b7b} - c:\program files\phpnukefr\tbPHP1.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB: {A057A204-BACC-4D26-9A9E-3AF287E2699B} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TkBellExe] "c:\program files\fichiers communs\real\update_ob\realsched.exe" -osboot
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [UVS11 Preload] c:\program files\ulead systems\ulead videostudio 11\uvPL.exe
mRun: [ArcSoft Connection Service] c:\program files\fichiers communs\arcsoft\connection service\bin\ACDaemon.exe
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\totalm~1.lnk - c:\program files\arcsoft\totalmedia extreme\backup & recorder\uBBMonitor.exe
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Free YouTube to Mp3 Converter - c:\documents and settings\andre\application data\dvdvideosoftiehelpers\youtubetomp3.htm
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
LSP: c:\program files\fichiers communs\pc tools\lsp\PCTLsp.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} - hxxp://musicmix.messenger.msn.com/Medialogic.CAB
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/...
DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://152.1.131.130/activex/AMC.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - hxxp://bmm.imgag.com/imgag/cp/install/crusher-caf.cab
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://gogo.hangame.com/common/HanSetup1010.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\rqRjgDts
LSA: Notification Packages = scecli AsWlnPkg
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://search.swagbucks.com/
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\andre\application data\mozilla\firefox\profiles\kzakl3kh.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\andre\application data\mozilla\firefox\profiles\kzakl3kh.default\extensions\flashplugin@idm\platform\winnt\plugins\npidmdcp.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: IDM FlashPlugin: flashplugin@idm - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\flashplugin@idm
FF - Extension: Foxdie: Foxdie@tanjihay.com - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\Foxdie@tanjihay.com
FF - Extension: Foxdie (Graphite): FoxdieGraphite@tanjihay.com - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\FoxdieGraphite@tanjihay.com
FF - Extension: Foxdie for Firefox: foxdie_ext_ocelot@foxdie.us - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\foxdie_ext_ocelot@foxdie.us
FF - Extension: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
FF - Extension: Qute: {36C13C8F-54F1-412e-8177-2E411719162D} - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
FF - Extension: RefControl: {455D905A-D37C-4643-A9E2-F6FEFAA0424A} - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}
FF - Extension: ChatZilla: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
FF - Extension: Media Converter: {6e764c17-863a-450f-bdd0-6772bd5aaa18} - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
FF - Extension: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
FF - Extension: Noia 2.0 (eXtreme): {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
FF - Extension: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Extension: JSView: {cf15270e-cf08-4def-b4ea-6a5ac23f3bca} - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\{cf15270e-cf08-4def-b4ea-6a5ac23f3bca}
FF - Extension: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Extension: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Extension: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Extension: FoxReplace: fox@replace.fx - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\fox@replace.fx
FF - Extension: Noia 2.0 eXtreme OPT: noia2_option@kk.noia - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\noia2_option@kk.noia
FF - Extension: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - c:\docume~1\andre\applic~1\mozilla\firefox\profiles\kzakl3kh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, true);
============= SERVICES / DRIVERS ===============
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-4-26 207280]
R1 archlp;archlp;c:\windows\system32\drivers\ArcHlp.sys [2010-11-26 91264]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-4-15 165584]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-7-29 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-8-3 95896]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-15 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-9 40384]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-4-26 198608]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-11-4 810144]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-10-12 47640]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-4-26 365280]
R3 ArcCD;ArcCD Filter Driver Service;c:\windows\system32\drivers\ArcCD.sys [2010-11-26 36224]
R3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [2007-4-21 9344]
S0 xdrmkdii;xdrmkdii;c:\windows\system32\drivers\qweoyvaz.sys --> c:\windows\system32\drivers\qweoyvaz.sys [?]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys --> c:\windows\system32\drivers\avgldx86.sys [?]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys --> c:\windows\system32\drivers\avgmfx86.sys [?]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys --> c:\windows\system32\drivers\avgtdix.sys [?]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe --> c:\progra~1\avg\avg8\avgemc.exe [?]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe --> c:\progra~1\avg\avg8\avgwdsvc.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-9 136176]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]
S2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;"c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe" --> c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [?]
S2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe --> c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [?]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-9 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-9 40384]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-14 34448]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\screamingbaudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-4-26 1141712]
S3 StkCMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\drivers\StkCMini.sys [2010-11-21 1579144]
S4 ArcUdfs;ArcUdfs FileSystem Driver Service;c:\windows\system32\drivers\ArcUdfs.sys [2010-11-26 134912]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
=============== Created Last 30 ================
2010-11-27 02:22:47 7680 ----a-w- c:\windows\system32\drivers\ArcRec.sys
2010-11-27 02:22:47 36224 ----a-w- c:\windows\system32\drivers\ArcCD.sys
2010-11-27 02:22:47 134912 ----a-w- c:\windows\system32\drivers\ArcUdfs.sys
2010-11-27 02:22:45 11776 ----a-w- c:\windows\system32\drivers\afc.sys
2010-11-27 02:21:16 91264 ----a-w- c:\windows\system32\drivers\ArcHlp.sys
2010-11-27 02:21:04 61440 ----a-w- c:\windows\system32\MMCEDT.exe
2010-11-27 02:20:59 -------- d-----w- c:\docume~1\andre\locals~1\applic~1\ArcSoft
2010-11-27 02:20:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\ArcSoft
2010-11-27 02:20:36 400128 ----a-w- c:\windows\system32\MSLUP60.dll
2010-11-27 02:20:36 256768 ----a-w- c:\windows\system32\MSLURT.dll
2010-11-26 13:39:18 -------- d-----w- c:\program files\Velvetmatter
2010-11-23 12:52:53 -------- d-----w- c:\program files\ESET
2010-11-23 00:29:08 -------- d-----w- c:\docume~1\andre\applic~1\Process Hacker 2
2010-11-21 20:06:12 -------- d-----w- c:\program files\Noel Danjou
2010-11-21 20:04:17 24576 ----a-w- c:\windows\system32\StkAUSD.dll
2010-11-21 20:04:03 692224 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\iKernel.dll
2010-11-21 20:04:03 57344 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\ctor.dll
2010-11-21 20:04:03 5632 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
2010-11-21 20:04:03 237568 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\iscript.dll
2010-11-21 20:04:03 155648 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\iuser.dll
2010-11-21 20:04:02 282756 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\setup.dll
2010-11-21 20:04:02 163972 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\iGdi.dll
2010-11-21 19:49:39 -------- d-----w- c:\program files\USB_video_device
2010-11-21 19:02:37 -------- d-----w- c:\docume~1\andre\locals~1\applic~1\VHS to DVD
2010-11-21 18:51:52 -------- d-----w- c:\program files\fichiers communs\InterVideo
2010-11-21 18:51:42 -------- d-----w- c:\docume~1\alluse~1\applic~1\InterVideo
2010-11-21 18:51:39 210456 ----a-w- c:\windows\system32\IVIresizeW7.dll
2010-11-21 18:51:39 194072 ----a-w- c:\windows\system32\IVIresizePX.dll
2010-11-21 18:51:38 26136 ----a-w- c:\windows\system32\IVIresize.dll
2010-11-21 18:51:38 206360 ----a-w- c:\windows\system32\IVIresizeA6.dll
2010-11-21 18:51:38 198168 ----a-w- c:\windows\system32\IVIresizeP6.dll
2010-11-21 18:51:38 198168 ----a-w- c:\windows\system32\IVIresizeM6.dll
2010-11-21 18:51:32 212992 ----a-w- c:\program files\fichiers communs\installshield\engine\6\intel 32\ILog.dll
2010-11-21 18:48:53 -------- d-----w- c:\program files\Ulead Systems
2010-11-21 18:48:53 -------- d-----w- c:\program files\fichiers communs\Ulead Systems
2010-11-21 18:17:23 -------- d-----w- c:\program files\honestech VHS to DVD 2.0 SE
2010-11-21 18:16:50 -------- d-----w- c:\program files\honestech
2010-11-21 18:15:25 84616 ----a-w- c:\windows\StkUnist.exe
2010-11-21 18:15:25 76424 ----a-w- c:\windows\system32\StkCWIA.dll
2010-11-21 18:15:25 55944 ----a-w- c:\windows\system32\StkSSrv.dll
2010-11-21 18:15:25 347152 ----a-w- c:\windows\VideoView.exe
2010-11-21 18:15:25 31368 ----a-w- c:\windows\system32\StkCSrv.exe
2010-11-21 18:15:25 236168 ----a-w- c:\windows\system32\StkCProp.ax
2010-11-21 18:15:25 113288 ----a-w- c:\windows\StkC112X.exe
2010-11-21 18:15:24 25608 ----a-w- c:\windows\system32\drivers\StkCSam.sys
2010-11-21 18:15:24 197648 ----a-w- c:\windows\system32\drivers\StkCSF.sys
2010-11-21 18:15:22 1579144 ----a-w- c:\windows\system32\drivers\StkCMini.sys
2010-11-21 18:15:22 13874824 ----a-w- c:\windows\system32\drivers\StkCPipe.sys
2010-10-29 01:24:28 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-29 01:24:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-29 01:24:28 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
==================== Find3M ====================
2010-10-21 22:48:32 1294336 ----a-w- c:\windows\system32\SET115.tmp
2010-10-19 20:51:33 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-18 16:23:26 974848 ------w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:24 974848 ------w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:24 954368 ------w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:24 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-10 05:50:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:50:15 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:50:15 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr
2010-09-01 11:51:51 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:55:16 1852928 ------w- c:\windows\system32\win32k.sys
2006-05-03 10:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
============= FINISH: 17:18:05,54 ===============
GMER :
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-27 19:55:11
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST380815AS rev.3.CHF
Running: tsc7dp59.exe; Driver: C:\DOCUME~1\Andre\LOCALS~1\Temp\uwldipog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwAssignProcessToJobObject [0xAA12F610]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xA9E32CF0]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF7324E22]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF7305CDC]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF7305ECE]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDebugActiveProcess [0xAA12FC10]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF7325610]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF73258C4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xA9E32782]
SSDT spob.sys ZwEnumerateKey [0xF7421DA4]
SSDT spob.sys ZwEnumerateValueKey [0xF7422132]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF7323B14]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xA9E326C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xA9E32726]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwProtectVirtualMemory [0xAA12F6D0]
SSDT spob.sys ZwQueryKey [0xF742220A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xA9E32DA6]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF7325D30]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xA9E32D66]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetContextThread [0xAA12F690]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetInformationThread [0xAA12F650]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSecurityObject [0xAA12F7D0]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF73250E2]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendProcess [0xAA12F510]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendThread [0xAA12F590]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF7305982]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateThread [0xAA12F5D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwWriteVirtualMemory [0xAA12F750]
INT 0x62 ? 86BD8BF8
INT 0x63 ? 86918BF8
INT 0x73 ? 86918BF8
INT 0x82 ? 86BD8BF8
INT 0x83 ? 86918BF8
INT 0xB4 ? 86918BF8
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xA9E3F9D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xA9E3FB0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2FE9 80504885 7 Bytes [59, 30, F7, D0, F5, 12, AA]
PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP A9E3FB10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection 805AB38E 7 Bytes JMP A9E3F9D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC502 5 Bytes JMP A9E3B5D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2F86 5 Bytes JMP A9E3CFFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? spob.sys Le fichier spécifié est introuvable. !
.text USBPORT.SYS!DllUnload F60FC8AC 5 Bytes JMP 869181D8
init C:\windows\System32\Drivers\ArcRec.SYS entry point in "init" section [0xF7B4D138]
? C:\DOCUME~1\Andre\LOCALS~1\Temp\mbr.sys Le fichier spécifié est introuvable. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1252] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F740A042] spob.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F740A13E] spob.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F740A0C0] spob.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F740A800] spob.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F740A6D6] spob.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7419B90] spob.sys
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\windows\system32\services.exe[1964] @ C:\windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\windows\system32\services.exe[1964] @ C:\windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Ntfs \Ntfs 86BD71F8
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\NetBT \Device\NetBT_Tcpip_{0E97A1A8-FA55-41CF-B4CA-E15ECF7D3E25} 860281F8
Device \Driver\usbuhci \Device\USBPDO-0 868221F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 86B651F8
Device \Driver\dmio \Device\DmControl\DmConfig 86B651F8
Device \Driver\dmio \Device\DmControl\DmPnP 86B651F8
Device \Driver\dmio \Device\DmControl\DmInfo 86B651F8
Device \Driver\usbuhci \Device\USBPDO-1 868221F8
Device \Driver\usbuhci \Device\USBPDO-2 868221F8
Device \Driver\usbuhci \Device\USBPDO-3 868221F8
Device \Driver\usbehci \Device\USBPDO-4 869001F8
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\Ftdisk \Device\HarddiskVolume1 86BD91F8
Device \Driver\Cdrom \Device\CdRom0 867F71F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 [F733CB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F733CB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F733CB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F733CB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f [F733CB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 867F71F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 860281F8
Device \Driver\NetBT \Device\NetbiosSmb 860281F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B361863F-C304-4AFC-83C7-0F907B416EE5} 860281F8
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\usbuhci \Device\USBFDO-0 868221F8
Device \Driver\usbuhci \Device\USBFDO-1 868221F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 85FF81F8
Device \Driver\usbuhci \Device\USBFDO-2 868221F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 85FF81F8
Device \Driver\usbuhci \Device\USBFDO-3 868221F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{36625128-4C12-424B-AB32-07485E4B812F} 860281F8
Device \Driver\usbehci \Device\USBFDO-4 869001F8
Device \Driver\Ftdisk \Device\FtControl 86BD91F8
Device \FileSystem\Cdfs \Cdfs 86698430
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC7 0x94 0xE6 0x52 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC7 0x94 0xE6 0x52 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C038FD21-7045-A7F2-9DBB-E4312ED84029}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C038FD21-7045-A7F2-9DBB-E4312ED84029}@hapbfpdpjgnibnho 0x6A 0x61 0x6A 0x6A ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C038FD21-7045-A7F2-9DBB-E4312ED84029}@iafldilakpibmgnmgn 0x63 0x61 0x6C 0x67 ...
---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-27 19:55:11
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST380815AS rev.3.CHF
Running: tsc7dp59.exe; Driver: C:\DOCUME~1\Andre\LOCALS~1\Temp\uwldipog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwAssignProcessToJobObject [0xAA12F610]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xA9E32CF0]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF7324E22]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF7305CDC]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF7305ECE]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDebugActiveProcess [0xAA12FC10]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF7325610]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF73258C4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xA9E32782]
SSDT spob.sys ZwEnumerateKey [0xF7421DA4]
SSDT spob.sys ZwEnumerateValueKey [0xF7422132]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF7323B14]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xA9E326C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xA9E32726]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwProtectVirtualMemory [0xAA12F6D0]
SSDT spob.sys ZwQueryKey [0xF742220A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xA9E32DA6]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF7325D30]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xA9E32D66]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetContextThread [0xAA12F690]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetInformationThread [0xAA12F650]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSecurityObject [0xAA12F7D0]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF73250E2]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendProcess [0xAA12F510]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendThread [0xAA12F590]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF7305982]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateThread [0xAA12F5D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwWriteVirtualMemory [0xAA12F750]
INT 0x62 ? 86BD8BF8
INT 0x63 ? 86918BF8
INT 0x73 ? 86918BF8
INT 0x82 ? 86BD8BF8
INT 0x83 ? 86918BF8
INT 0xB4 ? 86918BF8
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xA9E3F9D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xA9E3FB0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2FE9 80504885 7 Bytes [59, 30, F7, D0, F5, 12, AA]
PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP A9E3FB10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection 805AB38E 7 Bytes JMP A9E3F9D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC502 5 Bytes JMP A9E3B5D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2F86 5 Bytes JMP A9E3CFFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? spob.sys Le fichier spécifié est introuvable. !
.text USBPORT.SYS!DllUnload F60FC8AC 5 Bytes JMP 869181D8
init C:\windows\System32\Drivers\ArcRec.SYS entry point in "init" section [0xF7B4D138]
? C:\DOCUME~1\Andre\LOCALS~1\Temp\mbr.sys Le fichier spécifié est introuvable. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1252] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F740A042] spob.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F740A13E] spob.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F740A0C0] spob.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F740A800] spob.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F740A6D6] spob.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7419B90] spob.sys
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\windows\system32\services.exe[1964] @ C:\windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\windows\system32\services.exe[1964] @ C:\windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Ntfs \Ntfs 86BD71F8
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\NetBT \Device\NetBT_Tcpip_{0E97A1A8-FA55-41CF-B4CA-E15ECF7D3E25} 860281F8
Device \Driver\usbuhci \Device\USBPDO-0 868221F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 86B651F8
Device \Driver\dmio \Device\DmControl\DmConfig 86B651F8
Device \Driver\dmio \Device\DmControl\DmPnP 86B651F8
Device \Driver\dmio \Device\DmControl\DmInfo 86B651F8
Device \Driver\usbuhci \Device\USBPDO-1 868221F8
Device \Driver\usbuhci \Device\USBPDO-2 868221F8
Device \Driver\usbuhci \Device\USBPDO-3 868221F8
Device \Driver\usbehci \Device\USBPDO-4 869001F8
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\Ftdisk \Device\HarddiskVolume1 86BD91F8
Device \Driver\Cdrom \Device\CdRom0 867F71F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 [F733CB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F733CB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F733CB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F733CB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f [F733CB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 867F71F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 860281F8
Device \Driver\NetBT \Device\NetbiosSmb 860281F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B361863F-C304-4AFC-83C7-0F907B416EE5} 860281F8
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\usbuhci \Device\USBFDO-0 868221F8
Device \Driver\usbuhci \Device\USBFDO-1 868221F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 85FF81F8
Device \Driver\usbuhci \Device\USBFDO-2 868221F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 85FF81F8
Device \Driver\usbuhci \Device\USBFDO-3 868221F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{36625128-4C12-424B-AB32-07485E4B812F} 860281F8
Device \Driver\usbehci \Device\USBFDO-4 869001F8
Device \Driver\Ftdisk \Device\FtControl 86BD91F8
Device \FileSystem\Cdfs \Cdfs 86698430
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC7 0x94 0xE6 0x52 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC7 0x94 0xE6 0x52 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C038FD21-7045-A7F2-9DBB-E4312ED84029}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C038FD21-7045-A7F2-9DBB-E4312ED84029}@hapbfpdpjgnibnho 0x6A 0x61 0x6A 0x6A ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C038FD21-7045-A7F2-9DBB-E4312ED84029}@iafldilakpibmgnmgn 0x63 0x61 0x6C 0x67 ...
---- EOF - GMER 1.0.15 ----
Bonsoir,
effectivement, il reste des trucs...
mais commence par choisir entre tes antivirus avast/eset, un seul antivirus suffit!!!
lire: Conséquences de la multi-protection
+
Tuto:désinstaller un antivirus (utilise le remove tool pour virer les restes d'avg8 également)
++++++++++++++++++++
Désactive ton antivirus et tout autre type de protection.
Télécharge ComboFix de sUBs :![]()
Combofix
Sauvegarde-le sur ton bureau et pas ailleurs!
Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"
viens sur le forum et édition "coller"
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
<@_@>
effectivement, il reste des trucs...
mais commence par choisir entre tes antivirus avast/eset, un seul antivirus suffit!!!
lire: Conséquences de la multi-protection
+
Tuto:désinstaller un antivirus (utilise le remove tool pour virer les restes d'avg8 également)
++++++++++++++++++++
Désactive ton antivirus et tout autre type de protection.
Télécharge ComboFix de sUBs :
Combofix Sauvegarde-le sur ton bureau et pas ailleurs!
Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"
viens sur le forum et édition "coller"
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
<@_@>
ComboFix 10-11-29.03 - André 2010-11-29 19:23:50.1.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.2.1036.18.1014.448 [GMT -5:00]
Lancé depuis: c:\documents and settings\Andre\Bureau\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ESET Smart Security 4.2 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Andre\Application Data\inst.exe
c:\program files\MSNCS
c:\program files\MSNCS\data\emxfile001.dat
c:\program files\MSNCS\data\msnusr.ini
c:\program files\MSNCS\data\ps_demo_report.html
c:\program files\MSNCS\data\testftpok.html
c:\program files\MSNCS\help.chm
c:\program files\MSNCS\License.txt
c:\program files\MSNCS\readme.txt
c:\program files\MSNCS\unins000.dat
c:\program files\MSNCS\unins000.exe
c:\windows\f96ac0e5-19d2-42c5-8f68-eb7a99861769.ocx
c:\windows\system32\2d2ca2ce-704a-428c-8cbe-0736b29190aa.dll
c:\windows\system32\msnappini.ini
c:\windows\system32\mxpvct22.dat
c:\windows\system32\mxpvct25.dat
c:\windows\system32\win32.dll
c:\windows\wpe pro.INI
c:\windows\XSxS
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-10-28 au 2010-11-30 ))))))))))))))))))))))))))))))))))))
.
2010-11-30 00:00 . 2010-11-30 00:00 -------- d-----w- c:\program files\Unlocker
2010-11-27 02:22 . 2007-11-06 18:22 36224 ----a-w- c:\windows\system32\drivers\ArcCD.sys
2010-11-27 02:22 . 2007-04-25 13:55 134912 ----a-w- c:\windows\system32\drivers\ArcUdfs.sys
2010-11-27 02:22 . 2007-04-24 16:33 7680 ----a-w- c:\windows\system32\drivers\ArcRec.sys
2010-11-27 02:22 . 2005-02-23 19:58 11776 ----a-w- c:\windows\system32\drivers\afc.sys
2010-11-27 02:21 . 2009-08-13 16:45 91264 ----a-w- c:\windows\system32\drivers\ArcHlp.sys
2010-11-27 02:21 . 2008-08-08 21:31 61440 ----a-w- c:\windows\system32\MMCEDT.exe
2010-11-27 02:20 . 2010-11-27 02:23 -------- d-----w- c:\documents and settings\Andre\Local Settings\Application Data\ArcSoft
2010-11-27 02:20 . 2010-11-28 02:47 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft
2010-11-27 02:20 . 2010-11-27 02:20 -------- d-----w- c:\program files\ArcSoft
2010-11-27 02:20 . 2007-04-19 14:39 256768 ----a-w- c:\windows\system32\MSLURT.dll
2010-11-27 02:20 . 2007-04-19 14:39 400128 ----a-w- c:\windows\system32\MSLUP60.dll
2010-11-26 13:39 . 2010-11-26 13:39 -------- d-----w- c:\program files\Velvetmatter
2010-11-23 00:29 . 2010-11-23 00:29 -------- d-----w- c:\documents and settings\Andre\Application Data\Process Hacker 2
2010-11-21 20:06 . 2010-11-21 20:06 -------- d-----w- c:\program files\Noel Danjou
2010-11-21 20:04 . 2006-05-24 04:48 24576 ----a-w- c:\windows\system32\StkAUSD.dll
2010-11-21 20:04 . 2002-12-05 19:12 692224 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2010-11-21 20:04 . 2002-12-05 19:10 155648 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2010-11-21 20:04 . 2002-12-02 20:22 5632 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2010-11-21 20:04 . 2002-12-02 18:33 57344 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2010-11-21 20:04 . 2002-12-02 18:33 237568 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2010-11-21 20:04 . 2010-11-21 20:04 282756 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2010-11-21 20:04 . 2010-11-21 20:04 163972 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2010-11-21 19:49 . 2010-11-21 19:49 -------- d-----w- c:\program files\DIFX
2010-11-21 19:49 . 2010-11-21 19:49 -------- d-----w- c:\program files\USB_video_device
2010-11-21 19:02 . 2010-11-21 19:02 -------- d-----w- c:\documents and settings\Andre\Local Settings\Application Data\VHS to DVD
2010-11-21 18:52 . 2010-11-21 18:53 -------- d-----w- c:\documents and settings\Andre\Application Data\Ulead Systems
2010-11-21 18:51 . 2010-11-21 18:51 -------- d-----w- c:\program files\Fichiers communs\InterVideo
2010-11-21 18:51 . 2010-11-21 18:51 -------- d-----w- c:\documents and settings\All Users\Application Data\InterVideo
2010-11-21 18:51 . 2007-03-06 16:58 210456 ----a-w- c:\windows\system32\IVIresizeW7.dll
2010-11-21 18:51 . 2007-03-06 16:58 194072 ----a-w- c:\windows\system32\IVIresizePX.dll
2010-11-21 18:51 . 2007-03-06 16:58 198168 ----a-w- c:\windows\system32\IVIresizeP6.dll
2010-11-21 18:51 . 2007-03-06 16:58 198168 ----a-w- c:\windows\system32\IVIresizeM6.dll
2010-11-21 18:51 . 2007-03-06 16:58 206360 ----a-w- c:\windows\system32\IVIresizeA6.dll
2010-11-21 18:51 . 2007-03-06 16:58 26136 ----a-w- c:\windows\system32\IVIresize.dll
2010-11-21 18:51 . 2000-01-04 11:39 212992 ----a-w- c:\program files\Fichiers communs\InstallShield\Engine\6\Intel 32\ILog.dll
2010-11-21 18:48 . 2010-11-21 18:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2010-11-21 18:48 . 2010-11-21 18:50 -------- d-----w- c:\program files\Fichiers communs\Ulead Systems
2010-11-21 18:48 . 2010-11-21 18:48 -------- d-----w- c:\program files\Ulead Systems
2010-11-21 18:17 . 2010-11-21 18:17 -------- d-----w- c:\program files\honestech VHS to DVD 2.0 SE
2010-11-21 18:16 . 2010-11-21 18:16 -------- d-----w- c:\program files\honestech
2010-11-21 18:15 . 2010-04-16 18:59 236168 ----a-w- c:\windows\system32\StkCProp.ax
2010-11-21 18:15 . 2010-03-30 01:35 84616 ----a-w- c:\windows\StkUnist.exe
2010-11-21 18:15 . 2010-03-27 01:24 55944 ----a-w- c:\windows\system32\StkSSrv.dll
2010-11-21 18:15 . 2010-03-27 01:24 76424 ----a-w- c:\windows\system32\StkCWIA.dll
2010-11-21 18:15 . 2010-03-27 01:23 31368 ----a-w- c:\windows\system32\StkCSrv.exe
2010-11-21 18:15 . 2010-03-27 01:23 113288 ----a-w- c:\windows\StkC112X.exe
2010-11-21 18:15 . 2009-06-11 20:15 347152 ----a-w- c:\windows\VideoView.exe
2010-11-21 18:15 . 2010-05-28 22:43 25608 ----a-w- c:\windows\system32\drivers\StkCSam.sys
2010-11-21 18:15 . 2009-05-03 20:04 197648 ----a-w- c:\windows\system32\drivers\StkCSF.sys
2010-11-21 18:15 . 2010-06-07 21:02 1579144 ----a-w- c:\windows\system32\drivers\StkCMini.sys
2010-11-21 18:15 . 2010-03-26 20:43 13874824 ----a-w- c:\windows\system32\drivers\StkCPipe.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-29 01:24 . 2010-10-29 01:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-29 01:24 . 2010-10-29 01:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-21 22:48 . 2010-10-21 22:48 1294336 ----a-w- c:\windows\system32\SET115.tmp
2010-10-19 20:51 . 2010-07-20 18:54 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-18 16:23 . 2004-08-19 21:09 974848 ------w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-19 21:09 974848 ------w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2002-08-30 12:00 954368 ------w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2002-08-30 12:00 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-10 05:50 . 2004-08-19 21:09 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:50 . 2004-08-19 21:10 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-10 05:50 . 2004-08-19 21:09 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-07 15:12 . 2010-10-09 16:01 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2008-01-25 22:05 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2008-01-25 22:05 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2008-04-15 23:20 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2008-01-25 22:05 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2008-01-25 22:05 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2008-01-25 22:05 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2008-04-15 23:20 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2008-01-25 22:05 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-09-01 11:51 . 2004-08-19 21:08 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:55 . 2004-08-19 21:00 1852928 ------w- c:\windows\system32\win32k.sys
2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 216064 --sh--r- c:\windows\system32\nbDX.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-11-27 274224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-27 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-27 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-27 150040]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-01-12 185872]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-07-27 180224]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 341488]
"ArcSoft Connection Service"="c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
TotalMedia BackUp & Recorder Monitor.lnk - c:\program files\ArcSoft\TotalMedia Extreme\BackUp & Recorder\uBBMonitor.exe [2010-11-26 286720]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-02 23:45 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Andre^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.3.lnk]
path=c:\documents and settings\Andre\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.3.lnk
backup=c:\windows\pss\OpenOffice.org 2.3.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 06:04 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-26 05:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2010-03-20 17:19 160328 ----a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-08-19 14:15 1217784 ----a-w- c:\program files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-11-27 02:02 274224 ----a-w- c:\program files\uTorrent\uTorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MyWebSearchService"=2 (0x2)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmDedicatedServer\\TrackManiaServer.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Media Components\\Encoder\\wmenc.exe"=
"c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\SquawkBox\\squawkbox_fs.exe"=
"c:\\Program Files\\FSFDT\\FWInn\\FWINN.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"=
"c:\\Program Files\\Net Tools\\nettools5.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3306:TCP"= 3306:TCP:MySQL Server
"56838:TCP"= 56838:TCP![:p]( ":p")
ando Media Booster
"56838:UDP"= 56838:UDP![:p]( ":p")
ando Media Booster
"47624:TCP"= 47624:TCP:Yay
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-04-26 207280]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-08-16 691696]
R1 archlp;archlp;c:\windows\system32\drivers\ArcHlp.sys [2010-11-26 91264]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-04-15 165584]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-07-29 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-08-03 95896]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-15 17744]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-04-26 198608]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-04-26 365280]
R3 ArcCD;ArcCD Filter Driver Service;c:\windows\system32\drivers\ArcCD.sys [2010-11-26 36224]
R3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [2007-04-21 9344]
S0 xdrmkdii;xdrmkdii;c:\windows\system32\drivers\qweoyvaz.sys --> c:\windows\system32\drivers\qweoyvaz.sys [?]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys --> c:\windows\system32\Drivers\avgldx86.sys [?]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys --> c:\windows\system32\Drivers\avgtdix.sys [?]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe --> c:\progra~1\AVG\AVG8\avgemc.exe [?]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S2 ekrn;ESET Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-09 136176]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;"c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe" --> c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-14 34448]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]
S3 StkCMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\drivers\StkCMini.sys [2010-11-21 1579144]
S4 ArcUdfs;ArcUdfs FileSystem Driver Service;c:\windows\system32\drivers\ArcUdfs.sys [2010-11-26 134912]
--- Autres Services/Pilotes en mémoire ---
*Deregistered* - ArcRec
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contenu du dossier 'Tâches planifiées'
2010-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-09 16:02]
2010-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-09 16:02]
2009-08-11 c:\windows\Tasks\NSSstub.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-07-08 16:24]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.bigseekpro.com/hypercam/{4328C0FE-3F76-4D6A-98FD-C805966A5C42}
uInternet Settings,ProxyOverride = <local>
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Andre\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
LSP: c:\program files\Fichiers communs\PC Tools\Lsp\PCTLsp.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://gogo.hangame.com/common/HanSetup1010.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://search.swagbucks.com/
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\flashplugin@idm\platform\WINNT\plugins\npidmdcp.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: IDM FlashPlugin: flashplugin@idm - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\flashplugin@idm
FF - Extension: Foxdie: Foxdie@tanjihay.com - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\Foxdie@tanjihay.com
FF - Extension: Foxdie (Graphite): FoxdieGraphite@tanjihay.com - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\FoxdieGraphite@tanjihay.com
FF - Extension: Foxdie for Firefox: foxdie_ext_ocelot@foxdie.us - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\foxdie_ext_ocelot@foxdie.us
FF - Extension: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
FF - Extension: Qute: {36C13C8F-54F1-412e-8177-2E411719162D} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
FF - Extension: RefControl: {455D905A-D37C-4643-A9E2-F6FEFAA0424A} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}
FF - Extension: ChatZilla: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
FF - Extension: Media Converter: {6e764c17-863a-450f-bdd0-6772bd5aaa18} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
FF - Extension: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
FF - Extension: Noia 2.0 (eXtreme): {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
FF - Extension: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Extension: JSView: {cf15270e-cf08-4def-b4ea-6a5ac23f3bca} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{cf15270e-cf08-4def-b4ea-6a5ac23f3bca}
FF - Extension: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Extension: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Extension: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Extension: FoxReplace: fox@replace.fx - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\fox@replace.fx
FF - Extension: Noia 2.0 eXtreme OPT: noia2_option@kk.noia - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\noia2_option@kk.noia
FF - Extension: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
---- PARAMETRES FIREFOX ----
pref(dom.disable_open_during_load, true);
.
- - - - ORPHELINS SUPPRIMES - - - -
URLSearchHooks-{1c491116-c175-45e1-a570-6fb14fea8b7b} - c:\program files\PHPNukeFR\tbPHP1.dll
BHO-{1c491116-c175-45e1-a570-6fb14fea8b7b} - c:\program files\PHPNukeFR\tbPHP1.dll
BHO-{3d0057a9-f084-429b-a8b0-ad5fd7b03b9b} - (no file)
Toolbar-SITEguard - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
Toolbar-{1c491116-c175-45e1-a570-6fb14fea8b7b} - c:\program files\PHPNukeFR\tbPHP1.dll
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{A057A204-BACC-4D26-9A9E-3AF287E2699B} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
HKCU-Run-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
Notify-avgrsstarter - avgrsstx.dll
MSConfigStartUp-AlcoholAutomount - c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe
MSConfigStartUp-AppleSyncNotifier - c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\daemon.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-DVA ACARS 2 - c:\program files\Delta Virtual\ACARSv2\DVA-ACARS2-Uninst.exe
AddRemove-HijackThis - j:\cleaning\HijackThis.exe
AddRemove-MOV to AVI MPEG WMV Converter_is1 - c:\program files\MOV to AVI MPEG WMV Converter\unins000.exe
AddRemove-PHPNukeFR Toolbar - c:\progra~1\PHPNUK~1\UNWISE.EXE
AddRemove-SUPER © - c:\progra~1\ERIGHT~1\SUPER\Setup.exe
AddRemove-{94895EA7-873E-4FCB-9C7B-DD3F7019D618}_is1 - c:\program files\Free Video Cutter\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-29 19:40
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-3193426433-2467464653-2156346605-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C038FD21-7045-A7F2-9DBB-E4312ED84029}*]
"hapbfpdpjgnibnho"=hex:6a,61,6a,6a,69,6a,63,69,6f,69,6c,6b,69,63,67,68,62,64,
67,67,00,22
"iafldilakpibmgnmgn"=hex:63,61,6c,67,6a,69,00,7c
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(1900)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
- - - - - - - > 'lsass.exe'(1956)
c:\program files\Fichiers communs\PC Tools\Lsp\PCTLsp.dll
- - - - - - - > 'explorer.exe'(3968)
c:\program files\Unlocker\UnlockerHook.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\StkASv2K.exe
c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Heure de fin: 2010-11-29 19:46:53 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-11-30 00:46
Avant-CF: 11 021 352 960 octets libres
Après-CF: 13 753 794 560 octets libres
- - End Of File - - EAF7D24261539942B430FEB453DA10FB
Microsoft Windows XP Professionnel 5.1.2600.3.1252.2.1036.18.1014.448 [GMT -5:00]
Lancé depuis: c:\documents and settings\Andre\Bureau\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ESET Smart Security 4.2 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Andre\Application Data\inst.exe
c:\program files\MSNCS
c:\program files\MSNCS\data\emxfile001.dat
c:\program files\MSNCS\data\msnusr.ini
c:\program files\MSNCS\data\ps_demo_report.html
c:\program files\MSNCS\data\testftpok.html
c:\program files\MSNCS\help.chm
c:\program files\MSNCS\License.txt
c:\program files\MSNCS\readme.txt
c:\program files\MSNCS\unins000.dat
c:\program files\MSNCS\unins000.exe
c:\windows\f96ac0e5-19d2-42c5-8f68-eb7a99861769.ocx
c:\windows\system32\2d2ca2ce-704a-428c-8cbe-0736b29190aa.dll
c:\windows\system32\msnappini.ini
c:\windows\system32\mxpvct22.dat
c:\windows\system32\mxpvct25.dat
c:\windows\system32\win32.dll
c:\windows\wpe pro.INI
c:\windows\XSxS
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-10-28 au 2010-11-30 ))))))))))))))))))))))))))))))))))))
.
2010-11-30 00:00 . 2010-11-30 00:00 -------- d-----w- c:\program files\Unlocker
2010-11-27 02:22 . 2007-11-06 18:22 36224 ----a-w- c:\windows\system32\drivers\ArcCD.sys
2010-11-27 02:22 . 2007-04-25 13:55 134912 ----a-w- c:\windows\system32\drivers\ArcUdfs.sys
2010-11-27 02:22 . 2007-04-24 16:33 7680 ----a-w- c:\windows\system32\drivers\ArcRec.sys
2010-11-27 02:22 . 2005-02-23 19:58 11776 ----a-w- c:\windows\system32\drivers\afc.sys
2010-11-27 02:21 . 2009-08-13 16:45 91264 ----a-w- c:\windows\system32\drivers\ArcHlp.sys
2010-11-27 02:21 . 2008-08-08 21:31 61440 ----a-w- c:\windows\system32\MMCEDT.exe
2010-11-27 02:20 . 2010-11-27 02:23 -------- d-----w- c:\documents and settings\Andre\Local Settings\Application Data\ArcSoft
2010-11-27 02:20 . 2010-11-28 02:47 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft
2010-11-27 02:20 . 2010-11-27 02:20 -------- d-----w- c:\program files\ArcSoft
2010-11-27 02:20 . 2007-04-19 14:39 256768 ----a-w- c:\windows\system32\MSLURT.dll
2010-11-27 02:20 . 2007-04-19 14:39 400128 ----a-w- c:\windows\system32\MSLUP60.dll
2010-11-26 13:39 . 2010-11-26 13:39 -------- d-----w- c:\program files\Velvetmatter
2010-11-23 00:29 . 2010-11-23 00:29 -------- d-----w- c:\documents and settings\Andre\Application Data\Process Hacker 2
2010-11-21 20:06 . 2010-11-21 20:06 -------- d-----w- c:\program files\Noel Danjou
2010-11-21 20:04 . 2006-05-24 04:48 24576 ----a-w- c:\windows\system32\StkAUSD.dll
2010-11-21 20:04 . 2002-12-05 19:12 692224 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2010-11-21 20:04 . 2002-12-05 19:10 155648 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2010-11-21 20:04 . 2002-12-02 20:22 5632 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2010-11-21 20:04 . 2002-12-02 18:33 57344 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2010-11-21 20:04 . 2002-12-02 18:33 237568 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2010-11-21 20:04 . 2010-11-21 20:04 282756 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2010-11-21 20:04 . 2010-11-21 20:04 163972 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2010-11-21 19:49 . 2010-11-21 19:49 -------- d-----w- c:\program files\DIFX
2010-11-21 19:49 . 2010-11-21 19:49 -------- d-----w- c:\program files\USB_video_device
2010-11-21 19:02 . 2010-11-21 19:02 -------- d-----w- c:\documents and settings\Andre\Local Settings\Application Data\VHS to DVD
2010-11-21 18:52 . 2010-11-21 18:53 -------- d-----w- c:\documents and settings\Andre\Application Data\Ulead Systems
2010-11-21 18:51 . 2010-11-21 18:51 -------- d-----w- c:\program files\Fichiers communs\InterVideo
2010-11-21 18:51 . 2010-11-21 18:51 -------- d-----w- c:\documents and settings\All Users\Application Data\InterVideo
2010-11-21 18:51 . 2007-03-06 16:58 210456 ----a-w- c:\windows\system32\IVIresizeW7.dll
2010-11-21 18:51 . 2007-03-06 16:58 194072 ----a-w- c:\windows\system32\IVIresizePX.dll
2010-11-21 18:51 . 2007-03-06 16:58 198168 ----a-w- c:\windows\system32\IVIresizeP6.dll
2010-11-21 18:51 . 2007-03-06 16:58 198168 ----a-w- c:\windows\system32\IVIresizeM6.dll
2010-11-21 18:51 . 2007-03-06 16:58 206360 ----a-w- c:\windows\system32\IVIresizeA6.dll
2010-11-21 18:51 . 2007-03-06 16:58 26136 ----a-w- c:\windows\system32\IVIresize.dll
2010-11-21 18:51 . 2000-01-04 11:39 212992 ----a-w- c:\program files\Fichiers communs\InstallShield\Engine\6\Intel 32\ILog.dll
2010-11-21 18:48 . 2010-11-21 18:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2010-11-21 18:48 . 2010-11-21 18:50 -------- d-----w- c:\program files\Fichiers communs\Ulead Systems
2010-11-21 18:48 . 2010-11-21 18:48 -------- d-----w- c:\program files\Ulead Systems
2010-11-21 18:17 . 2010-11-21 18:17 -------- d-----w- c:\program files\honestech VHS to DVD 2.0 SE
2010-11-21 18:16 . 2010-11-21 18:16 -------- d-----w- c:\program files\honestech
2010-11-21 18:15 . 2010-04-16 18:59 236168 ----a-w- c:\windows\system32\StkCProp.ax
2010-11-21 18:15 . 2010-03-30 01:35 84616 ----a-w- c:\windows\StkUnist.exe
2010-11-21 18:15 . 2010-03-27 01:24 55944 ----a-w- c:\windows\system32\StkSSrv.dll
2010-11-21 18:15 . 2010-03-27 01:24 76424 ----a-w- c:\windows\system32\StkCWIA.dll
2010-11-21 18:15 . 2010-03-27 01:23 31368 ----a-w- c:\windows\system32\StkCSrv.exe
2010-11-21 18:15 . 2010-03-27 01:23 113288 ----a-w- c:\windows\StkC112X.exe
2010-11-21 18:15 . 2009-06-11 20:15 347152 ----a-w- c:\windows\VideoView.exe
2010-11-21 18:15 . 2010-05-28 22:43 25608 ----a-w- c:\windows\system32\drivers\StkCSam.sys
2010-11-21 18:15 . 2009-05-03 20:04 197648 ----a-w- c:\windows\system32\drivers\StkCSF.sys
2010-11-21 18:15 . 2010-06-07 21:02 1579144 ----a-w- c:\windows\system32\drivers\StkCMini.sys
2010-11-21 18:15 . 2010-03-26 20:43 13874824 ----a-w- c:\windows\system32\drivers\StkCPipe.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-29 01:24 . 2010-10-29 01:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-29 01:24 . 2010-10-29 01:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-21 22:48 . 2010-10-21 22:48 1294336 ----a-w- c:\windows\system32\SET115.tmp
2010-10-19 20:51 . 2010-07-20 18:54 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-18 16:23 . 2004-08-19 21:09 974848 ------w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-19 21:09 974848 ------w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2002-08-30 12:00 954368 ------w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2002-08-30 12:00 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-10 05:50 . 2004-08-19 21:09 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:50 . 2004-08-19 21:10 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-10 05:50 . 2004-08-19 21:09 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-07 15:12 . 2010-10-09 16:01 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2008-01-25 22:05 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2008-01-25 22:05 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2008-04-15 23:20 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2008-01-25 22:05 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2008-01-25 22:05 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2008-01-25 22:05 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2008-04-15 23:20 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2008-01-25 22:05 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-09-01 11:51 . 2004-08-19 21:08 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:55 . 2004-08-19 21:00 1852928 ------w- c:\windows\system32\win32k.sys
2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 216064 --sh--r- c:\windows\system32\nbDX.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-11-27 274224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-27 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-27 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-27 150040]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-01-12 185872]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-07-27 180224]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 341488]
"ArcSoft Connection Service"="c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
TotalMedia BackUp & Recorder Monitor.lnk - c:\program files\ArcSoft\TotalMedia Extreme\BackUp & Recorder\uBBMonitor.exe [2010-11-26 286720]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-02 23:45 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Andre^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.3.lnk]
path=c:\documents and settings\Andre\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.3.lnk
backup=c:\windows\pss\OpenOffice.org 2.3.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 06:04 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-26 05:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2010-03-20 17:19 160328 ----a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-08-19 14:15 1217784 ----a-w- c:\program files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-11-27 02:02 274224 ----a-w- c:\program files\uTorrent\uTorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MyWebSearchService"=2 (0x2)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmDedicatedServer\\TrackManiaServer.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Media Components\\Encoder\\wmenc.exe"=
"c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\SquawkBox\\squawkbox_fs.exe"=
"c:\\Program Files\\FSFDT\\FWInn\\FWINN.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"=
"c:\\Program Files\\Net Tools\\nettools5.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3306:TCP"= 3306:TCP:MySQL Server
"56838:TCP"= 56838:TCP
ando Media Booster"56838:UDP"= 56838:UDP
ando Media Booster"47624:TCP"= 47624:TCP:Yay
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-04-26 207280]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-08-16 691696]
R1 archlp;archlp;c:\windows\system32\drivers\ArcHlp.sys [2010-11-26 91264]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-04-15 165584]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-07-29 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-08-03 95896]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-15 17744]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-04-26 198608]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-04-26 365280]
R3 ArcCD;ArcCD Filter Driver Service;c:\windows\system32\drivers\ArcCD.sys [2010-11-26 36224]
R3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [2007-04-21 9344]
S0 xdrmkdii;xdrmkdii;c:\windows\system32\drivers\qweoyvaz.sys --> c:\windows\system32\drivers\qweoyvaz.sys [?]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys --> c:\windows\system32\Drivers\avgldx86.sys [?]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys --> c:\windows\system32\Drivers\avgtdix.sys [?]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe --> c:\progra~1\AVG\AVG8\avgemc.exe [?]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S2 ekrn;ESET Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-09 136176]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;"c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe" --> c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-14 34448]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]
S3 StkCMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\drivers\StkCMini.sys [2010-11-21 1579144]
S4 ArcUdfs;ArcUdfs FileSystem Driver Service;c:\windows\system32\drivers\ArcUdfs.sys [2010-11-26 134912]
--- Autres Services/Pilotes en mémoire ---
*Deregistered* - ArcRec
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contenu du dossier 'Tâches planifiées'
2010-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-09 16:02]
2010-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-09 16:02]
2009-08-11 c:\windows\Tasks\NSSstub.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-07-08 16:24]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.bigseekpro.com/hypercam/{4328C0FE-3F76-4D6A-98FD-C805966A5C42}
uInternet Settings,ProxyOverride = <local>
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Andre\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
LSP: c:\program files\Fichiers communs\PC Tools\Lsp\PCTLsp.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://gogo.hangame.com/common/HanSetup1010.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://search.swagbucks.com/
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\flashplugin@idm\platform\WINNT\plugins\npidmdcp.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: IDM FlashPlugin: flashplugin@idm - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\flashplugin@idm
FF - Extension: Foxdie: Foxdie@tanjihay.com - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\Foxdie@tanjihay.com
FF - Extension: Foxdie (Graphite): FoxdieGraphite@tanjihay.com - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\FoxdieGraphite@tanjihay.com
FF - Extension: Foxdie for Firefox: foxdie_ext_ocelot@foxdie.us - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\foxdie_ext_ocelot@foxdie.us
FF - Extension: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
FF - Extension: Qute: {36C13C8F-54F1-412e-8177-2E411719162D} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
FF - Extension: RefControl: {455D905A-D37C-4643-A9E2-F6FEFAA0424A} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}
FF - Extension: ChatZilla: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
FF - Extension: Media Converter: {6e764c17-863a-450f-bdd0-6772bd5aaa18} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
FF - Extension: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
FF - Extension: Noia 2.0 (eXtreme): {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
FF - Extension: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Extension: JSView: {cf15270e-cf08-4def-b4ea-6a5ac23f3bca} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{cf15270e-cf08-4def-b4ea-6a5ac23f3bca}
FF - Extension: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Extension: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Extension: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Extension: FoxReplace: fox@replace.fx - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\fox@replace.fx
FF - Extension: Noia 2.0 eXtreme OPT: noia2_option@kk.noia - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\noia2_option@kk.noia
FF - Extension: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
---- PARAMETRES FIREFOX ----
pref(dom.disable_open_during_load, true);
.
- - - - ORPHELINS SUPPRIMES - - - -
URLSearchHooks-{1c491116-c175-45e1-a570-6fb14fea8b7b} - c:\program files\PHPNukeFR\tbPHP1.dll
BHO-{1c491116-c175-45e1-a570-6fb14fea8b7b} - c:\program files\PHPNukeFR\tbPHP1.dll
BHO-{3d0057a9-f084-429b-a8b0-ad5fd7b03b9b} - (no file)
Toolbar-SITEguard - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
Toolbar-{1c491116-c175-45e1-a570-6fb14fea8b7b} - c:\program files\PHPNukeFR\tbPHP1.dll
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{A057A204-BACC-4D26-9A9E-3AF287E2699B} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
HKCU-Run-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
Notify-avgrsstarter - avgrsstx.dll
MSConfigStartUp-AlcoholAutomount - c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe
MSConfigStartUp-AppleSyncNotifier - c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\daemon.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-DVA ACARS 2 - c:\program files\Delta Virtual\ACARSv2\DVA-ACARS2-Uninst.exe
AddRemove-HijackThis - j:\cleaning\HijackThis.exe
AddRemove-MOV to AVI MPEG WMV Converter_is1 - c:\program files\MOV to AVI MPEG WMV Converter\unins000.exe
AddRemove-PHPNukeFR Toolbar - c:\progra~1\PHPNUK~1\UNWISE.EXE
AddRemove-SUPER © - c:\progra~1\ERIGHT~1\SUPER\Setup.exe
AddRemove-{94895EA7-873E-4FCB-9C7B-DD3F7019D618}_is1 - c:\program files\Free Video Cutter\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-29 19:40
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-3193426433-2467464653-2156346605-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C038FD21-7045-A7F2-9DBB-E4312ED84029}*]
"hapbfpdpjgnibnho"=hex:6a,61,6a,6a,69,6a,63,69,6f,69,6c,6b,69,63,67,68,62,64,
67,67,00,22
"iafldilakpibmgnmgn"=hex:63,61,6c,67,6a,69,00,7c
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(1900)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
- - - - - - - > 'lsass.exe'(1956)
c:\program files\Fichiers communs\PC Tools\Lsp\PCTLsp.dll
- - - - - - - > 'explorer.exe'(3968)
c:\program files\Unlocker\UnlockerHook.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\StkASv2K.exe
c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Heure de fin: 2010-11-29 19:46:53 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-11-30 00:46
Avant-CF: 11 021 352 960 octets libres
Après-CF: 13 753 794 560 octets libres
- - End Of File - - EAF7D24261539942B430FEB453DA10FB
re
Je t'ai demandé de virer les restes d'avg8 et eset nod 32...
tu ne l'as pas fait, donc tu le fais maintenant.![:o]( ":o")
http://assiste.forum.free.fr/viewtopic.php?t=14926
Copie (Ctrl+C) le texte ci-dessous :
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
Sauvegarde ce fichier sous le nom de CFScript.txt
Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
![]()
Combofix se lance, laisse toi guider..
Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
++++++++++++++++++****************
* Fais un scan en ligne Kaspersky
http://www.kaspersky.com/kos/eng/partner/default/kavweb...
* Clique sur Accept
* Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.
* clique une nouvelle fois sur "Accept"
* Les bases de mises à jour vont s'installer, patiente un moment
* Clique sur Next.
* Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera et copie_colle le rapport dans ta prochaine reponse
http://www.malekal.com/scan_Av_en_ligne.php#mozTocId291...
Je t'ai demandé de virer les restes d'avg8 et eset nod 32...
tu ne l'as pas fait, donc tu le fais maintenant.
http://assiste.forum.free.fr/viewtopic.php?t=14926
Copie (Ctrl+C) le texte ci-dessous :
Driver::
drmkdii
File::
c:\windows\system32\drivers\qweoyvaz.sys
drmkdii
File::
c:\windows\system32\drivers\qweoyvaz.sys
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
Sauvegarde ce fichier sous le nom de CFScript.txt
Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
Ne touche à rien tant que le scan n'est pas terminé.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
++++++++++++++++++****************
* Fais un scan en ligne Kaspersky
http://www.kaspersky.com/kos/eng/partner/default/kavweb...
* Clique sur Accept
* Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.
* clique une nouvelle fois sur "Accept"
* Les bases de mises à jour vont s'installer, patiente un moment
* Clique sur Next.
* Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera et copie_colle le rapport dans ta prochaine reponse
http://www.malekal.com/scan_Av_en_ligne.php#mozTocId291...
ComboFix 10-11-30.02 - André 2010-11-30 19:13:41.3.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.2.1036.18.1014.457 [GMT -5:00]
Lancé depuis: c:\documents and settings\Andre\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Andre\Bureau\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE ::
"c:\windows\system32\drivers\qweoyvaz.sys"
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-11-01 au 2010-12-01 ))))))))))))))))))))))))))))))))))))
.
2010-11-30 12:31 . 2010-11-30 13:05 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-11-30 00:00 . 2010-11-30 00:00 -------- d-----w- c:\program files\Unlocker
2010-11-27 02:22 . 2007-11-06 18:22 36224 ----a-w- c:\windows\system32\drivers\ArcCD.sys
2010-11-27 02:22 . 2007-04-25 13:55 134912 ----a-w- c:\windows\system32\drivers\ArcUdfs.sys
2010-11-27 02:22 . 2007-04-24 16:33 7680 ----a-w- c:\windows\system32\drivers\ArcRec.sys
2010-11-27 02:22 . 2005-02-23 19:58 11776 ----a-w- c:\windows\system32\drivers\afc.sys
2010-11-27 02:21 . 2009-08-13 16:45 91264 ----a-w- c:\windows\system32\drivers\ArcHlp.sys
2010-11-27 02:21 . 2008-08-08 21:31 61440 ----a-w- c:\windows\system32\MMCEDT.exe
2010-11-27 02:20 . 2010-11-27 02:23 -------- d-----w- c:\documents and settings\Andre\Local Settings\Application Data\ArcSoft
2010-11-27 02:20 . 2010-11-28 02:47 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft
2010-11-27 02:20 . 2010-11-27 02:20 -------- d-----w- c:\program files\ArcSoft
2010-11-27 02:20 . 2007-04-19 14:39 256768 ----a-w- c:\windows\system32\MSLURT.dll
2010-11-27 02:20 . 2007-04-19 14:39 400128 ----a-w- c:\windows\system32\MSLUP60.dll
2010-11-26 13:39 . 2010-11-26 13:39 -------- d-----w- c:\program files\Velvetmatter
2010-11-23 00:29 . 2010-11-23 00:29 -------- d-----w- c:\documents and settings\Andre\Application Data\Process Hacker 2
2010-11-21 20:06 . 2010-11-21 20:06 -------- d-----w- c:\program files\Noel Danjou
2010-11-21 20:04 . 2006-05-24 04:48 24576 ----a-w- c:\windows\system32\StkAUSD.dll
2010-11-21 20:04 . 2002-12-05 19:12 692224 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2010-11-21 20:04 . 2002-12-05 19:10 155648 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2010-11-21 20:04 . 2002-12-02 20:22 5632 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2010-11-21 20:04 . 2002-12-02 18:33 57344 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2010-11-21 20:04 . 2002-12-02 18:33 237568 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2010-11-21 20:04 . 2010-11-21 20:04 282756 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2010-11-21 20:04 . 2010-11-21 20:04 163972 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2010-11-21 19:49 . 2010-11-21 19:49 -------- d-----w- c:\program files\DIFX
2010-11-21 19:49 . 2010-11-21 19:49 -------- d-----w- c:\program files\USB_video_device
2010-11-21 19:02 . 2010-11-21 19:02 -------- d-----w- c:\documents and settings\Andre\Local Settings\Application Data\VHS to DVD
2010-11-21 18:52 . 2010-11-21 18:53 -------- d-----w- c:\documents and settings\Andre\Application Data\Ulead Systems
2010-11-21 18:51 . 2010-11-21 18:51 -------- d-----w- c:\program files\Fichiers communs\InterVideo
2010-11-21 18:51 . 2010-11-21 18:51 -------- d-----w- c:\documents and settings\All Users\Application Data\InterVideo
2010-11-21 18:51 . 2007-03-06 16:58 210456 ----a-w- c:\windows\system32\IVIresizeW7.dll
2010-11-21 18:51 . 2007-03-06 16:58 194072 ----a-w- c:\windows\system32\IVIresizePX.dll
2010-11-21 18:51 . 2007-03-06 16:58 198168 ----a-w- c:\windows\system32\IVIresizeP6.dll
2010-11-21 18:51 . 2007-03-06 16:58 198168 ----a-w- c:\windows\system32\IVIresizeM6.dll
2010-11-21 18:51 . 2007-03-06 16:58 206360 ----a-w- c:\windows\system32\IVIresizeA6.dll
2010-11-21 18:51 . 2007-03-06 16:58 26136 ----a-w- c:\windows\system32\IVIresize.dll
2010-11-21 18:51 . 2000-01-04 11:39 212992 ----a-w- c:\program files\Fichiers communs\InstallShield\Engine\6\Intel 32\ILog.dll
2010-11-21 18:48 . 2010-11-21 18:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2010-11-21 18:48 . 2010-11-21 18:50 -------- d-----w- c:\program files\Fichiers communs\Ulead Systems
2010-11-21 18:48 . 2010-11-21 18:48 -------- d-----w- c:\program files\Ulead Systems
2010-11-21 18:17 . 2010-11-21 18:17 -------- d-----w- c:\program files\honestech VHS to DVD 2.0 SE
2010-11-21 18:16 . 2010-11-21 18:16 -------- d-----w- c:\program files\honestech
2010-11-21 18:15 . 2010-04-16 18:59 236168 ----a-w- c:\windows\system32\StkCProp.ax
2010-11-21 18:15 . 2010-03-30 01:35 84616 ----a-w- c:\windows\StkUnist.exe
2010-11-21 18:15 . 2010-03-27 01:24 55944 ----a-w- c:\windows\system32\StkSSrv.dll
2010-11-21 18:15 . 2010-03-27 01:24 76424 ----a-w- c:\windows\system32\StkCWIA.dll
2010-11-21 18:15 . 2010-03-27 01:23 31368 ----a-w- c:\windows\system32\StkCSrv.exe
2010-11-21 18:15 . 2010-03-27 01:23 113288 ----a-w- c:\windows\StkC112X.exe
2010-11-21 18:15 . 2009-06-11 20:15 347152 ----a-w- c:\windows\VideoView.exe
2010-11-21 18:15 . 2010-05-28 22:43 25608 ----a-w- c:\windows\system32\drivers\StkCSam.sys
2010-11-21 18:15 . 2009-05-03 20:04 197648 ----a-w- c:\windows\system32\drivers\StkCSF.sys
2010-11-21 18:15 . 2010-06-07 21:02 1579144 ----a-w- c:\windows\system32\drivers\StkCMini.sys
2010-11-21 18:15 . 2010-03-26 20:43 13874824 ----a-w- c:\windows\system32\drivers\StkCPipe.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-29 01:24 . 2010-10-29 01:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-29 01:24 . 2010-10-29 01:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-21 22:48 . 2010-10-21 22:48 1294336 ----a-w- c:\windows\system32\SET115.tmp
2010-10-19 20:51 . 2010-07-20 18:54 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-18 16:23 . 2004-08-19 21:09 974848 ------w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-19 21:09 974848 ------w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2002-08-30 12:00 954368 ------w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2002-08-30 12:00 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-10 05:50 . 2004-08-19 21:09 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:50 . 2004-08-19 21:10 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-10 05:50 . 2004-08-19 21:09 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-07 15:12 . 2010-10-09 16:01 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2008-01-25 22:05 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2008-01-25 22:05 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2008-04-15 23:20 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2008-01-25 22:05 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2008-01-25 22:05 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2008-01-25 22:05 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2008-04-15 23:20 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2008-01-25 22:05 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 216064 --sh--r- c:\windows\system32\nbDX.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-11-30_23.23.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-30 23:51 . 2010-11-30 23:51 16384 c:\windows\Temp\Perflib_Perfdata_294.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1c491116-c175-45e1-a570-6fb14fea8b7b}"= "c:\program files\PHPNukeFR\tbPHP1.dll" [BU]
[HKEY_CLASSES_ROOT\clsid\{1c491116-c175-45e1-a570-6fb14fea8b7b}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1c491116-c175-45e1-a570-6fb14fea8b7b}]
c:\program files\PHPNukeFR\tbPHP1.dll [BU]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1c491116-c175-45e1-a570-6fb14fea8b7b}"= "c:\program files\PHPNukeFR\tbPHP1.dll" [BU]
[HKEY_CLASSES_ROOT\clsid\{1c491116-c175-45e1-a570-6fb14fea8b7b}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [BU]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-11-27 274224]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-27 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-27 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-27 150040]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-01-12 185872]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-07-27 180224]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 341488]
"ArcSoft Connection Service"="c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
TotalMedia BackUp & Recorder Monitor.lnk - c:\program files\ArcSoft\TotalMedia Extreme\BackUp & Recorder\uBBMonitor.exe [2010-11-26 286720]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-02 23:45 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Andre^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.3.lnk]
path=c:\documents and settings\Andre\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.3.lnk
backup=c:\windows\pss\OpenOffice.org 2.3.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 06:04 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
c:\program files\DAEMON Tools Lite\daemon.exe [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-26 05:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2010-03-20 17:19 160328 ----a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-08-19 14:15 1217784 ----a-w- c:\program files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-11-27 02:02 274224 ----a-w- c:\program files\uTorrent\uTorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MyWebSearchService"=2 (0x2)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"ekrn"=2 (0x2)
"EhttpSrv"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmDedicatedServer\\TrackManiaServer.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Media Components\\Encoder\\wmenc.exe"=
"c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\SquawkBox\\squawkbox_fs.exe"=
"c:\\Program Files\\FSFDT\\FWInn\\FWINN.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"=
"c:\\Program Files\\Net Tools\\nettools5.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3306:TCP"= 3306:TCP:MySQL Server
"56838:TCP"= 56838:TCP![:p]( ":p")
ando Media Booster
"56838:UDP"= 56838:UDP![:p]( ":p")
ando Media Booster
"47624:TCP"= 47624:TCP:Yay
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-04-26 207280]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-08-16 691696]
R1 archlp;archlp;c:\windows\system32\drivers\ArcHlp.sys [2010-11-26 91264]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-04-15 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-15 17744]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-04-26 198608]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-04-26 365280]
R3 ArcCD;ArcCD Filter Driver Service;c:\windows\system32\drivers\ArcCD.sys [2010-11-26 36224]
R3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [2007-04-21 9344]
S0 xdrmkdii;xdrmkdii;c:\windows\system32\drivers\qweoyvaz.sys --> c:\windows\system32\drivers\qweoyvaz.sys [?]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys --> c:\windows\system32\DRIVERS\ehdrv.sys [?]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys --> c:\windows\system32\DRIVERS\epfwtdir.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-09 136176]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;"c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe" --> c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-14 34448]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]
S3 StkCMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\drivers\StkCMini.sys [2010-11-21 1579144]
S4 ArcUdfs;ArcUdfs FileSystem Driver Service;c:\windows\system32\drivers\ArcUdfs.sys [2010-11-26 134912]
S4 ekrn;ESET Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - EKRN
*Deregistered* - ArcRec
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contenu du dossier 'Tâches planifiées'
2010-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-09 16:02]
2010-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-09 16:02]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.bigseekpro.com/hypercam/{4328C0FE-3F76-4D6A-98FD-C805966A5C42}
uInternet Settings,ProxyOverride = <local>
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Andre\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
LSP: c:\program files\Fichiers communs\PC Tools\Lsp\PCTLsp.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://gogo.hangame.com/common/HanSetup1010.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://search.swagbucks.com/
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\flashplugin@idm\platform\WINNT\plugins\npidmdcp.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: IDM FlashPlugin: flashplugin@idm - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\flashplugin@idm
FF - Extension: Foxdie: Foxdie@tanjihay.com - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\Foxdie@tanjihay.com
FF - Extension: Foxdie (Graphite): FoxdieGraphite@tanjihay.com - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\FoxdieGraphite@tanjihay.com
FF - Extension: Foxdie for Firefox: foxdie_ext_ocelot@foxdie.us - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\foxdie_ext_ocelot@foxdie.us
FF - Extension: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
FF - Extension: Qute: {36C13C8F-54F1-412e-8177-2E411719162D} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
FF - Extension: RefControl: {455D905A-D37C-4643-A9E2-F6FEFAA0424A} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}
FF - Extension: ChatZilla: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
FF - Extension: Media Converter: {6e764c17-863a-450f-bdd0-6772bd5aaa18} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
FF - Extension: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
FF - Extension: Noia 2.0 (eXtreme): {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
FF - Extension: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Extension: JSView: {cf15270e-cf08-4def-b4ea-6a5ac23f3bca} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{cf15270e-cf08-4def-b4ea-6a5ac23f3bca}
FF - Extension: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Extension: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Extension: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Extension: FoxReplace: fox@replace.fx - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\fox@replace.fx
FF - Extension: Noia 2.0 eXtreme OPT: noia2_option@kk.noia - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\noia2_option@kk.noia
FF - Extension: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
---- PARAMETRES FIREFOX ----
pref(dom.disable_open_during_load, true);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-30 19:22
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-3193426433-2467464653-2156346605-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C038FD21-7045-A7F2-9DBB-E4312ED84029}*]
"hapbfpdpjgnibnho"=hex:6a,61,6a,6a,69,6a,63,69,6f,69,6c,6b,69,63,67,68,62,64,
67,67,00,22
"iafldilakpibmgnmgn"=hex:63,61,6c,67,6a,69,00,7c
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(1900)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
- - - - - - - > 'lsass.exe'(1956)
c:\program files\Fichiers communs\PC Tools\Lsp\PCTLsp.dll
- - - - - - - > 'explorer.exe'(2540)
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Heure de fin: 2010-11-30 19:26:01
ComboFix-quarantined-files.txt 2010-12-01 00:25
ComboFix2.txt 2010-11-30 23:28
ComboFix3.txt 2010-11-30 00:46
Avant-CF: 13 419 544 576 octets libres
Après-CF: 13 405 016 064 octets libres
- - End Of File - - BF37502B8587649B555D51E490B98802
Microsoft Windows XP Professionnel 5.1.2600.3.1252.2.1036.18.1014.457 [GMT -5:00]
Lancé depuis: c:\documents and settings\Andre\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Andre\Bureau\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE ::
"c:\windows\system32\drivers\qweoyvaz.sys"
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-11-01 au 2010-12-01 ))))))))))))))))))))))))))))))))))))
.
2010-11-30 12:31 . 2010-11-30 13:05 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-11-30 00:00 . 2010-11-30 00:00 -------- d-----w- c:\program files\Unlocker
2010-11-27 02:22 . 2007-11-06 18:22 36224 ----a-w- c:\windows\system32\drivers\ArcCD.sys
2010-11-27 02:22 . 2007-04-25 13:55 134912 ----a-w- c:\windows\system32\drivers\ArcUdfs.sys
2010-11-27 02:22 . 2007-04-24 16:33 7680 ----a-w- c:\windows\system32\drivers\ArcRec.sys
2010-11-27 02:22 . 2005-02-23 19:58 11776 ----a-w- c:\windows\system32\drivers\afc.sys
2010-11-27 02:21 . 2009-08-13 16:45 91264 ----a-w- c:\windows\system32\drivers\ArcHlp.sys
2010-11-27 02:21 . 2008-08-08 21:31 61440 ----a-w- c:\windows\system32\MMCEDT.exe
2010-11-27 02:20 . 2010-11-27 02:23 -------- d-----w- c:\documents and settings\Andre\Local Settings\Application Data\ArcSoft
2010-11-27 02:20 . 2010-11-28 02:47 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft
2010-11-27 02:20 . 2010-11-27 02:20 -------- d-----w- c:\program files\ArcSoft
2010-11-27 02:20 . 2007-04-19 14:39 256768 ----a-w- c:\windows\system32\MSLURT.dll
2010-11-27 02:20 . 2007-04-19 14:39 400128 ----a-w- c:\windows\system32\MSLUP60.dll
2010-11-26 13:39 . 2010-11-26 13:39 -------- d-----w- c:\program files\Velvetmatter
2010-11-23 00:29 . 2010-11-23 00:29 -------- d-----w- c:\documents and settings\Andre\Application Data\Process Hacker 2
2010-11-21 20:06 . 2010-11-21 20:06 -------- d-----w- c:\program files\Noel Danjou
2010-11-21 20:04 . 2006-05-24 04:48 24576 ----a-w- c:\windows\system32\StkAUSD.dll
2010-11-21 20:04 . 2002-12-05 19:12 692224 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2010-11-21 20:04 . 2002-12-05 19:10 155648 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2010-11-21 20:04 . 2002-12-02 20:22 5632 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2010-11-21 20:04 . 2002-12-02 18:33 57344 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2010-11-21 20:04 . 2002-12-02 18:33 237568 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2010-11-21 20:04 . 2010-11-21 20:04 282756 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2010-11-21 20:04 . 2010-11-21 20:04 163972 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2010-11-21 19:49 . 2010-11-21 19:49 -------- d-----w- c:\program files\DIFX
2010-11-21 19:49 . 2010-11-21 19:49 -------- d-----w- c:\program files\USB_video_device
2010-11-21 19:02 . 2010-11-21 19:02 -------- d-----w- c:\documents and settings\Andre\Local Settings\Application Data\VHS to DVD
2010-11-21 18:52 . 2010-11-21 18:53 -------- d-----w- c:\documents and settings\Andre\Application Data\Ulead Systems
2010-11-21 18:51 . 2010-11-21 18:51 -------- d-----w- c:\program files\Fichiers communs\InterVideo
2010-11-21 18:51 . 2010-11-21 18:51 -------- d-----w- c:\documents and settings\All Users\Application Data\InterVideo
2010-11-21 18:51 . 2007-03-06 16:58 210456 ----a-w- c:\windows\system32\IVIresizeW7.dll
2010-11-21 18:51 . 2007-03-06 16:58 194072 ----a-w- c:\windows\system32\IVIresizePX.dll
2010-11-21 18:51 . 2007-03-06 16:58 198168 ----a-w- c:\windows\system32\IVIresizeP6.dll
2010-11-21 18:51 . 2007-03-06 16:58 198168 ----a-w- c:\windows\system32\IVIresizeM6.dll
2010-11-21 18:51 . 2007-03-06 16:58 206360 ----a-w- c:\windows\system32\IVIresizeA6.dll
2010-11-21 18:51 . 2007-03-06 16:58 26136 ----a-w- c:\windows\system32\IVIresize.dll
2010-11-21 18:51 . 2000-01-04 11:39 212992 ----a-w- c:\program files\Fichiers communs\InstallShield\Engine\6\Intel 32\ILog.dll
2010-11-21 18:48 . 2010-11-21 18:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2010-11-21 18:48 . 2010-11-21 18:50 -------- d-----w- c:\program files\Fichiers communs\Ulead Systems
2010-11-21 18:48 . 2010-11-21 18:48 -------- d-----w- c:\program files\Ulead Systems
2010-11-21 18:17 . 2010-11-21 18:17 -------- d-----w- c:\program files\honestech VHS to DVD 2.0 SE
2010-11-21 18:16 . 2010-11-21 18:16 -------- d-----w- c:\program files\honestech
2010-11-21 18:15 . 2010-04-16 18:59 236168 ----a-w- c:\windows\system32\StkCProp.ax
2010-11-21 18:15 . 2010-03-30 01:35 84616 ----a-w- c:\windows\StkUnist.exe
2010-11-21 18:15 . 2010-03-27 01:24 55944 ----a-w- c:\windows\system32\StkSSrv.dll
2010-11-21 18:15 . 2010-03-27 01:24 76424 ----a-w- c:\windows\system32\StkCWIA.dll
2010-11-21 18:15 . 2010-03-27 01:23 31368 ----a-w- c:\windows\system32\StkCSrv.exe
2010-11-21 18:15 . 2010-03-27 01:23 113288 ----a-w- c:\windows\StkC112X.exe
2010-11-21 18:15 . 2009-06-11 20:15 347152 ----a-w- c:\windows\VideoView.exe
2010-11-21 18:15 . 2010-05-28 22:43 25608 ----a-w- c:\windows\system32\drivers\StkCSam.sys
2010-11-21 18:15 . 2009-05-03 20:04 197648 ----a-w- c:\windows\system32\drivers\StkCSF.sys
2010-11-21 18:15 . 2010-06-07 21:02 1579144 ----a-w- c:\windows\system32\drivers\StkCMini.sys
2010-11-21 18:15 . 2010-03-26 20:43 13874824 ----a-w- c:\windows\system32\drivers\StkCPipe.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-29 01:24 . 2010-10-29 01:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-29 01:24 . 2010-10-29 01:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-21 22:48 . 2010-10-21 22:48 1294336 ----a-w- c:\windows\system32\SET115.tmp
2010-10-19 20:51 . 2010-07-20 18:54 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-18 16:23 . 2004-08-19 21:09 974848 ------w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-19 21:09 974848 ------w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2002-08-30 12:00 954368 ------w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2002-08-30 12:00 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-10 05:50 . 2004-08-19 21:09 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:50 . 2004-08-19 21:10 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-10 05:50 . 2004-08-19 21:09 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-07 15:12 . 2010-10-09 16:01 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2008-01-25 22:05 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2008-01-25 22:05 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2008-04-15 23:20 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2008-01-25 22:05 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2008-01-25 22:05 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2008-01-25 22:05 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2008-04-15 23:20 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2008-01-25 22:05 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 216064 --sh--r- c:\windows\system32\nbDX.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-11-30_23.23.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-30 23:51 . 2010-11-30 23:51 16384 c:\windows\Temp\Perflib_Perfdata_294.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1c491116-c175-45e1-a570-6fb14fea8b7b}"= "c:\program files\PHPNukeFR\tbPHP1.dll" [BU]
[HKEY_CLASSES_ROOT\clsid\{1c491116-c175-45e1-a570-6fb14fea8b7b}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1c491116-c175-45e1-a570-6fb14fea8b7b}]
c:\program files\PHPNukeFR\tbPHP1.dll [BU]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1c491116-c175-45e1-a570-6fb14fea8b7b}"= "c:\program files\PHPNukeFR\tbPHP1.dll" [BU]
[HKEY_CLASSES_ROOT\clsid\{1c491116-c175-45e1-a570-6fb14fea8b7b}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [BU]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-11-27 274224]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-27 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-27 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-27 150040]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-01-12 185872]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-07-27 180224]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 341488]
"ArcSoft Connection Service"="c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
TotalMedia BackUp & Recorder Monitor.lnk - c:\program files\ArcSoft\TotalMedia Extreme\BackUp & Recorder\uBBMonitor.exe [2010-11-26 286720]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-02 23:45 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Andre^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.3.lnk]
path=c:\documents and settings\Andre\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.3.lnk
backup=c:\windows\pss\OpenOffice.org 2.3.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 06:04 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
c:\program files\DAEMON Tools Lite\daemon.exe [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-26 05:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2010-03-20 17:19 160328 ----a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-08-19 14:15 1217784 ----a-w- c:\program files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-11-27 02:02 274224 ----a-w- c:\program files\uTorrent\uTorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MyWebSearchService"=2 (0x2)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"ekrn"=2 (0x2)
"EhttpSrv"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmDedicatedServer\\TrackManiaServer.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Media Components\\Encoder\\wmenc.exe"=
"c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\SquawkBox\\squawkbox_fs.exe"=
"c:\\Program Files\\FSFDT\\FWInn\\FWINN.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"=
"c:\\Program Files\\Net Tools\\nettools5.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3306:TCP"= 3306:TCP:MySQL Server
"56838:TCP"= 56838:TCP
ando Media Booster"56838:UDP"= 56838:UDP
ando Media Booster"47624:TCP"= 47624:TCP:Yay
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-04-26 207280]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-08-16 691696]
R1 archlp;archlp;c:\windows\system32\drivers\ArcHlp.sys [2010-11-26 91264]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-04-15 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-15 17744]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-04-26 198608]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-04-26 365280]
R3 ArcCD;ArcCD Filter Driver Service;c:\windows\system32\drivers\ArcCD.sys [2010-11-26 36224]
R3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [2007-04-21 9344]
S0 xdrmkdii;xdrmkdii;c:\windows\system32\drivers\qweoyvaz.sys --> c:\windows\system32\drivers\qweoyvaz.sys [?]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys --> c:\windows\system32\DRIVERS\ehdrv.sys [?]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys --> c:\windows\system32\DRIVERS\epfwtdir.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-09 136176]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;"c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe" --> c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-14 34448]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]
S3 StkCMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\drivers\StkCMini.sys [2010-11-21 1579144]
S4 ArcUdfs;ArcUdfs FileSystem Driver Service;c:\windows\system32\drivers\ArcUdfs.sys [2010-11-26 134912]
S4 ekrn;ESET Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - EKRN
*Deregistered* - ArcRec
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contenu du dossier 'Tâches planifiées'
2010-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-09 16:02]
2010-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-09 16:02]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.bigseekpro.com/hypercam/{4328C0FE-3F76-4D6A-98FD-C805966A5C42}
uInternet Settings,ProxyOverride = <local>
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Andre\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
LSP: c:\program files\Fichiers communs\PC Tools\Lsp\PCTLsp.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://gogo.hangame.com/common/HanSetup1010.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://search.swagbucks.com/
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\flashplugin@idm\platform\WINNT\plugins\npidmdcp.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: IDM FlashPlugin: flashplugin@idm - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\flashplugin@idm
FF - Extension: Foxdie: Foxdie@tanjihay.com - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\Foxdie@tanjihay.com
FF - Extension: Foxdie (Graphite): FoxdieGraphite@tanjihay.com - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\FoxdieGraphite@tanjihay.com
FF - Extension: Foxdie for Firefox: foxdie_ext_ocelot@foxdie.us - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\foxdie_ext_ocelot@foxdie.us
FF - Extension: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
FF - Extension: Qute: {36C13C8F-54F1-412e-8177-2E411719162D} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
FF - Extension: RefControl: {455D905A-D37C-4643-A9E2-F6FEFAA0424A} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}
FF - Extension: ChatZilla: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
FF - Extension: Media Converter: {6e764c17-863a-450f-bdd0-6772bd5aaa18} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
FF - Extension: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
FF - Extension: Noia 2.0 (eXtreme): {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
FF - Extension: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Extension: JSView: {cf15270e-cf08-4def-b4ea-6a5ac23f3bca} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{cf15270e-cf08-4def-b4ea-6a5ac23f3bca}
FF - Extension: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Extension: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Extension: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Extension: FoxReplace: fox@replace.fx - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\fox@replace.fx
FF - Extension: Noia 2.0 eXtreme OPT: noia2_option@kk.noia - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\noia2_option@kk.noia
FF - Extension: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Andre\Application Data\Mozilla\Firefox\Profiles\kzakl3kh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
---- PARAMETRES FIREFOX ----
pref(dom.disable_open_during_load, true);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-30 19:22
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-3193426433-2467464653-2156346605-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C038FD21-7045-A7F2-9DBB-E4312ED84029}*]
"hapbfpdpjgnibnho"=hex:6a,61,6a,6a,69,6a,63,69,6f,69,6c,6b,69,63,67,68,62,64,
67,67,00,22
"iafldilakpibmgnmgn"=hex:63,61,6c,67,6a,69,00,7c
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(1900)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
- - - - - - - > 'lsass.exe'(1956)
c:\program files\Fichiers communs\PC Tools\Lsp\PCTLsp.dll
- - - - - - - > 'explorer.exe'(2540)
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Heure de fin: 2010-11-30 19:26:01
ComboFix-quarantined-files.txt 2010-12-01 00:25
ComboFix2.txt 2010-11-30 23:28
ComboFix3.txt 2010-11-30 00:46
Avant-CF: 13 419 544 576 octets libres
Après-CF: 13 405 016 064 octets libres
- - End Of File - - BF37502B8587649B555D51E490B98802
Pour l'autre j'ai toujours cette erreur :
Update has failed The program could not be started. Please close the window of Kaspersky Online Scanner 7.0 and start the program again from the web site of Kaspersky Lab.
Successful updating of Kaspersky Online Scanner 7.0 and scanning of your computer requires uninterrupted Internet connection. Please make sure that the Internet connection is established. [ERROR: License has expired]
Update has failed The program could not be started. Please close the window of Kaspersky Online Scanner 7.0 and start the program again from the web site of Kaspersky Lab.
Successful updating of Kaspersky Online Scanner 7.0 and scanning of your computer requires uninterrupted Internet connection. Please make sure that the Internet connection is established. [ERROR: License has expired]
Bonsoir
on change
Fais un scan en ligne et poste le rapport:
Tutorial ESET Online Scanner:
http://www.bibou0007.com/scans-en-ligne-f75/tutorial-es...
on change
Fais un scan en ligne et poste le rapport:
Tutorial ESET Online Scanner:
http://www.bibou0007.com/scans-en-ligne-f75/tutorial-es...
C:\Documents and Settings\Andre\Menu Démarrer\eBay.lnk Win32/Adware.ADON application nettoyé par suppression - mis en quarantaine
C:\Documents and Settings\Andre\Mes documents\Downloads\Unlocker-1.9.0.exe Win32/Adware.ADON application supprimé - mis en quarantaine
C:\System Volume Information\_restore{2145BA2F-3422-4F65-B755-040E6DE1893B}\RP1\A0000026.lnk Win32/Adware.ADON application nettoyé par suppression - mis en quarantaine
C:\System Volume Information\_restore{2145BA2F-3422-4F65-B755-040E6DE1893B}\RP4\A0003869.lnk Win32/Adware.ADON application nettoyé par suppression - mis en quarantaine
C:\System Volume Information\_restore{2145BA2F-3422-4F65-B755-040E6DE1893B}\RP4\A0003870.lnk Win32/Adware.ADON application nettoyé par suppression - mis en quarantaine
C:\System Volume Information\_restore{81B163D5-8327-4267-B15D-C3450A502F9A}\RP117\A0080633.exe une variante probable de Win32/Agent.LBAGULZ cheval de troie nettoyé par suppression - mis en quarantaine
C:\System Volume Information\_restore{81B163D5-8327-4267-B15D-C3450A502F9A}\RP117\A0080634.exe une variante probable de Win32/Agent.GSJCINI cheval de troie nettoyé par suppression - mis en quarantaine
C:\System Volume Information\_restore{81B163D5-8327-4267-B15D-C3450A502F9A}\RP117\A0080637.ini Win32/Adware.Virtumonde.NEO application nettoyé par suppression - mis en quarantaine
C:\System Volume Information\_restore{81B163D5-8327-4267-B15D-C3450A502F9A}\RP117\A0080638.ini Win32/Adware.Virtumonde.NEO application nettoyé par suppression - mis en quarantaine
C:\System Volume Information\_restore{81B163D5-8327-4267-B15D-C3450A502F9A}\RP117\A0080639.exe une variante de Win32/HotSpotShield application nettoyé par suppression - mis en quarantaine
C:\Documents and Settings\Andre\Mes documents\Downloads\Unlocker-1.9.0.exe Win32/Adware.ADON application supprimé - mis en quarantaine
C:\System Volume Information\_restore{2145BA2F-3422-4F65-B755-040E6DE1893B}\RP1\A0000026.lnk Win32/Adware.ADON application nettoyé par suppression - mis en quarantaine
C:\System Volume Information\_restore{2145BA2F-3422-4F65-B755-040E6DE1893B}\RP4\A0003869.lnk Win32/Adware.ADON application nettoyé par suppression - mis en quarantaine
C:\System Volume Information\_restore{2145BA2F-3422-4F65-B755-040E6DE1893B}\RP4\A0003870.lnk Win32/Adware.ADON application nettoyé par suppression - mis en quarantaine
C:\System Volume Information\_restore{81B163D5-8327-4267-B15D-C3450A502F9A}\RP117\A0080633.exe une variante probable de Win32/Agent.LBAGULZ cheval de troie nettoyé par suppression - mis en quarantaine
C:\System Volume Information\_restore{81B163D5-8327-4267-B15D-C3450A502F9A}\RP117\A0080634.exe une variante probable de Win32/Agent.GSJCINI cheval de troie nettoyé par suppression - mis en quarantaine
C:\System Volume Information\_restore{81B163D5-8327-4267-B15D-C3450A502F9A}\RP117\A0080637.ini Win32/Adware.Virtumonde.NEO application nettoyé par suppression - mis en quarantaine
C:\System Volume Information\_restore{81B163D5-8327-4267-B15D-C3450A502F9A}\RP117\A0080638.ini Win32/Adware.Virtumonde.NEO application nettoyé par suppression - mis en quarantaine
C:\System Volume Information\_restore{81B163D5-8327-4267-B15D-C3450A502F9A}\RP117\A0080639.exe une variante de Win32/HotSpotShield application nettoyé par suppression - mis en quarantaine
re
on va faire autrement
Telecharge:: http://swandog46.geekstogo.com/avenger2/download.php
http://swandog46.geekstogo.com/avenger2/avenger.zip
• dezippe le , Lance le , executer en tant qu'administrateur sous vista![]()
![]()
Dans le cadre , sous Input Script here , copie_colle le contenu du cadre ci dessous et clic execute:
Drivers to delete:
xdrmkdii
Files to delete:
c:\windows\system32\drivers\qweoyvaz.sys
* Après le re-démarrage, il crée un fichier log qui s'ouvrira,que tu posteras dans ta prochaine reponse, faisant apparaitre les actions exécutées par The Avenger. Ce fichier log se trouve ici : C:\avenger.txt
* The Avenger aura également sauvegardé tous les fichiers, etc., que vous lui avez demandé de supprimer, les aura compactés (zipped) et tranféré l'archive zip protégé par mot de passe ici : C:\avenger\backup.zip
on va faire autrement
Telecharge:: http://swandog46.geekstogo.com/avenger2/download.php
http://swandog46.geekstogo.com/avenger2/avenger.zip
• dezippe le , Lance le , executer en tant qu'administrateur sous vista
Dans le cadre , sous Input Script here , copie_colle le contenu du cadre ci dessous et clic execute:
Drivers to delete:
xdrmkdii
Files to delete:
c:\windows\system32\drivers\qweoyvaz.sys
* Après le re-démarrage, il crée un fichier log qui s'ouvrira,que tu posteras dans ta prochaine reponse, faisant apparaitre les actions exécutées par The Avenger. Ce fichier log se trouve ici : C:\avenger.txt
* The Avenger aura également sauvegardé tous les fichiers, etc., que vous lui avez demandé de supprimer, les aura compactés (zipped) et tranféré l'archive zip protégé par mot de passe ici : C:\avenger\backup.zip
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Driver "xdrmkdii" deleted successfully.
Error: file "c:\windows\system32\drivers\qweoyvaz.sys" not found!
Deletion of file "c:\windows\system32\drivers\qweoyvaz.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Completed script processing.
*******************
Finished! Terminate.
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Driver "xdrmkdii" deleted successfully.
Error: file "c:\windows\system32\drivers\qweoyvaz.sys" not found!
Deletion of file "c:\windows\system32\drivers\qweoyvaz.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Completed script processing.
*******************
Finished! Terminate.
re
c'est le moment de faire vérifier tes composants dans cette section du forum:
Section hardware
Tiens-moi au courant
c'est le moment de faire vérifier tes composants dans cette section du forum:
Section hardware
Tiens-moi au courant
Lassé par la pub ? Créez un compte
