[Résolu]SOS virus bloquant les antivirus
Dernière réponse : dans Sécurité
Bonjour,
mon PC est vérolé bien comme il faut... Antivirus inactifs, j'ai essayé tous les scans en ligne, ils plantent tous! Quelqu'un peut il m'aider à le sauver svp?
J'ai téléchargé RSIT... Voici les rapports:
Logfile of random's system information tool 1.09 (written by random/random)
Run by LAM at 2011-08-29 22:27:16
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 9 GB (25%) free of 38 GB
Total RAM: 1279 MB (50% free)
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc5cf3544e4248.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA1cc5cf3545ef2be.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\MpIdleTask.job
C:\WINDOWS\tasks\Reimage Reminder.job
C:\WINDOWS\tasks\Scan hebdo 12h30.job
C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\lam\Application Data\Mozilla\Firefox\Profiles\nuysbbnb.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "mivolo.com"
prefs.js - "extensions.enabledItems" - "toolbar@ask.com:3.12.2.100006, {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.6.0.10, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, jqs@sun.com:1.0, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {B10A7CD3-C859-4bab-8866-859F1DB8E616}:2.0.0.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.20"
prefs.js - "keyword.URL" - "chrome://browser-region/locale/region.properties"
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
C:\Program Files\Mozilla Firefox\components\
AskHPRFF.js
binary.manifest
browsercomps.dll
C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
nppdf32.dll
nppdf32.FRA
C:\Program Files\Mozilla Firefox\searchplugins\
amazon-france.xml
bing.xml
cnrtl-tlfi-fr.xml
eBay-france.xml
google.xml
wikipedia-fr.xml
yahoo-france.xml
C:\Documents and Settings\lam\Application Data\Mozilla\Firefox\Profiles\nuysbbnb.default\extensions\
{7b13ec3e-999a-4b70-b9cb-2617b8323822}
{B10A7CD3-C859-4bab-8866-859F1DB8E616}
C:\Documents and Settings\lam\Application Data\Mozilla\Firefox\Profiles\nuysbbnb.default\searchplugins\
askcom.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{228B2BEC-3E3C-42de-8D00-84C56594DFA2}]
bestHelper Class - C:\Documents and Settings\lam\Local Settings\Application Data\BestPlay\bestplie.dll [2010-12-15 129024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39EA7695-B3F2-4C44-A4BC-297ADA8FD235}]
Sophos Web Content Scanner - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll [2010-12-15 240680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-08-04 79648]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-11-12 13672448]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-11-12 86016]
"NVMixerTray"=C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe [2004-12-20 131072]
"TLogonPath"=C:\Program Files\Timbuktu Pro\minitb2.exe [2003-07-09 65536]
"SunJavaUpdateSched"=C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [2010-05-14 248552]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"wxpdrv"= []
"9814543.exe"=C:\WINDOWS\TEMP\9814543.exe [2011-08-24 636416]
"systemup"=C:\WINDOWS\systemup.exe [2011-08-29 130560]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 997920]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"rjqfrevs"=C:\DOCUME~1\lam\LOCALS~1\Temp\evqceuyly\egmcvsuaffm.exe []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"JavaInstallRetry"=RUNONCE=1 SPONSORS=0 []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1183745.exe]
C:\WINDOWS\TEMP\1183745.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1516971.exe]
C:\WINDOWS\TEMP\1516971.exe [2011-08-21 634880]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1968484.exe]
C:\DOCUME~1\lam\LOCALS~1\Temp\1968484.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2392719.exe]
C:\DOCUME~1\lam\LOCALS~1\Temp\2392719.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\5481841.exe]
C:\WINDOWS\TEMP\5481841.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\66385224-loader2.exe]
C:\WINDOWS\TEMP\66385224-loader2.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JP595IR86O]
C:\DOCUME~1\lam\LOCALS~1\Temp\Mvl.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\l1rezerv.exe]
C:\WINDOWS\l1rezerv.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysdriver32.exe]
C:\WINDOWS\sysdriver32.exe [2011-08-19 263680]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysdriver32_.exe]
C:\WINDOWS\sysdriver32_.exe [2011-08-19 258048]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebDriveTray]
C:\Program Files\NetDrive\netdrive.exe [2003-06-04 294912]
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
AutoUpdate Monitor.lnk - C:\Program Files\Sophos\AutoUpdate\ALMon.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Timbuktu Pro]
C:\Program Files\Timbuktu Pro\Hook32.dll [2003-07-09 81973]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SAVService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Documents and Settings\lam\Mes documents\Téléchargements\Flash-Player.exe"="C:\Documents and Settings\lam\Mes documents\Téléchargements\Flash-Player.exe:*:Enabled:C:\Documents and Settings\lam\Mes documents\Téléchargements\Flash-Player.exe"
"C:\WINDOWS\update.1\svchost.exe"="C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe"
"C:\WINDOWS\update.2\svchost.exe"="C:\WINDOWS\update.2\svchost.exe:*:Enabled:C:\WINDOWS\update.2\svchost.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe"="C:\Program Files\Microsoft Security Client\msseces.exe:*:Enabled:Microsoft Security Client User Interface"
"C:\Program Files\Fichiers communs\Microsoft Shared\DW\DW20.EXE"="C:\Program Files\Fichiers communs\Microsoft Shared\DW\DW20.EXE:*:Enabled:Microsoft Application Error Reporting"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Documents and Settings\lam\Mes documents\Téléchargements\esetsmartinstaller_enu.exe"="C:\Documents and Settings\lam\Mes documents\Téléchargements\esetsmartinstaller_enu.exe:*:Enabled:ESET Smart Installer"
"C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe"="C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe:*:Enabled![:o]( ":o")
nlineCmdLineScanner"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Documents and Settings\lam\Local Settings\Temp\fsonlinescanner.exe"="C:\Documents and Settings\lam\Local Settings\Temp\fsonlinescanner.exe:*:Enabled:F-Secure Online Scanner"
"C:\Documents and Settings\lam\Local Settings\Temp\4d7de767-101b-4ad8-8dd2-5e7e4225cc5f\health_check_gui.exe"="C:\Documents and Settings\lam\Local Settings\Temp\4d7de767-101b-4ad8-8dd2-5e7e4225cc5f\health_check_gui.exe:*:Enabled![:o]( ":o")
sf_gui Application"
"C:\Documents and Settings\lam\Local Settings\Temp\4d7de767-101b-4ad8-8dd2-5e7e4225cc5f\osf_download.exe"="C:\Documents and Settings\lam\Local Settings\Temp\4d7de767-101b-4ad8-8dd2-5e7e4225cc5f\osf_download.exe:*:Enabled![:o]( ":o")
sf_download"
"C:\Documents and Settings\lam\Mes documents\Téléchargements\jre-6u27-windows-i586-s.exe"="C:\Documents and Settings\lam\Mes documents\Téléchargements\jre-6u27-windows-i586-s.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Documents and Settings\lam\Mes documents\Téléchargements\RSIT.exe"="C:\Documents and Settings\lam\Mes documents\Téléchargements\RSIT.exe:*:Enabled:RSIT"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=Ir32_32.dll
"vidc.iv32"=Ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=Ir50_32.dll
"msacm.l3acm"=l3codecp.acm
"vidc.ffds"=ff_vfw.dll
"vidc.VP60"=vp6vfw.dll
"vidc.VP61"=vp6vfw.dll
"vidc.VP62"=vp6vfw.dll
"vidc.xvid"=xvidvfw.dll
"vidc.iv40"=ir41_32.ax
"msacm.siren"=sirenacm.dll
"MSVideo8"=VfWWDM32.dll
======List of files/folders created in the last 1 month======
2011-08-29 22:27:17 ----D---- C:\Program Files\trend micro
2011-08-29 22:27:16 ----D---- C:\rsit
2011-08-29 22:13:07 ----D---- C:\Documents and Settings\All Users\Application Data\boost_interprocess
2011-08-29 22:10:07 ----D---- C:\Documents and Settings\lam\Application Data\f-secure
2011-08-29 22:09:34 ----D---- C:\Documents and Settings\All Users\Application Data\F-Secure
2011-08-29 21:58:56 ----D---- C:\Program Files\ESET
2011-08-29 21:43:49 ----A---- C:\WINDOWS\system32\MRT.exe
2011-08-29 21:38:18 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2011-08-29 21:33:17 ----D---- C:\WINDOWS\LastGood
2011-08-29 21:32:59 ----D---- C:\Program Files\Microsoft Security Client
2011-08-29 20:54:19 ----N---- C:\WINDOWS\PAVSHRB.INI
2011-08-29 20:53:27 ----HD---- C:\WINDOWS\update.8.1
2011-08-29 20:53:22 ----D---- C:\Program Files\Fichiers communs\Panda Security
2011-08-24 18:23:07 ----A---- C:\WINDOWS\reimage.ini
2011-08-24 18:22:41 ----D---- C:\rei
2011-08-24 18:22:35 ----D---- C:\Program Files\Reimage
2011-08-24 17:09:56 ----A---- C:\WINDOWS\systemup.exe
2011-08-23 12:13:01 ----D---- C:\WINDOWS\pss
2011-08-22 08:56:39 ----D---- C:\Documents and Settings\lam\Application Data\Skype
2011-08-21 22:28:24 ----D---- C:\Program Files\NetDrive
2011-08-21 22:28:24 ----A---- C:\WINDOWS\system32\rfwdres.dll
2011-08-21 22:28:24 ----A---- C:\WINDOWS\system32\rfstrres.dll
2011-08-21 22:28:24 ----A---- C:\WINDOWS\system32\rfshres.dll
2011-08-21 22:28:24 ----A---- C:\WINDOWS\system32\rfshext.dll
2011-08-21 22:28:24 ----A---- C:\WINDOWS\system32\RFNP32.dll
2011-08-21 22:28:24 ----A---- C:\WINDOWS\system32\rfhres.dll
2011-08-21 22:28:24 ----A---- C:\WINDOWS\system32\RFHelper.dll
2011-08-21 20:59:25 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2011-08-19 17:06:01 ----HD---- C:\WINDOWS\update.7.1
2011-08-19 16:53:08 ----D---- C:\WINDOWS\ufa
2011-08-19 16:53:08 ----D---- C:\WINDOWS\rpcminer
2011-08-19 16:53:08 ----D---- C:\WINDOWS\phoenix
2011-08-19 16:51:04 ----A---- C:\WINDOWS\btc_client_iplist.txt
2011-08-19 16:50:31 ----HD---- C:\WINDOWS\update.5.0
2011-08-19 16:50:01 ----A---- C:\WINDOWS\iecheck_iplist.txt
2011-08-19 16:48:50 ----HD---- C:\WINDOWS\update.2
2011-08-19 16:43:01 ----A---- C:\WINDOWS\unrar.exe
2011-08-19 16:38:42 ----A---- C:\WINDOWS\iplist.txt
2011-08-19 16:38:12 ----A---- C:\WINDOWS\sysdriver32_.exe
2011-08-19 16:37:56 ----A---- C:\WINDOWS\sysdriver32.exe
2011-08-19 16:37:28 ----A---- C:\WINDOWS\front_ip_list.txt
2011-08-19 16:37:02 ----HD---- C:\WINDOWS\update.1
======List of files/folders modified in the last 1 month======
2011-08-29 22:27:17 ----D---- C:\Program Files
2011-08-29 21:44:41 ----D---- C:\WINDOWS\Temp
2011-08-29 21:43:53 ----D---- C:\WINDOWS\Debug
2011-08-29 21:43:49 ----D---- C:\WINDOWS\system32
2011-08-29 21:38:42 ----SD---- C:\WINDOWS\Tasks
2011-08-29 21:33:50 ----D---- C:\WINDOWS
2011-08-29 21:33:38 ----SHD---- C:\WINDOWS\Installer
2011-08-29 21:33:17 ----HD---- C:\WINDOWS\inf
2011-08-29 21:33:17 ----D---- C:\WINDOWS\system32\drivers
2011-08-29 21:27:54 ----D---- C:\WINDOWS\Prefetch
2011-08-29 21:23:45 ----D---- C:\Program Files\Mozilla Firefox
2011-08-29 21:13:26 ----D---- C:\WINDOWS\system32\CatRoot2
2011-08-29 20:53:22 ----D---- C:\Program Files\Fichiers communs
2011-08-29 20:51:43 ----SHD---- C:\System Volume Information
2011-08-29 20:51:43 ----D---- C:\WINDOWS\system32\Restore
2011-08-29 20:35:02 ----SHD---- C:\WINDOWS\CSC
2011-08-24 19:10:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-08-24 12:55:38 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-08-22 09:07:48 ----D---- C:\Program Files\Adobe
2011-08-22 00:03:56 ----D---- C:\Documents and Settings\lam\Application Data\Usenet.nl
2011-08-21 22:37:55 ----D---- C:\Program Files\Fichiers communs\InstallShield
2011-08-21 21:33:03 ----SD---- C:\WINDOWS\Downloaded Program Files
2011-08-20 14:50:13 ----D---- C:\Program Files\Services en ligne
2011-08-19 16:58:04 ----RSD---- C:\WINDOWS\assembly
2011-08-17 17:46:54 ----D---- C:\Program Files\Usenet.nl
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 nv_agp;NVIDIA nForce AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\nv_agp.sys [2006-02-26 21760]
R0 nvatabus;nvatabus; C:\WINDOWS\system32\DRIVERS\nvatabus.sys [2006-02-26 89856]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver; C:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2006-02-26 16640]
R0 ohci1394;Contrôleur hôte Texas Instruments IEEE 1394 compatible OHCI (Open Host Controller Interface); C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-19 36864]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2011-04-18 165648]
R1 MpKslc3eb3806;MpKslc3eb3806; \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{758D41A4-E2C9-4839-A26B-878D551648F9}\MpKslc3eb3806.sys []
R1 SAVOnAccessControl;SAVOnAccessControl; C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys [2009-04-30 110848]
R1 SAVOnAccessFilter;SAVOnAccessFilter; C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys [2009-05-06 38528]
R1 ShldDrv;Panda File Shield Driver; C:\WINDOWS\System32\DRIVERS\ShlDrv51.sys []
R1 Tb2Device;TB2 Remote Control Driver; C:\WINDOWS\NetopiaRC\Tb2Device.sys [2003-05-12 7257]
R1 Tb2MirrorSys;TB2 Remote Control Mirror Driver; C:\WINDOWS\NetopiaRC\Tb2MirrorSys.sys [2003-05-12 15455]
R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 PavProc;Panda Process Protection Driver; \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys []
R2 WebDriveFSD;WebDrive File System Driver; \??\C:\Program Files\NetDrive\rffsd.sys []
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 BCM43XX;Pilote pour carte réseau Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-08-13 822272]
R3 cpuz134;cpuz134; \??\C:\DOCUME~1\lam\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys []
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-04-13 1897408]
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2006-02-26 53376]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2006-02-26 414464]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-10-30 117120]
S0 rdvkodmj;rdvkodmj; C:\WINDOWS\system32\drivers\rdvkodmj.sys []
S3 b87fe6ab;b87fe6ab; C:\WINDOWS\2884009912:1199577428.exe []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 fbxusb;Carte réseau virtuelle FreeBox USB; C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]
S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 QV2KUX;Appareil photo numérique Casio; C:\WINDOWS\system32\DRIVERS\qv2kux.sys [2001-08-17 3328]
S3 RkHit;RkHit; \??\C:\WINDOWS\system32\drivers\RKHit.sys []
S3 se59bus;Sony Ericsson Device 089 driver (WDM); C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 61536]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 RFNP32;WebDrive Provider; C:\WINDOWS\system32\drivers\RFNP32.sys []
S4 SophosBootDriver;SophosBootDriver; C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys [2009-05-06 14976]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ddservice;ddservice; C:\WINDOWS\update.7.1\svchostdriver.exe [2011-08-19 386560]
R2 PavPrSrv;Panda Process Protection Service; C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe []
R2 SAVAdminService;Créateur de rapports d'état Sophos Anti-Virus; C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2010-12-15 80936]
R2 Sophos Agent;Sophos Agent; C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe [2009-04-30 266240]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service; C:\Program Files\Sophos\AutoUpdate\ALsvc.exe [2010-12-15 172032]
R2 Sophos Message Router;Sophos Message Router; C:\Program Files\Sophos\Remote Management System\RouterNT.exe [2009-04-30 794624]
R2 srvbtcclient;srvbtcclient; C:\WINDOWS\update.5.0\svchost.exe [2011-08-21 359936]
R2 srviecheck;srviecheck; C:\WINDOWS\update.2\svchost.exe [2011-08-24 640512]
R2 srvsysdriver32;srvsysdriver32; C:\WINDOWS\sysdriver32.exe [2011-08-19 263680]
R2 Tb2Launch;Tb2 Launch; C:\Program Files\Timbuktu Pro\tb2launch.exe [2003-07-09 208967]
R2 WebDriveService;WebDrive Service; C:\Program Files\NetDrive\wdService.exe [2003-03-26 110592]
S2 gupdate;Service Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-09 130048]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-17 153376]
S2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 11736]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-11-12 163908]
S2 SAVService;Sophos Anti-Virus; C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [2009-04-30 98304]
S2 SSHNAS;SSHNAS; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gupdatem;Service Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-09 130048]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 82432]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.09 2011-08-29 22:27:55
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10k_Plugin.exe -maintain plugin
Adobe Reader 9.4.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A94000000001}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
BestPlay-->C:\Documents and Settings\lam\Local Settings\Application Data\BestPlay\Uninstall.exe
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Citrix Program Neighborhood-->C:\WINDOWS\ISUN040C.EXE -fC:\PROGRA~1\Citrix\CLIENT~1\Uninst.isu -cC:\PROGRA~1\Citrix\CLIENT~1\uninstpn.dll
ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
Free HD Converter V 1.4-->"C:\Program Files\Free HD Converter\unins000.exe"
Free Video Converter V 2.3-->"C:\Program Files\Free Video Converter\unins000.exe"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\13.0.782.215\Installer\setup.exe" --uninstall --multi-install --chrome --system-level
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Hollywood Poker Tournament Director's Poker Clock-->C:\Program Files\Hollywood Poker Tournament Director's Poker Clock\Hollywood Poker Tournament Director's Poker Clock.exe /UNINSTALL "C:\WINDOWS\system32\Hollywood Poker Tournament Director's Poker Clock.log"
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
Java(TM) 6 Update 21-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Antimalware Service FR-FR Language Pack-->MsiExec.exe /X{32E9C1A5-0FDA-4483-987D-DBABF9CC1DD8}
Microsoft Antimalware-->MsiExec.exe /X{05BFB060-4F22-4710-B0A2-2801A1B606C5}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Security Client FR-FR Language Pack-->MsiExec.exe /I{50779A29-834E-4E36-BBEB-B7CABC67A825}
Microsoft Security Client-->MsiExec.exe /I{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}
Microsoft Security Essentials-->C:\Program Files\Microsoft Security Client\Setup.exe /x
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Mozilla Firefox 6.0 (x86 fr)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
NetDrive-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\NetDrive\Uninst.isu" -c"C:\Program Files\NetDrive\uninstall.dll"
NVIDIA Drivers-->C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI
NvMixer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7A6C517-11F2-419F-B5BB-27772B939698}\Setup.exe" -uninstall
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Reimage Repair-->C:\Program Files\Reimage\Reimage Repair\uninst.exe
Satsuki Decoder Pack 4000-->C:\Program Files\Satsuki Decoder Pack\Uninstall.exe
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SLD Codec Pack-->C:\Program Files\SLD Codec Pack\uninstall.exe
Sophos Anti-Virus-->MsiExec.exe /X{034759DA-E21A-4795-BFB3-C66D17FAD183}
Sophos AutoUpdate-->MsiExec.exe /X{15C418EB-7675-42BE-B2B3-281952DA014D}
Sophos Remote Management System-->MsiExec.exe /X{FF11005D-CBC8-45D5-A288-25C7BB304121}
The KMPlayer (remove only)-->"C:\Program Files\The KMPlayer\uninstall.exe"
Timbuktu Pro-->"C:\WINDOWS\TB2\dinstall.exe"
Usenet.nl-->"C:\Program Files\Usenet.nl\unins000.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
XnView 1.74-->"C:\Program Files\XnView\unins000.exe"
======Hosts File======
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
======Security center information======
AV: Sophos Anti-Virus (disabled) (outdated)
AV: Microsoft Security Essentials
======System event log======
Computer Name: MEHQ
Event Code: 5719
Message: Aucun contrôleur de domaine n'est disponible pour le domaine CHU pour la raison suivante :
Aucun serveur d'accès n'est actuellement disponible pour traiter la demande d'ouverture de session.
.
Vérifiez que l'ordinateur est connecté au réseau et tentez
une nouvelle fois. Si le problème persiste, contactez votre administrateur système.
Record Number: 49415
Source Name: NETLOGON
Time Written: 20110820114149.000000+120
Event Type: erreur
User:
Computer Name: MEHQ
Event Code: 6005
Message: Le service d'Enregistrement d'événement a démarré.
Record Number: 49414
Source Name: EventLog
Time Written: 20110820114129.000000+120
Event Type: Informations
User:
Computer Name: MEHQ
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Uniprocessor Free.
Record Number: 49413
Source Name: EventLog
Time Written: 20110820114129.000000+120
Event Type: Informations
User:
Computer Name: MEHQ
Event Code: 6006
Message: Le service d'Enregistrement d'événement a été arrêté.
Record Number: 49412
Source Name: EventLog
Time Written: 20110820112800.000000+120
Event Type: Informations
User:
Computer Name: MEHQ
Event Code: 7036
Message: Le service Tb2 Launch est entré dans l'état : arrêté.
Record Number: 49411
Source Name: Service Control Manager
Time Written: 20110820112756.000000+120
Event Type: Informations
User:
=====Application event log=====
Computer Name: MEHQ
Event Code: 8005
Message: Echec de la consultation des tables DNS lors de la tentative de résolution des adresses suivantes : SRV-SOPHOS,SRV-SOPHOS.chu-toulouse.fr,fe80::3403![:D]( ":D")
91c:fa40:c4a7.%3
Record Number: 68030
Source Name: Sophos Message Router
Time Written: 20110108224630.000000+060
Event Type: erreur
User: AUTORITE NT\SYSTEM
Computer Name: MEHQ
Event Code: 8005
Message: Echec de la consultation des tables DNS lors de la tentative de résolution des adresses suivantes : SRV-SOPHOS,SRV-SOPHOS.chu-toulouse.fr,fe80::3403![:D]( ":D")
91c:fa40:c4a7.%3
Record Number: 68029
Source Name: Sophos Message Router
Time Written: 20110108224039.000000+060
Event Type: erreur
User: AUTORITE NT\SYSTEM
Computer Name: MEHQ
Event Code: 8005
Message: Echec de la consultation des tables DNS lors de la tentative de résolution des adresses suivantes : SRV-SOPHOS,SRV-SOPHOS.chu-toulouse.fr,fe80::3403![:D]( ":D")
91c:fa40:c4a7.%3
Record Number: 68028
Source Name: Sophos Message Router
Time Written: 20110108223448.000000+060
Event Type: erreur
User: AUTORITE NT\SYSTEM
Computer Name: MEHQ
Event Code: 8005
Message: Echec de la consultation des tables DNS lors de la tentative de résolution des adresses suivantes : SRV-SOPHOS,SRV-SOPHOS.chu-toulouse.fr,fe80::3403![:D]( ":D")
91c:fa40:c4a7.%3
Record Number: 68027
Source Name: Sophos Message Router
Time Written: 20110108222857.000000+060
Event Type: erreur
User: AUTORITE NT\SYSTEM
Computer Name: MEHQ
Event Code: 8005
Message: Echec de la consultation des tables DNS lors de la tentative de résolution des adresses suivantes : SRV-SOPHOS,SRV-SOPHOS.chu-toulouse.fr,fe80::3403![:D]( ":D")
91c:fa40:c4a7.%3
Record Number: 68026
Source Name: Sophos Message Router
Time Written: 20110108222306.000000+060
Event Type: erreur
User: AUTORITE NT\SYSTEM
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 28 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=1c00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
mon PC est vérolé bien comme il faut... Antivirus inactifs, j'ai essayé tous les scans en ligne, ils plantent tous! Quelqu'un peut il m'aider à le sauver svp?
J'ai téléchargé RSIT... Voici les rapports:
Logfile of random's system information tool 1.09 (written by random/random)
Run by LAM at 2011-08-29 22:27:16
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 9 GB (25%) free of 38 GB
Total RAM: 1279 MB (50% free)
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc5cf3544e4248.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA1cc5cf3545ef2be.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\MpIdleTask.job
C:\WINDOWS\tasks\Reimage Reminder.job
C:\WINDOWS\tasks\Scan hebdo 12h30.job
C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\lam\Application Data\Mozilla\Firefox\Profiles\nuysbbnb.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "mivolo.com"
prefs.js - "extensions.enabledItems" - "toolbar@ask.com:3.12.2.100006, {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.6.0.10, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, jqs@sun.com:1.0, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {B10A7CD3-C859-4bab-8866-859F1DB8E616}:2.0.0.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.20"
prefs.js - "keyword.URL" - "chrome://browser-region/locale/region.properties"
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
C:\Program Files\Mozilla Firefox\components\
AskHPRFF.js
binary.manifest
browsercomps.dll
C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
nppdf32.dll
nppdf32.FRA
C:\Program Files\Mozilla Firefox\searchplugins\
amazon-france.xml
bing.xml
cnrtl-tlfi-fr.xml
eBay-france.xml
google.xml
wikipedia-fr.xml
yahoo-france.xml
C:\Documents and Settings\lam\Application Data\Mozilla\Firefox\Profiles\nuysbbnb.default\extensions\
{7b13ec3e-999a-4b70-b9cb-2617b8323822}
{B10A7CD3-C859-4bab-8866-859F1DB8E616}
C:\Documents and Settings\lam\Application Data\Mozilla\Firefox\Profiles\nuysbbnb.default\searchplugins\
askcom.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{228B2BEC-3E3C-42de-8D00-84C56594DFA2}]
bestHelper Class - C:\Documents and Settings\lam\Local Settings\Application Data\BestPlay\bestplie.dll [2010-12-15 129024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39EA7695-B3F2-4C44-A4BC-297ADA8FD235}]
Sophos Web Content Scanner - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll [2010-12-15 240680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-08-04 79648]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-11-12 13672448]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-11-12 86016]
"NVMixerTray"=C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe [2004-12-20 131072]
"TLogonPath"=C:\Program Files\Timbuktu Pro\minitb2.exe [2003-07-09 65536]
"SunJavaUpdateSched"=C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [2010-05-14 248552]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"wxpdrv"= []
"9814543.exe"=C:\WINDOWS\TEMP\9814543.exe [2011-08-24 636416]
"systemup"=C:\WINDOWS\systemup.exe [2011-08-29 130560]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 997920]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"rjqfrevs"=C:\DOCUME~1\lam\LOCALS~1\Temp\evqceuyly\egmcvsuaffm.exe []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"JavaInstallRetry"=RUNONCE=1 SPONSORS=0 []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1183745.exe]
C:\WINDOWS\TEMP\1183745.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1516971.exe]
C:\WINDOWS\TEMP\1516971.exe [2011-08-21 634880]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1968484.exe]
C:\DOCUME~1\lam\LOCALS~1\Temp\1968484.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2392719.exe]
C:\DOCUME~1\lam\LOCALS~1\Temp\2392719.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\5481841.exe]
C:\WINDOWS\TEMP\5481841.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\66385224-loader2.exe]
C:\WINDOWS\TEMP\66385224-loader2.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JP595IR86O]
C:\DOCUME~1\lam\LOCALS~1\Temp\Mvl.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\l1rezerv.exe]
C:\WINDOWS\l1rezerv.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysdriver32.exe]
C:\WINDOWS\sysdriver32.exe [2011-08-19 263680]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysdriver32_.exe]
C:\WINDOWS\sysdriver32_.exe [2011-08-19 258048]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebDriveTray]
C:\Program Files\NetDrive\netdrive.exe [2003-06-04 294912]
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
AutoUpdate Monitor.lnk - C:\Program Files\Sophos\AutoUpdate\ALMon.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Timbuktu Pro]
C:\Program Files\Timbuktu Pro\Hook32.dll [2003-07-09 81973]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SAVService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Documents and Settings\lam\Mes documents\Téléchargements\Flash-Player.exe"="C:\Documents and Settings\lam\Mes documents\Téléchargements\Flash-Player.exe:*:Enabled:C:\Documents and Settings\lam\Mes documents\Téléchargements\Flash-Player.exe"
"C:\WINDOWS\update.1\svchost.exe"="C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe"
"C:\WINDOWS\update.2\svchost.exe"="C:\WINDOWS\update.2\svchost.exe:*:Enabled:C:\WINDOWS\update.2\svchost.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe"="C:\Program Files\Microsoft Security Client\msseces.exe:*:Enabled:Microsoft Security Client User Interface"
"C:\Program Files\Fichiers communs\Microsoft Shared\DW\DW20.EXE"="C:\Program Files\Fichiers communs\Microsoft Shared\DW\DW20.EXE:*:Enabled:Microsoft Application Error Reporting"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Documents and Settings\lam\Mes documents\Téléchargements\esetsmartinstaller_enu.exe"="C:\Documents and Settings\lam\Mes documents\Téléchargements\esetsmartinstaller_enu.exe:*:Enabled:ESET Smart Installer"
"C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe"="C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe:*:Enabled
nlineCmdLineScanner""C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Documents and Settings\lam\Local Settings\Temp\fsonlinescanner.exe"="C:\Documents and Settings\lam\Local Settings\Temp\fsonlinescanner.exe:*:Enabled:F-Secure Online Scanner"
"C:\Documents and Settings\lam\Local Settings\Temp\4d7de767-101b-4ad8-8dd2-5e7e4225cc5f\health_check_gui.exe"="C:\Documents and Settings\lam\Local Settings\Temp\4d7de767-101b-4ad8-8dd2-5e7e4225cc5f\health_check_gui.exe:*:Enabled
sf_gui Application""C:\Documents and Settings\lam\Local Settings\Temp\4d7de767-101b-4ad8-8dd2-5e7e4225cc5f\osf_download.exe"="C:\Documents and Settings\lam\Local Settings\Temp\4d7de767-101b-4ad8-8dd2-5e7e4225cc5f\osf_download.exe:*:Enabled
sf_download""C:\Documents and Settings\lam\Mes documents\Téléchargements\jre-6u27-windows-i586-s.exe"="C:\Documents and Settings\lam\Mes documents\Téléchargements\jre-6u27-windows-i586-s.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Documents and Settings\lam\Mes documents\Téléchargements\RSIT.exe"="C:\Documents and Settings\lam\Mes documents\Téléchargements\RSIT.exe:*:Enabled:RSIT"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=Ir32_32.dll
"vidc.iv32"=Ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=Ir50_32.dll
"msacm.l3acm"=l3codecp.acm
"vidc.ffds"=ff_vfw.dll
"vidc.VP60"=vp6vfw.dll
"vidc.VP61"=vp6vfw.dll
"vidc.VP62"=vp6vfw.dll
"vidc.xvid"=xvidvfw.dll
"vidc.iv40"=ir41_32.ax
"msacm.siren"=sirenacm.dll
"MSVideo8"=VfWWDM32.dll
======List of files/folders created in the last 1 month======
2011-08-29 22:27:17 ----D---- C:\Program Files\trend micro
2011-08-29 22:27:16 ----D---- C:\rsit
2011-08-29 22:13:07 ----D---- C:\Documents and Settings\All Users\Application Data\boost_interprocess
2011-08-29 22:10:07 ----D---- C:\Documents and Settings\lam\Application Data\f-secure
2011-08-29 22:09:34 ----D---- C:\Documents and Settings\All Users\Application Data\F-Secure
2011-08-29 21:58:56 ----D---- C:\Program Files\ESET
2011-08-29 21:43:49 ----A---- C:\WINDOWS\system32\MRT.exe
2011-08-29 21:38:18 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2011-08-29 21:33:17 ----D---- C:\WINDOWS\LastGood
2011-08-29 21:32:59 ----D---- C:\Program Files\Microsoft Security Client
2011-08-29 20:54:19 ----N---- C:\WINDOWS\PAVSHRB.INI
2011-08-29 20:53:27 ----HD---- C:\WINDOWS\update.8.1
2011-08-29 20:53:22 ----D---- C:\Program Files\Fichiers communs\Panda Security
2011-08-24 18:23:07 ----A---- C:\WINDOWS\reimage.ini
2011-08-24 18:22:41 ----D---- C:\rei
2011-08-24 18:22:35 ----D---- C:\Program Files\Reimage
2011-08-24 17:09:56 ----A---- C:\WINDOWS\systemup.exe
2011-08-23 12:13:01 ----D---- C:\WINDOWS\pss
2011-08-22 08:56:39 ----D---- C:\Documents and Settings\lam\Application Data\Skype
2011-08-21 22:28:24 ----D---- C:\Program Files\NetDrive
2011-08-21 22:28:24 ----A---- C:\WINDOWS\system32\rfwdres.dll
2011-08-21 22:28:24 ----A---- C:\WINDOWS\system32\rfstrres.dll
2011-08-21 22:28:24 ----A---- C:\WINDOWS\system32\rfshres.dll
2011-08-21 22:28:24 ----A---- C:\WINDOWS\system32\rfshext.dll
2011-08-21 22:28:24 ----A---- C:\WINDOWS\system32\RFNP32.dll
2011-08-21 22:28:24 ----A---- C:\WINDOWS\system32\rfhres.dll
2011-08-21 22:28:24 ----A---- C:\WINDOWS\system32\RFHelper.dll
2011-08-21 20:59:25 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2011-08-19 17:06:01 ----HD---- C:\WINDOWS\update.7.1
2011-08-19 16:53:08 ----D---- C:\WINDOWS\ufa
2011-08-19 16:53:08 ----D---- C:\WINDOWS\rpcminer
2011-08-19 16:53:08 ----D---- C:\WINDOWS\phoenix
2011-08-19 16:51:04 ----A---- C:\WINDOWS\btc_client_iplist.txt
2011-08-19 16:50:31 ----HD---- C:\WINDOWS\update.5.0
2011-08-19 16:50:01 ----A---- C:\WINDOWS\iecheck_iplist.txt
2011-08-19 16:48:50 ----HD---- C:\WINDOWS\update.2
2011-08-19 16:43:01 ----A---- C:\WINDOWS\unrar.exe
2011-08-19 16:38:42 ----A---- C:\WINDOWS\iplist.txt
2011-08-19 16:38:12 ----A---- C:\WINDOWS\sysdriver32_.exe
2011-08-19 16:37:56 ----A---- C:\WINDOWS\sysdriver32.exe
2011-08-19 16:37:28 ----A---- C:\WINDOWS\front_ip_list.txt
2011-08-19 16:37:02 ----HD---- C:\WINDOWS\update.1
======List of files/folders modified in the last 1 month======
2011-08-29 22:27:17 ----D---- C:\Program Files
2011-08-29 21:44:41 ----D---- C:\WINDOWS\Temp
2011-08-29 21:43:53 ----D---- C:\WINDOWS\Debug
2011-08-29 21:43:49 ----D---- C:\WINDOWS\system32
2011-08-29 21:38:42 ----SD---- C:\WINDOWS\Tasks
2011-08-29 21:33:50 ----D---- C:\WINDOWS
2011-08-29 21:33:38 ----SHD---- C:\WINDOWS\Installer
2011-08-29 21:33:17 ----HD---- C:\WINDOWS\inf
2011-08-29 21:33:17 ----D---- C:\WINDOWS\system32\drivers
2011-08-29 21:27:54 ----D---- C:\WINDOWS\Prefetch
2011-08-29 21:23:45 ----D---- C:\Program Files\Mozilla Firefox
2011-08-29 21:13:26 ----D---- C:\WINDOWS\system32\CatRoot2
2011-08-29 20:53:22 ----D---- C:\Program Files\Fichiers communs
2011-08-29 20:51:43 ----SHD---- C:\System Volume Information
2011-08-29 20:51:43 ----D---- C:\WINDOWS\system32\Restore
2011-08-29 20:35:02 ----SHD---- C:\WINDOWS\CSC
2011-08-24 19:10:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-08-24 12:55:38 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-08-22 09:07:48 ----D---- C:\Program Files\Adobe
2011-08-22 00:03:56 ----D---- C:\Documents and Settings\lam\Application Data\Usenet.nl
2011-08-21 22:37:55 ----D---- C:\Program Files\Fichiers communs\InstallShield
2011-08-21 21:33:03 ----SD---- C:\WINDOWS\Downloaded Program Files
2011-08-20 14:50:13 ----D---- C:\Program Files\Services en ligne
2011-08-19 16:58:04 ----RSD---- C:\WINDOWS\assembly
2011-08-17 17:46:54 ----D---- C:\Program Files\Usenet.nl
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 nv_agp;NVIDIA nForce AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\nv_agp.sys [2006-02-26 21760]
R0 nvatabus;nvatabus; C:\WINDOWS\system32\DRIVERS\nvatabus.sys [2006-02-26 89856]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver; C:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2006-02-26 16640]
R0 ohci1394;Contrôleur hôte Texas Instruments IEEE 1394 compatible OHCI (Open Host Controller Interface); C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-19 36864]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2011-04-18 165648]
R1 MpKslc3eb3806;MpKslc3eb3806; \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{758D41A4-E2C9-4839-A26B-878D551648F9}\MpKslc3eb3806.sys []
R1 SAVOnAccessControl;SAVOnAccessControl; C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys [2009-04-30 110848]
R1 SAVOnAccessFilter;SAVOnAccessFilter; C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys [2009-05-06 38528]
R1 ShldDrv;Panda File Shield Driver; C:\WINDOWS\System32\DRIVERS\ShlDrv51.sys []
R1 Tb2Device;TB2 Remote Control Driver; C:\WINDOWS\NetopiaRC\Tb2Device.sys [2003-05-12 7257]
R1 Tb2MirrorSys;TB2 Remote Control Mirror Driver; C:\WINDOWS\NetopiaRC\Tb2MirrorSys.sys [2003-05-12 15455]
R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 PavProc;Panda Process Protection Driver; \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys []
R2 WebDriveFSD;WebDrive File System Driver; \??\C:\Program Files\NetDrive\rffsd.sys []
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 BCM43XX;Pilote pour carte réseau Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-08-13 822272]
R3 cpuz134;cpuz134; \??\C:\DOCUME~1\lam\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys []
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-04-13 1897408]
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2006-02-26 53376]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2006-02-26 414464]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-10-30 117120]
S0 rdvkodmj;rdvkodmj; C:\WINDOWS\system32\drivers\rdvkodmj.sys []
S3 b87fe6ab;b87fe6ab; C:\WINDOWS\2884009912:1199577428.exe []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 fbxusb;Carte réseau virtuelle FreeBox USB; C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]
S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 QV2KUX;Appareil photo numérique Casio; C:\WINDOWS\system32\DRIVERS\qv2kux.sys [2001-08-17 3328]
S3 RkHit;RkHit; \??\C:\WINDOWS\system32\drivers\RKHit.sys []
S3 se59bus;Sony Ericsson Device 089 driver (WDM); C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 61536]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 RFNP32;WebDrive Provider; C:\WINDOWS\system32\drivers\RFNP32.sys []
S4 SophosBootDriver;SophosBootDriver; C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys [2009-05-06 14976]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ddservice;ddservice; C:\WINDOWS\update.7.1\svchostdriver.exe [2011-08-19 386560]
R2 PavPrSrv;Panda Process Protection Service; C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe []
R2 SAVAdminService;Créateur de rapports d'état Sophos Anti-Virus; C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2010-12-15 80936]
R2 Sophos Agent;Sophos Agent; C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe [2009-04-30 266240]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service; C:\Program Files\Sophos\AutoUpdate\ALsvc.exe [2010-12-15 172032]
R2 Sophos Message Router;Sophos Message Router; C:\Program Files\Sophos\Remote Management System\RouterNT.exe [2009-04-30 794624]
R2 srvbtcclient;srvbtcclient; C:\WINDOWS\update.5.0\svchost.exe [2011-08-21 359936]
R2 srviecheck;srviecheck; C:\WINDOWS\update.2\svchost.exe [2011-08-24 640512]
R2 srvsysdriver32;srvsysdriver32; C:\WINDOWS\sysdriver32.exe [2011-08-19 263680]
R2 Tb2Launch;Tb2 Launch; C:\Program Files\Timbuktu Pro\tb2launch.exe [2003-07-09 208967]
R2 WebDriveService;WebDrive Service; C:\Program Files\NetDrive\wdService.exe [2003-03-26 110592]
S2 gupdate;Service Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-09 130048]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-17 153376]
S2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 11736]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-11-12 163908]
S2 SAVService;Sophos Anti-Virus; C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [2009-04-30 98304]
S2 SSHNAS;SSHNAS; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gupdatem;Service Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-09 130048]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 82432]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.09 2011-08-29 22:27:55
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10k_Plugin.exe -maintain plugin
Adobe Reader 9.4.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A94000000001}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
BestPlay-->C:\Documents and Settings\lam\Local Settings\Application Data\BestPlay\Uninstall.exe
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Citrix Program Neighborhood-->C:\WINDOWS\ISUN040C.EXE -fC:\PROGRA~1\Citrix\CLIENT~1\Uninst.isu -cC:\PROGRA~1\Citrix\CLIENT~1\uninstpn.dll
ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
Free HD Converter V 1.4-->"C:\Program Files\Free HD Converter\unins000.exe"
Free Video Converter V 2.3-->"C:\Program Files\Free Video Converter\unins000.exe"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\13.0.782.215\Installer\setup.exe" --uninstall --multi-install --chrome --system-level
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Hollywood Poker Tournament Director's Poker Clock-->C:\Program Files\Hollywood Poker Tournament Director's Poker Clock\Hollywood Poker Tournament Director's Poker Clock.exe /UNINSTALL "C:\WINDOWS\system32\Hollywood Poker Tournament Director's Poker Clock.log"
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
Java(TM) 6 Update 21-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Antimalware Service FR-FR Language Pack-->MsiExec.exe /X{32E9C1A5-0FDA-4483-987D-DBABF9CC1DD8}
Microsoft Antimalware-->MsiExec.exe /X{05BFB060-4F22-4710-B0A2-2801A1B606C5}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Security Client FR-FR Language Pack-->MsiExec.exe /I{50779A29-834E-4E36-BBEB-B7CABC67A825}
Microsoft Security Client-->MsiExec.exe /I{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}
Microsoft Security Essentials-->C:\Program Files\Microsoft Security Client\Setup.exe /x
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Mozilla Firefox 6.0 (x86 fr)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
NetDrive-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\NetDrive\Uninst.isu" -c"C:\Program Files\NetDrive\uninstall.dll"
NVIDIA Drivers-->C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI
NvMixer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7A6C517-11F2-419F-B5BB-27772B939698}\Setup.exe" -uninstall
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Reimage Repair-->C:\Program Files\Reimage\Reimage Repair\uninst.exe
Satsuki Decoder Pack 4000-->C:\Program Files\Satsuki Decoder Pack\Uninstall.exe
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SLD Codec Pack-->C:\Program Files\SLD Codec Pack\uninstall.exe
Sophos Anti-Virus-->MsiExec.exe /X{034759DA-E21A-4795-BFB3-C66D17FAD183}
Sophos AutoUpdate-->MsiExec.exe /X{15C418EB-7675-42BE-B2B3-281952DA014D}
Sophos Remote Management System-->MsiExec.exe /X{FF11005D-CBC8-45D5-A288-25C7BB304121}
The KMPlayer (remove only)-->"C:\Program Files\The KMPlayer\uninstall.exe"
Timbuktu Pro-->"C:\WINDOWS\TB2\dinstall.exe"
Usenet.nl-->"C:\Program Files\Usenet.nl\unins000.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
XnView 1.74-->"C:\Program Files\XnView\unins000.exe"
======Hosts File======
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
======Security center information======
AV: Sophos Anti-Virus (disabled) (outdated)
AV: Microsoft Security Essentials
======System event log======
Computer Name: MEHQ
Event Code: 5719
Message: Aucun contrôleur de domaine n'est disponible pour le domaine CHU pour la raison suivante :
Aucun serveur d'accès n'est actuellement disponible pour traiter la demande d'ouverture de session.
.
Vérifiez que l'ordinateur est connecté au réseau et tentez
une nouvelle fois. Si le problème persiste, contactez votre administrateur système.
Record Number: 49415
Source Name: NETLOGON
Time Written: 20110820114149.000000+120
Event Type: erreur
User:
Computer Name: MEHQ
Event Code: 6005
Message: Le service d'Enregistrement d'événement a démarré.
Record Number: 49414
Source Name: EventLog
Time Written: 20110820114129.000000+120
Event Type: Informations
User:
Computer Name: MEHQ
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Uniprocessor Free.
Record Number: 49413
Source Name: EventLog
Time Written: 20110820114129.000000+120
Event Type: Informations
User:
Computer Name: MEHQ
Event Code: 6006
Message: Le service d'Enregistrement d'événement a été arrêté.
Record Number: 49412
Source Name: EventLog
Time Written: 20110820112800.000000+120
Event Type: Informations
User:
Computer Name: MEHQ
Event Code: 7036
Message: Le service Tb2 Launch est entré dans l'état : arrêté.
Record Number: 49411
Source Name: Service Control Manager
Time Written: 20110820112756.000000+120
Event Type: Informations
User:
=====Application event log=====
Computer Name: MEHQ
Event Code: 8005
Message: Echec de la consultation des tables DNS lors de la tentative de résolution des adresses suivantes : SRV-SOPHOS,SRV-SOPHOS.chu-toulouse.fr,fe80::3403
91c:fa40:c4a7.%3Record Number: 68030
Source Name: Sophos Message Router
Time Written: 20110108224630.000000+060
Event Type: erreur
User: AUTORITE NT\SYSTEM
Computer Name: MEHQ
Event Code: 8005
Message: Echec de la consultation des tables DNS lors de la tentative de résolution des adresses suivantes : SRV-SOPHOS,SRV-SOPHOS.chu-toulouse.fr,fe80::3403
91c:fa40:c4a7.%3Record Number: 68029
Source Name: Sophos Message Router
Time Written: 20110108224039.000000+060
Event Type: erreur
User: AUTORITE NT\SYSTEM
Computer Name: MEHQ
Event Code: 8005
Message: Echec de la consultation des tables DNS lors de la tentative de résolution des adresses suivantes : SRV-SOPHOS,SRV-SOPHOS.chu-toulouse.fr,fe80::3403
91c:fa40:c4a7.%3Record Number: 68028
Source Name: Sophos Message Router
Time Written: 20110108223448.000000+060
Event Type: erreur
User: AUTORITE NT\SYSTEM
Computer Name: MEHQ
Event Code: 8005
Message: Echec de la consultation des tables DNS lors de la tentative de résolution des adresses suivantes : SRV-SOPHOS,SRV-SOPHOS.chu-toulouse.fr,fe80::3403
91c:fa40:c4a7.%3Record Number: 68027
Source Name: Sophos Message Router
Time Written: 20110108222857.000000+060
Event Type: erreur
User: AUTORITE NT\SYSTEM
Computer Name: MEHQ
Event Code: 8005
Message: Echec de la consultation des tables DNS lors de la tentative de résolution des adresses suivantes : SRV-SOPHOS,SRV-SOPHOS.chu-toulouse.fr,fe80::3403
91c:fa40:c4a7.%3Record Number: 68026
Source Name: Sophos Message Router
Time Written: 20110108222306.000000+060
Event Type: erreur
User: AUTORITE NT\SYSTEM
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 28 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=1c00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
Autres pages sur : resolu sos virus bloquant antivirus
Lassé par la pub ? Créez un compte
Hello,
![]()
Scan ZeroAccess
Télécharge ![]()
ZeroAccessRemover (de Webroot) sur ton bureau.
Lance-le (utilisateurs Vista/7 >> Clic droit dessus --> Exécuter en tant qu'administrateur).
Une fenêtre noire s'affiche et te demande de confirmer le scan. Tape Y et valide.
==> Deux solutions sont possibles :
Le fix t'informe qu’un des fichiers systèmes a été patché et te propose de le nettoyer (des lignes rouges apparaissent à l'écran). Tape alors Y (oui) et Entrée pour lancer le nettoyage.
--> Si l’opération a réussi, tu dois avoir le message Cleaned en vert.
Appuye sur une touche et redémarre l’ordinateur.
Le fix t'informe que le système n'est pas infecté par ZeroAccess (des lignes vertes s'affichent), dans ce cas dis-le moi.
Scan ZeroAccess
ZeroAccessRemover (de Webroot) sur ton bureau.==> Deux solutions sont possibles :
--> Si l’opération a réussi, tu dois avoir le message Cleaned en vert.
Appuye sur une touche et redémarre l’ordinateur.
Alors, pour t'afficher les erreurs, je l'ai relancé, et bizarrement je n'ai pas le même résultat:
ipsec.sys infected
rdvkodmj.sys error
Nettoyage=> "ZeroAccess has been removed from your system"
J'ai redémarré le pc, refais encore une fois: nouveau fichier infecté...
Nettoyage et même résultat!
Redémarrage et relance du logiciel:
Encore un nouveau fichier infecté et toujours la même erreur sur le même fichier...
J'ai l'impression que si je fais ça encore plusieurs fois, j'aurai le même résultat....
ipsec.sys infected
rdvkodmj.sys error
Nettoyage=> "ZeroAccess has been removed from your system"
J'ai redémarré le pc, refais encore une fois: nouveau fichier infecté...
Nettoyage et même résultat!
Redémarrage et relance du logiciel:
Encore un nouveau fichier infecté et toujours la même erreur sur le même fichier...
J'ai l'impression que si je fais ça encore plusieurs fois, j'aurai le même résultat....
Et d'ailleur, je viens de me faire une petite série... et à chaque fois un fichier .sys différent infecté...
Autre précision, si je relance Webroot ZeroAccess Remover sans redémarer:
Warning! Communication to webroot Driver failed! I will not be able to repair damaged files...
=> your system is not infected by ZeroAccess...
+ tard, J'ai réussi à faire un scan ESET, voici le rapport:
C:\Program Files\Citrix\Client ICA\ssonsvr.exe Win32/Patched.HN cheval de troie erreur pendant le nettoyage
C:\Program Files\Google\Update\GoogleUpdate.exe Win32/Patched.HN cheval de troie nettoyé - mis en quarantaine
C:\Program Files\Java\jre6\bin\jqs.exe Win32/Patched.HN cheval de troie erreur pendant le nettoyage
C:\Program Files\NetDrive\wdService.exe Win32/Patched.HN cheval de troie erreur pendant le nettoyage
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe Win32/Patched.HN cheval de troie erreur pendant le nettoyage
C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe Win32/Patched.HN cheval de troie erreur pendant le nettoyage
C:\Program Files\Sophos\Remote Management System\RouterNT.exe Win32/Patched.HN cheval de troie erreur pendant le nettoyage
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe Win32/Patched.HN cheval de troie erreur pendant le nettoyage
C:\Program Files\Timbuktu Pro\tb2launch.exe Win32/Patched.HN cheval de troie erreur pendant le nettoyage
C:\Program Files\Timbuktu Pro\tb2pro.exe Win32/Patched.HN cheval de troie erreur pendant le nettoyage
C:\Program Files\Timbuktu Pro\TNotify.exe Win32/Patched.HN cheval de troie erreur pendant le nettoyage
J'ai également pu faire un scan avec ReImage PC repair online:
2 Malicious files:
1- c:\programfiles\java\jre6\bin\jqs.exe virus![:p]( ":p")
atchload.O aka Trojan.Win32.Ptched.mf aka Trojan.Paccyn!mf
2- c:\windows\sysdriver32.exe Trojan.Katusha.A!inf aka virus![:p]( ":p")
atchload.O aka Trojan.Win32.patched.mf
J'en ai refais un autre du coup, il en trouve +:
les 2 mêmes
3- c:\windows\ufa\ufa.exe SPR/Tool.bitcoinminer.a aka HackerTool/BitCoinMiner aka Riskware.BitCoinMiner
4- c:\windows\temp\9814543.exe a variant of TrojanDownloader.Delf.QRH aka Suspicious.Cloud.5
5- c:\windows\systemup.exe probably unknown NewHeur_PE aka Suspicious.Cloud.5
Voilà, j'attends tes conseils avec impatience!
Autre précision, si je relance Webroot ZeroAccess Remover sans redémarer:
Warning! Communication to webroot Driver failed! I will not be able to repair damaged files...
=> your system is not infected by ZeroAccess...
+ tard, J'ai réussi à faire un scan ESET, voici le rapport:
C:\Program Files\Citrix\Client ICA\ssonsvr.exe Win32/Patched.HN cheval de troie erreur pendant le nettoyage
C:\Program Files\Google\Update\GoogleUpdate.exe Win32/Patched.HN cheval de troie nettoyé - mis en quarantaine
C:\Program Files\Java\jre6\bin\jqs.exe Win32/Patched.HN cheval de troie erreur pendant le nettoyage
C:\Program Files\NetDrive\wdService.exe Win32/Patched.HN cheval de troie erreur pendant le nettoyage
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe Win32/Patched.HN cheval de troie erreur pendant le nettoyage
C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe Win32/Patched.HN cheval de troie erreur pendant le nettoyage
C:\Program Files\Sophos\Remote Management System\RouterNT.exe Win32/Patched.HN cheval de troie erreur pendant le nettoyage
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe Win32/Patched.HN cheval de troie erreur pendant le nettoyage
C:\Program Files\Timbuktu Pro\tb2launch.exe Win32/Patched.HN cheval de troie erreur pendant le nettoyage
C:\Program Files\Timbuktu Pro\tb2pro.exe Win32/Patched.HN cheval de troie erreur pendant le nettoyage
C:\Program Files\Timbuktu Pro\TNotify.exe Win32/Patched.HN cheval de troie erreur pendant le nettoyage
J'ai également pu faire un scan avec ReImage PC repair online:
2 Malicious files:
1- c:\programfiles\java\jre6\bin\jqs.exe virus
atchload.O aka Trojan.Win32.Ptched.mf aka Trojan.Paccyn!mf2- c:\windows\sysdriver32.exe Trojan.Katusha.A!inf aka virus
atchload.O aka Trojan.Win32.patched.mfJ'en ai refais un autre du coup, il en trouve +:
les 2 mêmes
3- c:\windows\ufa\ufa.exe SPR/Tool.bitcoinminer.a aka HackerTool/BitCoinMiner aka Riskware.BitCoinMiner
4- c:\windows\temp\9814543.exe a variant of TrojanDownloader.Delf.QRH aka Suspicious.Cloud.5
5- c:\windows\systemup.exe probably unknown NewHeur_PE aka Suspicious.Cloud.5
Voilà, j'attends tes conseils avec impatience!
On va essayer Combofix, mais là vu la situation je pense qu'on va devoir recourir à un live-CD pour éradiquer l'infection qui semble être particulièrement tenace...
![]()
Pour le bon déroulement de la désinfection :[/#ff] ![]()
Utilise le moins possible ton PC pendant la procédure, afin de faciliter la désinfection.
Suis les procédures données, mais ne tente rien par toi-même : si il y a un souci pendant une procédure, fais-m'en part plutôt que de cliquer au hasard et provoquer une panne sur ton système.
Si tu suis déjà une procédure sur un autre forum, merci de le signaler, il est important de ne suivre qu'une seule désinfection à la fois.
Même si les symptômes de l'infection ont disparu, le PC n'est pas forcément clean : attends bien que l'on t'ait dit que le PC est désinfecté avant de l'utiliser à nouveau.
Même si les désinfections sont faites par des personnes ayant des connaissances approfondies dans la désinfection, il est toujours possible que ton PC plante. Pense à bien sauvegarder tes données ![;)]( ";)")
![]()
[#ff9000]TDSS Killer[/#ff]
![]()
telecharge sur ton bureau http://support.kaspersky.com/downloads/utils/tdsskiller... , dezippe le et execute le , un rapport sera crée ici:
C:\TDSSKillerVersion_Date_Time_log.txt.<< copie_colle son contenu
tu as aussi directement l'executable là : http://support.kaspersky.com/downloads/utils/tdsskiller...
o execute le , La fenêtre suivante va s'ouvrir::
![]()
o Clique sur Start scan et laisse l'outil scanner ton disque dur sans l'interrompre et sans utiliser le PC.
o Si des fichiers infectés sont trouvées, une nouvelle fenêtre va s'ouvrir:
![]()
o Si TDSS.tdl2 est détecté l'option delete sera cochée par défaut.
o Si TDSS.tdl3 est détecté assure toi que Cure est bien cochée.
o Si TDSS.tdl4(\HardDisk0\MBR) est détecté assure toi que Cure est bien cochée.
o Si Rootkit.Win32.ZAccess est détecté assure toi que Cure est bien cochée.
o Si Suspicious file est indiqué, mets l'option delete.
o Clique sur Continue puis sur Reboot now pour redémarrer le PC.
o Copie-colle le rapport généré dans ta prochaine réponse (Il est aussi sauvegardé à la racine de ta partition système sous le nom C:\TDSSKiller_Quarantine\JJ.MM.AA_HH.MM.SS. (JJ.MM.AA date du passage de l'outil, HH.MM.SS heure de passage).
tutoriel--> http://support.kaspersky.com/viruses/solutions?qid=2082...
![]()
[#ff9000]Scan ComboFix
![]()
L'outil qu'on va utiliser est très puissant. Il faut bien faire attention de suivre à la lettre les recommandations. Au moindre problème, n'hésite pas à poster ici.[/#ff] ![]()
Télécharge ![]()
ComboFix (de [#ff0000]sUBs[/#ff]) sur ton bureau.
Lance-le. Une fenêtre s'ouvre, accepte les termes du contrat. Patiente ensuite pendant l'extraction.
Une fenêtre s'ouvre. Le programme va faire un point de restauration, patiente pendant l'opération.
On va te demander d'installer la console de récupération, confirme l'opération.
Le scan commence. Le PC peut redémarrer. A la fin, un rapport apparaît. Poste-le ![;)]( ";)")
[#ffb200]Pour t'aider : ![]()
Tuto sur ComboFix
__________________
Pour le bon déroulement de la désinfection :[/#ff] 
__________________
[#ff9000]TDSS Killer[/#ff] 
telecharge sur ton bureau http://support.kaspersky.com/downloads/utils/tdsskiller... , dezippe le et execute le , un rapport sera crée ici: C:\TDSSKillerVersion_Date_Time_log.txt.<< copie_colle son contenu
tu as aussi directement l'executable là : http://support.kaspersky.com/downloads/utils/tdsskiller...
o execute le , La fenêtre suivante va s'ouvrir::
o Clique sur Start scan et laisse l'outil scanner ton disque dur sans l'interrompre et sans utiliser le PC.
o Si des fichiers infectés sont trouvées, une nouvelle fenêtre va s'ouvrir:
o Si TDSS.tdl2 est détecté l'option delete sera cochée par défaut.
o Si TDSS.tdl3 est détecté assure toi que Cure est bien cochée.
o Si TDSS.tdl4(\HardDisk0\MBR) est détecté assure toi que Cure est bien cochée.
o Si Rootkit.Win32.ZAccess est détecté assure toi que Cure est bien cochée.
o Si Suspicious file est indiqué, mets l'option delete.
o Clique sur Continue puis sur Reboot now pour redémarrer le PC.
o Copie-colle le rapport généré dans ta prochaine réponse (Il est aussi sauvegardé à la racine de ta partition système sous le nom C:\TDSSKiller_Quarantine\JJ.MM.AA_HH.MM.SS. (JJ.MM.AA date du passage de l'outil, HH.MM.SS heure de passage).
tutoriel--> http://support.kaspersky.com/viruses/solutions?qid=2082...
[#ff9000]Scan ComboFix L'outil qu'on va utiliser est très puissant. Il faut bien faire attention de suivre à la lettre les recommandations. Au moindre problème, n'hésite pas à poster ici.[/#ff] 
ComboFix (de [#ff0000]sUBs[/#ff]) sur ton bureau. [#ffb200]Pour t'aider
Tuto sur ComboFix
Alors, rapport TDSSkiller:
2011/08/31 18:57:58.0546 1416 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/31 18:57:58.0703 1416 ================================================================================
2011/08/31 18:57:58.0703 1416 SystemInfo:
2011/08/31 18:57:58.0703 1416
2011/08/31 18:57:58.0703 1416 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/31 18:57:58.0703 1416 Product type: Workstation
2011/08/31 18:57:58.0703 1416 ComputerName: MEHQ
2011/08/31 18:57:58.0703 1416 UserName: LAM
2011/08/31 18:57:58.0703 1416 Windows directory: C:\WINDOWS
2011/08/31 18:57:58.0703 1416 System windows directory: C:\WINDOWS
2011/08/31 18:57:58.0703 1416 Processor architecture: Intel x86
2011/08/31 18:57:58.0703 1416 Number of processors: 1
2011/08/31 18:57:58.0703 1416 Page size: 0x1000
2011/08/31 18:57:58.0703 1416 Boot type: Normal boot
2011/08/31 18:57:58.0703 1416 ================================================================================
2011/08/31 18:57:59.0140 1416 Initialize success
2011/08/31 18:58:27.0406 0328 ================================================================================
2011/08/31 18:58:27.0406 0328 Scan started
2011/08/31 18:58:27.0406 0328 Mode: Manual;
2011/08/31 18:58:27.0406 0328 ================================================================================
2011/08/31 18:58:27.0703 0328 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/31 18:58:27.0859 0328 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/08/31 18:58:28.0062 0328 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/31 18:58:28.0171 0328 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
2011/08/31 18:58:28.0515 0328 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/08/31 18:58:28.0703 0328 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/08/31 18:58:28.0968 0328 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/31 18:58:29.0078 0328 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys
2011/08/31 18:58:29.0234 0328 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/31 18:58:29.0359 0328 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/31 18:58:29.0421 0328 b87fe6ab (8f2bb1827cac01aee6a16e30a1260199) C:\WINDOWS\2884009912:1199577428.exe
2011/08/31 18:58:29.0421 0328 Suspicious file (Hidden): C:\WINDOWS\2884009912:1199577428.exe. md5: 8f2bb1827cac01aee6a16e30a1260199
2011/08/31 18:58:29.0437 0328 b87fe6ab - detected HiddenFile.Multi.Generic (1)
2011/08/31 18:58:29.0562 0328 BCM43XX (c1813dfc127ab556f31b2dfc5517c4c7) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/08/31 18:58:29.0718 0328 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/31 18:58:29.0828 0328 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/31 18:58:29.0968 0328 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/08/31 18:58:30.0125 0328 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/31 18:58:30.0218 0328 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/31 18:58:30.0312 0328 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/31 18:58:30.0468 0328 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/08/31 18:58:30.0593 0328 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/08/31 18:58:31.0093 0328 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/31 18:58:31.0203 0328 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/31 18:58:31.0359 0328 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/31 18:58:31.0421 0328 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/31 18:58:31.0531 0328 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/31 18:58:31.0640 0328 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/31 18:58:31.0796 0328 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/31 18:58:31.0906 0328 fbxusb (504e93682655a7b3af1fb5bff3f44322) C:\WINDOWS\system32\DRIVERS\fbxusb32.sys
2011/08/31 18:58:32.0046 0328 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/31 18:58:32.0187 0328 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/31 18:58:32.0281 0328 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/08/31 18:58:32.0375 0328 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/08/31 18:58:32.0468 0328 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/31 18:58:32.0546 0328 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/31 18:58:32.0625 0328 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/31 18:58:32.0750 0328 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/31 18:58:32.0921 0328 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/31 18:58:33.0156 0328 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/31 18:58:33.0265 0328 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/31 18:58:33.0484 0328 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/08/31 18:58:33.0593 0328 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/31 18:58:33.0687 0328 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/31 18:58:33.0765 0328 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/31 18:58:33.0859 0328 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/31 18:58:33.0937 0328 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/31 18:58:34.0031 0328 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/31 18:58:34.0078 0328 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/31 18:58:34.0187 0328 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/31 18:58:34.0281 0328 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/31 18:58:34.0453 0328 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/31 18:58:34.0578 0328 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/31 18:58:34.0656 0328 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/31 18:58:34.0734 0328 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/31 18:58:34.0859 0328 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/31 18:58:34.0968 0328 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/08/31 18:58:35.0156 0328 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/31 18:58:35.0296 0328 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/31 18:58:35.0375 0328 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/31 18:58:35.0468 0328 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/31 18:58:35.0531 0328 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/31 18:58:35.0593 0328 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/31 18:58:35.0656 0328 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/31 18:58:35.0765 0328 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/08/31 18:58:35.0890 0328 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/31 18:58:35.0984 0328 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/08/31 18:58:36.0156 0328 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/31 18:58:36.0265 0328 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/08/31 18:58:36.0406 0328 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/31 18:58:36.0515 0328 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/31 18:58:36.0625 0328 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/31 18:58:36.0718 0328 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/31 18:58:36.0843 0328 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/31 18:58:36.0968 0328 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/31 18:58:37.0093 0328 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/08/31 18:58:37.0203 0328 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/31 18:58:37.0296 0328 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/31 18:58:37.0468 0328 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/31 18:58:37.0656 0328 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/08/31 18:58:37.0843 0328 nvatabus (83f0275a21d9772b51cef57e35afae61) C:\WINDOWS\system32\DRIVERS\nvatabus.sys
2011/08/31 18:58:37.0937 0328 nvax (fb8595ef3ceb81f0da3f6f211b2df932) C:\WINDOWS\system32\drivers\nvax.sys
2011/08/31 18:58:38.0078 0328 nvcchflt (fb7213bc5279c1af5e4e9ca05d944f2c) C:\WINDOWS\system32\DRIVERS\nvcchflt.sys
2011/08/31 18:58:38.0218 0328 nvnforce (d2315cd3053fc3b4250dc2dbd0ac49e4) C:\WINDOWS\system32\drivers\nvapu.sys
2011/08/31 18:58:38.0312 0328 nv_agp (3194e2f6c9000c39dcf9d0580754f714) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
2011/08/31 18:58:38.0390 0328 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/31 18:58:38.0484 0328 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/31 18:58:38.0546 0328 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/08/31 18:58:38.0656 0328 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/31 18:58:38.0703 0328 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/31 18:58:38.0812 0328 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/31 18:58:38.0890 0328 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/31 18:58:39.0046 0328 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/08/31 18:58:39.0437 0328 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/31 18:58:39.0500 0328 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/31 18:58:39.0546 0328 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/31 18:58:39.0859 0328 QV2KUX (0087f01d35a65b32393cc8bba46ee4a6) C:\WINDOWS\system32\DRIVERS\qv2kux.sys
2011/08/31 18:58:39.0937 0328 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/31 18:58:40.0046 0328 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/31 18:58:40.0109 0328 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/31 18:58:40.0187 0328 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/31 18:58:40.0281 0328 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/31 18:58:40.0375 0328 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/31 18:58:40.0484 0328 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/31 18:58:40.0609 0328 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/31 18:58:40.0781 0328 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/31 18:58:41.0046 0328 RTL8023xp (62287f3ec4b4948e815a74eddd323843) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2011/08/31 18:58:41.0187 0328 SAVOnAccessControl (e8fa00e75ef670122a25ee361b1075e0) C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys
2011/08/31 18:58:41.0296 0328 SAVOnAccessFilter (184d53b4dc51808d7cceda51bf0f5440) C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys
2011/08/31 18:58:41.0437 0328 se59bus (7c38fc284136981ebe002252fa0900d3) C:\WINDOWS\system32\DRIVERS\se59bus.sys
2011/08/31 18:58:41.0562 0328 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/31 18:58:41.0703 0328 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\drivers\Serial.sys
2011/08/31 18:58:41.0781 0328 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/31 18:58:41.0921 0328 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/08/31 18:58:42.0015 0328 SophosBootDriver (3bdf94e0827d13e44249a646f6c0eb7c) C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys
2011/08/31 18:58:42.0156 0328 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/31 18:58:42.0250 0328 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/31 18:58:42.0375 0328 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/31 18:58:42.0500 0328 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/08/31 18:58:42.0609 0328 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/31 18:58:42.0703 0328 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/31 18:58:42.0953 0328 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/31 18:58:43.0125 0328 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/31 18:58:43.0218 0328 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/31 18:58:43.0312 0328 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/31 18:58:43.0406 0328 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/31 18:58:43.0562 0328 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/31 18:58:43.0734 0328 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/31 18:58:43.0828 0328 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/31 18:58:43.0921 0328 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/31 18:58:44.0015 0328 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/31 18:58:44.0078 0328 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/08/31 18:58:44.0156 0328 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/31 18:58:44.0234 0328 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/31 18:58:44.0328 0328 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/08/31 18:58:44.0421 0328 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/31 18:58:44.0546 0328 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/31 18:58:44.0656 0328 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/31 18:58:44.0781 0328 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/31 18:58:44.0890 0328 WebDriveFSD (facf0e05c492c381fc24e2fa7aa80bce) C:\Program Files\NetDrive\rffsd.sys
2011/08/31 18:58:45.0062 0328 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/08/31 18:58:45.0171 0328 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/08/31 18:58:45.0250 0328 MBR (0x1B8) (c99c3199cfaa4cbdcd91493f6d113a50) \Device\Harddisk0\DR0
2011/08/31 18:58:45.0390 0328 Boot (0x1200) (7a8f7e1a76e9c1e72f4574302ab2e503) \Device\Harddisk0\DR0\Partition0
2011/08/31 18:58:45.0406 0328 ================================================================================
2011/08/31 18:58:45.0406 0328 Scan finished
2011/08/31 18:58:45.0406 0328 ================================================================================
2011/08/31 18:58:45.0421 2496 Detected object count: 1
2011/08/31 18:58:45.0421 2496 Actual detected object count: 1
2011/08/31 18:59:12.0859 2496 HKLM\SYSTEM\ControlSet001\services\b87fe6ab - will be deleted after reboot
2011/08/31 18:59:12.0859 2496 HKLM\SYSTEM\ControlSet002\services\b87fe6ab - will be deleted after reboot
2011/08/31 18:59:13.0078 2496 C:\WINDOWS\2884009912:1199577428.exe - will be deleted after reboot
2011/08/31 18:59:13.0078 2496 HiddenFile.Multi.Generic(b87fe6ab) - User select action: Delete
2011/08/31 18:59:26.0296 2668 Deinitialize success
La suite à venir...
2011/08/31 18:57:58.0546 1416 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/31 18:57:58.0703 1416 ================================================================================
2011/08/31 18:57:58.0703 1416 SystemInfo:
2011/08/31 18:57:58.0703 1416
2011/08/31 18:57:58.0703 1416 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/31 18:57:58.0703 1416 Product type: Workstation
2011/08/31 18:57:58.0703 1416 ComputerName: MEHQ
2011/08/31 18:57:58.0703 1416 UserName: LAM
2011/08/31 18:57:58.0703 1416 Windows directory: C:\WINDOWS
2011/08/31 18:57:58.0703 1416 System windows directory: C:\WINDOWS
2011/08/31 18:57:58.0703 1416 Processor architecture: Intel x86
2011/08/31 18:57:58.0703 1416 Number of processors: 1
2011/08/31 18:57:58.0703 1416 Page size: 0x1000
2011/08/31 18:57:58.0703 1416 Boot type: Normal boot
2011/08/31 18:57:58.0703 1416 ================================================================================
2011/08/31 18:57:59.0140 1416 Initialize success
2011/08/31 18:58:27.0406 0328 ================================================================================
2011/08/31 18:58:27.0406 0328 Scan started
2011/08/31 18:58:27.0406 0328 Mode: Manual;
2011/08/31 18:58:27.0406 0328 ================================================================================
2011/08/31 18:58:27.0703 0328 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/31 18:58:27.0859 0328 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/08/31 18:58:28.0062 0328 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/31 18:58:28.0171 0328 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
2011/08/31 18:58:28.0515 0328 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/08/31 18:58:28.0703 0328 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/08/31 18:58:28.0968 0328 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/31 18:58:29.0078 0328 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys
2011/08/31 18:58:29.0234 0328 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/31 18:58:29.0359 0328 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/31 18:58:29.0421 0328 b87fe6ab (8f2bb1827cac01aee6a16e30a1260199) C:\WINDOWS\2884009912:1199577428.exe
2011/08/31 18:58:29.0421 0328 Suspicious file (Hidden): C:\WINDOWS\2884009912:1199577428.exe. md5: 8f2bb1827cac01aee6a16e30a1260199
2011/08/31 18:58:29.0437 0328 b87fe6ab - detected HiddenFile.Multi.Generic (1)
2011/08/31 18:58:29.0562 0328 BCM43XX (c1813dfc127ab556f31b2dfc5517c4c7) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/08/31 18:58:29.0718 0328 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/31 18:58:29.0828 0328 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/31 18:58:29.0968 0328 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/08/31 18:58:30.0125 0328 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/31 18:58:30.0218 0328 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/31 18:58:30.0312 0328 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/31 18:58:30.0468 0328 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/08/31 18:58:30.0593 0328 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/08/31 18:58:31.0093 0328 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/31 18:58:31.0203 0328 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/31 18:58:31.0359 0328 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/31 18:58:31.0421 0328 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/31 18:58:31.0531 0328 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/31 18:58:31.0640 0328 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/31 18:58:31.0796 0328 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/31 18:58:31.0906 0328 fbxusb (504e93682655a7b3af1fb5bff3f44322) C:\WINDOWS\system32\DRIVERS\fbxusb32.sys
2011/08/31 18:58:32.0046 0328 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/31 18:58:32.0187 0328 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/31 18:58:32.0281 0328 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/08/31 18:58:32.0375 0328 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/08/31 18:58:32.0468 0328 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/31 18:58:32.0546 0328 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/31 18:58:32.0625 0328 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/31 18:58:32.0750 0328 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/31 18:58:32.0921 0328 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/31 18:58:33.0156 0328 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/31 18:58:33.0265 0328 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/31 18:58:33.0484 0328 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/08/31 18:58:33.0593 0328 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/31 18:58:33.0687 0328 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/31 18:58:33.0765 0328 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/31 18:58:33.0859 0328 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/31 18:58:33.0937 0328 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/31 18:58:34.0031 0328 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/31 18:58:34.0078 0328 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/31 18:58:34.0187 0328 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/31 18:58:34.0281 0328 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/31 18:58:34.0453 0328 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/31 18:58:34.0578 0328 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/31 18:58:34.0656 0328 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/31 18:58:34.0734 0328 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/31 18:58:34.0859 0328 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/31 18:58:34.0968 0328 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/08/31 18:58:35.0156 0328 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/31 18:58:35.0296 0328 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/31 18:58:35.0375 0328 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/31 18:58:35.0468 0328 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/31 18:58:35.0531 0328 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/31 18:58:35.0593 0328 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/31 18:58:35.0656 0328 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/31 18:58:35.0765 0328 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/08/31 18:58:35.0890 0328 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/31 18:58:35.0984 0328 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/08/31 18:58:36.0156 0328 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/31 18:58:36.0265 0328 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/08/31 18:58:36.0406 0328 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/31 18:58:36.0515 0328 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/31 18:58:36.0625 0328 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/31 18:58:36.0718 0328 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/31 18:58:36.0843 0328 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/31 18:58:36.0968 0328 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/31 18:58:37.0093 0328 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/08/31 18:58:37.0203 0328 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/31 18:58:37.0296 0328 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/31 18:58:37.0468 0328 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/31 18:58:37.0656 0328 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/08/31 18:58:37.0843 0328 nvatabus (83f0275a21d9772b51cef57e35afae61) C:\WINDOWS\system32\DRIVERS\nvatabus.sys
2011/08/31 18:58:37.0937 0328 nvax (fb8595ef3ceb81f0da3f6f211b2df932) C:\WINDOWS\system32\drivers\nvax.sys
2011/08/31 18:58:38.0078 0328 nvcchflt (fb7213bc5279c1af5e4e9ca05d944f2c) C:\WINDOWS\system32\DRIVERS\nvcchflt.sys
2011/08/31 18:58:38.0218 0328 nvnforce (d2315cd3053fc3b4250dc2dbd0ac49e4) C:\WINDOWS\system32\drivers\nvapu.sys
2011/08/31 18:58:38.0312 0328 nv_agp (3194e2f6c9000c39dcf9d0580754f714) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
2011/08/31 18:58:38.0390 0328 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/31 18:58:38.0484 0328 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/31 18:58:38.0546 0328 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/08/31 18:58:38.0656 0328 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/31 18:58:38.0703 0328 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/31 18:58:38.0812 0328 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/31 18:58:38.0890 0328 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/31 18:58:39.0046 0328 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/08/31 18:58:39.0437 0328 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/31 18:58:39.0500 0328 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/31 18:58:39.0546 0328 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/31 18:58:39.0859 0328 QV2KUX (0087f01d35a65b32393cc8bba46ee4a6) C:\WINDOWS\system32\DRIVERS\qv2kux.sys
2011/08/31 18:58:39.0937 0328 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/31 18:58:40.0046 0328 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/31 18:58:40.0109 0328 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/31 18:58:40.0187 0328 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/31 18:58:40.0281 0328 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/31 18:58:40.0375 0328 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/31 18:58:40.0484 0328 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/31 18:58:40.0609 0328 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/31 18:58:40.0781 0328 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/31 18:58:41.0046 0328 RTL8023xp (62287f3ec4b4948e815a74eddd323843) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2011/08/31 18:58:41.0187 0328 SAVOnAccessControl (e8fa00e75ef670122a25ee361b1075e0) C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys
2011/08/31 18:58:41.0296 0328 SAVOnAccessFilter (184d53b4dc51808d7cceda51bf0f5440) C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys
2011/08/31 18:58:41.0437 0328 se59bus (7c38fc284136981ebe002252fa0900d3) C:\WINDOWS\system32\DRIVERS\se59bus.sys
2011/08/31 18:58:41.0562 0328 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/31 18:58:41.0703 0328 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\drivers\Serial.sys
2011/08/31 18:58:41.0781 0328 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/31 18:58:41.0921 0328 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/08/31 18:58:42.0015 0328 SophosBootDriver (3bdf94e0827d13e44249a646f6c0eb7c) C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys
2011/08/31 18:58:42.0156 0328 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/31 18:58:42.0250 0328 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/31 18:58:42.0375 0328 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/31 18:58:42.0500 0328 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/08/31 18:58:42.0609 0328 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/31 18:58:42.0703 0328 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/31 18:58:42.0953 0328 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/31 18:58:43.0125 0328 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/31 18:58:43.0218 0328 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/31 18:58:43.0312 0328 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/31 18:58:43.0406 0328 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/31 18:58:43.0562 0328 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/31 18:58:43.0734 0328 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/31 18:58:43.0828 0328 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/31 18:58:43.0921 0328 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/31 18:58:44.0015 0328 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/31 18:58:44.0078 0328 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/08/31 18:58:44.0156 0328 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/31 18:58:44.0234 0328 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/31 18:58:44.0328 0328 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/08/31 18:58:44.0421 0328 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/31 18:58:44.0546 0328 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/31 18:58:44.0656 0328 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/31 18:58:44.0781 0328 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/31 18:58:44.0890 0328 WebDriveFSD (facf0e05c492c381fc24e2fa7aa80bce) C:\Program Files\NetDrive\rffsd.sys
2011/08/31 18:58:45.0062 0328 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/08/31 18:58:45.0171 0328 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/08/31 18:58:45.0250 0328 MBR (0x1B8) (c99c3199cfaa4cbdcd91493f6d113a50) \Device\Harddisk0\DR0
2011/08/31 18:58:45.0390 0328 Boot (0x1200) (7a8f7e1a76e9c1e72f4574302ab2e503) \Device\Harddisk0\DR0\Partition0
2011/08/31 18:58:45.0406 0328 ================================================================================
2011/08/31 18:58:45.0406 0328 Scan finished
2011/08/31 18:58:45.0406 0328 ================================================================================
2011/08/31 18:58:45.0421 2496 Detected object count: 1
2011/08/31 18:58:45.0421 2496 Actual detected object count: 1
2011/08/31 18:59:12.0859 2496 HKLM\SYSTEM\ControlSet001\services\b87fe6ab - will be deleted after reboot
2011/08/31 18:59:12.0859 2496 HKLM\SYSTEM\ControlSet002\services\b87fe6ab - will be deleted after reboot
2011/08/31 18:59:13.0078 2496 C:\WINDOWS\2884009912:1199577428.exe - will be deleted after reboot
2011/08/31 18:59:13.0078 2496 HiddenFile.Multi.Generic(b87fe6ab) - User select action: Delete
2011/08/31 18:59:26.0296 2668 Deinitialize success
La suite à venir...
Rapport Combofix:
ComboFix 11-08-31.04 - LAM 31/08/2011 20:12:08.1.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1279.961 [GMT 2:00]
Lancé depuis: c:\documents and settings\lam\Mes documents\TÚlÚchargements\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Sophos Anti-Virus *Disabled/Outdated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrateur\WINDOWS
c:\documents and settings\lam\Local Settings\Application Data\syssvc.exe
c:\documents and settings\lam\WINDOWS
c:\windows\$NtUninstallKB41259$
c:\windows\$NtUninstallKB41259$\3095389867\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}
c:\windows\$NtUninstallKB41259$\3095389867\click.tlb
c:\windows\$NtUninstallKB41259$\3095389867\L\yobmiept
c:\windows\$NtUninstallKB41259$\3095389867\loader.tlb
c:\windows\$NtUninstallKB41259$\3095389867\U\@00000001
c:\windows\$NtUninstallKB41259$\3095389867\U\@000000c0
c:\windows\$NtUninstallKB41259$\3095389867\U\@000000cb
c:\windows\$NtUninstallKB41259$\3095389867\U\@000000cf
c:\windows\$NtUninstallKB41259$\3095389867\U\@80000000
c:\windows\$NtUninstallKB41259$\3095389867\U\@800000c0
c:\windows\$NtUninstallKB41259$\3095389867\U\@800000cb
c:\windows\$NtUninstallKB41259$\3095389867\U\@800000cf
c:\windows\$NtUninstallKB41259$\4081605597
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer
c:\windows\rpcminer.rar
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\c_64013.nls
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\system32\driVERs\rdvkodmj.sys
c:\windows\systemup.exe
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\update.7.1
c:\windows\update.7.1\svchostdriver.exe
c:\windows\winsetupapi.log
.
Une copie infectée de c:\windows\system32\drivers\i8042prt.sys a été trouvée et désinfectée
Copie restaurée à partir de - The cat found it![:)]( ":)")
c:\program files\Java\jre6\bin\jqs.exe . . . est infecté!!
.
c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe . . . est infecté!!
.
c:\program files\Sophos\Remote Management System\ManagementAgentNT.exe . . . est infecté!!
.
c:\program files\Sophos\AutoUpdate\ALsvc.exe . . . est infecté!!
.
c:\program files\Sophos\Remote Management System\RouterNT.exe . . . est infecté!!
.
c:\program files\Timbuktu Pro\tb2launch.exe . . . est infecté!!
.
c:\program files\NetDrive\wdService.exe . . . est infecté!!
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DDSERVICE
-------\Legacy_RKHIT
-------\Legacy_SRVBTCCLIENT
-------\Legacy_SRVIECHECK
-------\Legacy_SRVSYSDRIVER32
-------\Legacy_SSHNAS
-------\Service_b87fe6ab
-------\Service_ddservice
-------\Service_RkHit
-------\Service_srvbtcclient
-------\Service_srviecheck
-------\Service_srvsysdriver32
-------\Service_SSHNAS
-------\Legacy_rdvkodmj
-------\Service_rdvkodmj
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-07-28 au 2011-08-31 ))))))))))))))))))))))))))))))))))))
.
.
2011-08-31 17:58 . 2011-08-31 05:46 54144 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
2011-08-31 17:58 . 2011-08-31 05:46 54144 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-08-30 13:51 . 2011-08-30 13:51 -------- d--h--w- c:\windows\PIF
2011-08-30 11:37 . 2011-08-31 17:00 43408 --sha-w- c:\windows\system32\c_64013.nl_
2011-08-29 20:27 . 2011-08-29 20:27 -------- d-----w- c:\program files\trend micro
2011-08-29 20:27 . 2011-08-29 20:30 -------- d-----w- C:\rsit
2011-08-29 20:13 . 2011-08-29 20:13 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess
2011-08-29 20:10 . 2011-08-29 20:10 -------- d-----w- c:\documents and settings\lam\Application Data\f-secure
2011-08-29 20:09 . 2011-08-29 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2011-08-29 19:58 . 2011-08-29 19:58 -------- d-----w- c:\program files\ESET
2011-08-29 19:38 . 2011-08-16 06:48 7152464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{758D41A4-E2C9-4839-A26B-878D551648F9}\mpengine.dll
2011-08-29 19:38 . 2011-05-24 17:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-08-29 19:32 . 2011-08-29 20:10 -------- d-----w- c:\program files\Microsoft Security Client
2011-08-29 18:53 . 2011-08-29 18:53 -------- d--h--w- c:\windows\update.8.1
2011-08-24 16:22 . 2011-08-30 18:30 -------- d-----w- C:\rei
2011-08-24 16:22 . 2011-08-24 16:22 -------- d-----w- c:\program files\Reimage
2011-08-22 06:56 . 2011-08-22 07:14 -------- d-----w- c:\documents and settings\lam\Application Data\Skype
2011-08-21 20:38 . 2005-04-03 21:02 753664 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-08-21 20:38 . 2005-04-03 21:02 69714 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-08-21 20:38 . 2005-04-03 21:01 274432 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-08-21 20:38 . 2005-04-03 21:00 184320 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-08-21 20:38 . 2005-04-03 20:59 5632 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-08-21 20:38 . 2005-04-03 20:57 32768 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\Objectps.dll
2011-08-21 20:37 . 2011-08-21 20:37 200836 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-08-21 20:37 . 2011-08-21 20:37 331908 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-08-21 20:28 . 2011-08-31 18:19 -------- d-----w- c:\program files\NetDrive
2011-08-21 20:28 . 2003-06-04 10:49 503808 ----a-w- c:\windows\system32\RFHelper.dll
2011-08-21 20:28 . 2003-06-04 08:58 126976 ----a-w- c:\windows\system32\rfshext.dll
2011-08-21 20:28 . 2003-03-26 10:52 139264 ----a-w- c:\windows\system32\RFNP32.dll
2011-08-21 20:28 . 2001-10-05 07:48 225280 ----a-w- c:\windows\system32\rfwdres.dll
2011-08-21 20:28 . 2001-10-05 07:48 24576 ----a-w- c:\windows\system32\rfstrres.dll
2011-08-21 20:28 . 2001-10-05 07:48 24576 ----a-w- c:\windows\system32\rfshres.dll
2011-08-21 20:28 . 2001-10-05 07:47 36864 ----a-w- c:\windows\system32\rfhres.dll
2011-08-21 18:59 . 2011-08-22 07:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2011-08-20 12:23 . 2011-08-29 19:23 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-08-20 12:23 . 2011-08-20 12:23 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-08-20 12:23 . 2011-08-20 12:23 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-08-20 12:23 . 2011-08-29 19:23 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-08-20 12:23 . 2011-08-29 19:23 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-08-20 12:23 . 2011-08-29 19:23 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-08-20 12:23 . 2011-08-29 19:23 785368 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-08-20 12:23 . 2011-08-29 19:23 1846232 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-08-19 14:53 . 2011-08-19 14:53 -------- d-----w- c:\windows\ufa
2011-08-19 14:43 . 2011-08-19 14:53 246272 ----a-w- c:\windows\unrar.exe
2011-08-19 14:37 . 2011-08-19 14:37 -------- d-----w- c:\documents and settings\LocalService\Menu Démarrer
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-31 16:36 . 2008-04-13 10:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-08-31 06:14 . 2009-04-30 14:05 110848 ----a-w- c:\windows\system32\drivers\savonaccesscontrol.sys
2011-08-30 13:13 . 2008-04-13 11:21 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-08-30 11:50 . 2008-04-13 11:19 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2011-08-30 11:40 . 2008-04-13 11:19 138112 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-29 19:23 . 2011-08-20 12:23 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{228B2BEC-3E3C-42de-8D00-84C56594DFA2}]
2010-12-14 22:56 129024 ----a-w- c:\documents and settings\lam\Local Settings\Application Data\BestPlay\bestplie.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]
"nwiz"="nwiz.exe" [2008-11-12 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072]
"TLogonPath"="c:\program files\Timbuktu Pro\minitb2.exe" [2003-07-09 65536]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2010-12-15 245760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Timbuktu Pro]
2003-07-09 10:02 81973 ----a-w- c:\program files\Timbuktu Pro\HOOK32.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebDriveTray]
2003-06-04 10:49 294912 ----a-w- c:\program files\NetDrive\NetDrive.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Security Client\\msseces.exe"=
"c:\\Program Files\\Fichiers communs\\Microsoft Shared\\DW\\DW20.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\lam\\Mes documents\\Téléchargements\\esetsmartinstaller_enu.exe"=
"c:\\Program Files\\ESET\\ESET Online Scanner\\OnlineCmdLineScanner.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\lam\\Mes documents\\Téléchargements\\jre-6u27-windows-i586-s.exe"=
"c:\\Documents and Settings\\lam\\Mes documents\\Téléchargements\\RSIT.exe"=
"c:\\Program Files\\Fichiers communs\\Java\\Java Update\\jucheck.exe"=
"c:\\Program Files\\Timbuktu Pro\\minitb2.exe"=
"c:\\Program Files\\Reimage\\Reimage Repair\\ReimageRepair.exe"=
"c:\\Program Files\\Reimage\\Reimage Repair\\Reimage.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Usenet.nl\\Usenet.nl.exe"=
.
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [16/04/2009 15:24 16640]
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [30/04/2009 16:05 110848]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [06/05/2009 11:34 38528]
R1 Tb2Device;TB2 Remote Control Driver;NetopiaRC\Tb2Device.sys --> NetopiaRC\Tb2Device.sys [?]
R1 Tb2MirrorSys;TB2 Remote Control Mirror Driver;NetopiaRC\Tb2MirrorSys.sys --> NetopiaRC\Tb2MirrorSys.sys [?]
R2 WebDriveFSD;WebDrive File System Driver;c:\program files\NetDrive\rffsd.sys [21/08/2011 22:28 67032]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [09/11/2009 16:40 130048]
S2 SAVAdminService;Créateur de rapports d'état Sophos Anti-Virus;"c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe" --> c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [?]
S2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [30/04/2009 16:04 98304]
S3 cpuz134;cpuz134;\??\c:\docume~1\lam\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\lam\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\drivers\fbxusb32.sys [20/10/2004 14:23 21344]
S3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [09/11/2009 16:40 130048]
S4 RFNP32;WebDrive Provider; [x]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [06/05/2009 11:36 14976]
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - SOPHOS_AUTOUPDATE_SERVICE
.
Contenu du dossier 'Tâches planifiées'
.
2011-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc5cf3544e4248.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-09 14:40]
.
2011-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cc5cf3545ef2be.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-09 14:40]
.
2011-08-29 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39]
.
2011-08-31 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39]
.
2011-08-30 c:\windows\Tasks\Reimage Reminder.job
- c:\program files\Reimage\Reimage Repair\ReimageReminder.exe [2011-08-17 10:32]
.
2010-12-22 c:\windows\Tasks\Scan hebdo 12h30.job
- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2009-05-06 09:38]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://fr.yahoo.com/
mStart Page = hxxp://mivolo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:59274
uInternet Settings,ProxyOverride = <local>
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.27.40.240 212.27.40.241
FF - ProfilePath - c:\documents and settings\lam\Application Data\Mozilla\Firefox\Profiles\nuysbbnb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - mivolo.com
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.ftp - CYBERBOX
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - CYBERBOX
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - CYBERBOX
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - CYBERBOX
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - CYBERBOX
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHELINS SUPPRIMES - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-wxpdrv - (no file)
HKLM-Run-systemup - c:\windows\systemup.exe
SafeBoot-29827084.sys
MSConfigStartUp-1183745 - c:\windows\TEMP\1183745.exe
MSConfigStartUp-1516971 - c:\windows\TEMP\1516971.exe
MSConfigStartUp-1968484 - c:\docume~1\lam\LOCALS~1\Temp\1968484.exe
MSConfigStartUp-2392719 - c:\docume~1\lam\LOCALS~1\Temp\2392719.exe
MSConfigStartUp-5481841 - c:\windows\TEMP\5481841.exe
MSConfigStartUp-66385224-loader2 - c:\windows\TEMP\66385224-loader2.exe
MSConfigStartUp-JP595IR86O - c:\docume~1\lam\LOCALS~1\Temp\Mvl.exe
MSConfigStartUp-l1rezerv - c:\windows\l1rezerv.exe
MSConfigStartUp-sysdriver32 - c:\windows\sysdriver32.exe
MSConfigStartUp-sysdriver32_ - c:\windows\sysdriver32_.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-31 20:22
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sophos Message Router]
"ImagePath"="\"c:\program files\Sophos\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'explorer.exe'(3196)
c:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Citrix\Client ICA\ssonsvr.exe
c:\windows\system32\msiexec.exe
c:\program files\Sophos\AutoUpdate\ALsvc.exe
c:\\?\c:\windows\system32\WBEM\WMIADAP.EXE
.
**************************************************************************
.
Heure de fin: 2011-08-31 20:26:17 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-08-31 18:26
.
Avant-CF: 9 603 489 792 octets libres
Après-CF: 9 793 474 560 octets libres
.
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
.
- - End Of File - - F134BA4B94A0F56ABC222EC05CFC9224
Bon, et maintenant?![:)]( ":)")
ComboFix 11-08-31.04 - LAM 31/08/2011 20:12:08.1.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1279.961 [GMT 2:00]
Lancé depuis: c:\documents and settings\lam\Mes documents\TÚlÚchargements\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Sophos Anti-Virus *Disabled/Outdated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrateur\WINDOWS
c:\documents and settings\lam\Local Settings\Application Data\syssvc.exe
c:\documents and settings\lam\WINDOWS
c:\windows\$NtUninstallKB41259$
c:\windows\$NtUninstallKB41259$\3095389867\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}
c:\windows\$NtUninstallKB41259$\3095389867\click.tlb
c:\windows\$NtUninstallKB41259$\3095389867\L\yobmiept
c:\windows\$NtUninstallKB41259$\3095389867\loader.tlb
c:\windows\$NtUninstallKB41259$\3095389867\U\@00000001
c:\windows\$NtUninstallKB41259$\3095389867\U\@000000c0
c:\windows\$NtUninstallKB41259$\3095389867\U\@000000cb
c:\windows\$NtUninstallKB41259$\3095389867\U\@000000cf
c:\windows\$NtUninstallKB41259$\3095389867\U\@80000000
c:\windows\$NtUninstallKB41259$\3095389867\U\@800000c0
c:\windows\$NtUninstallKB41259$\3095389867\U\@800000cb
c:\windows\$NtUninstallKB41259$\3095389867\U\@800000cf
c:\windows\$NtUninstallKB41259$\4081605597
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer
c:\windows\rpcminer.rar
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\c_64013.nls
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\system32\driVERs\rdvkodmj.sys
c:\windows\systemup.exe
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\update.7.1
c:\windows\update.7.1\svchostdriver.exe
c:\windows\winsetupapi.log
.
Une copie infectée de c:\windows\system32\drivers\i8042prt.sys a été trouvée et désinfectée
Copie restaurée à partir de - The cat found it
c:\program files\Java\jre6\bin\jqs.exe . . . est infecté!!
.
c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe . . . est infecté!!
.
c:\program files\Sophos\Remote Management System\ManagementAgentNT.exe . . . est infecté!!
.
c:\program files\Sophos\AutoUpdate\ALsvc.exe . . . est infecté!!
.
c:\program files\Sophos\Remote Management System\RouterNT.exe . . . est infecté!!
.
c:\program files\Timbuktu Pro\tb2launch.exe . . . est infecté!!
.
c:\program files\NetDrive\wdService.exe . . . est infecté!!
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DDSERVICE
-------\Legacy_RKHIT
-------\Legacy_SRVBTCCLIENT
-------\Legacy_SRVIECHECK
-------\Legacy_SRVSYSDRIVER32
-------\Legacy_SSHNAS
-------\Service_b87fe6ab
-------\Service_ddservice
-------\Service_RkHit
-------\Service_srvbtcclient
-------\Service_srviecheck
-------\Service_srvsysdriver32
-------\Service_SSHNAS
-------\Legacy_rdvkodmj
-------\Service_rdvkodmj
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-07-28 au 2011-08-31 ))))))))))))))))))))))))))))))))))))
.
.
2011-08-31 17:58 . 2011-08-31 05:46 54144 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
2011-08-31 17:58 . 2011-08-31 05:46 54144 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-08-30 13:51 . 2011-08-30 13:51 -------- d--h--w- c:\windows\PIF
2011-08-30 11:37 . 2011-08-31 17:00 43408 --sha-w- c:\windows\system32\c_64013.nl_
2011-08-29 20:27 . 2011-08-29 20:27 -------- d-----w- c:\program files\trend micro
2011-08-29 20:27 . 2011-08-29 20:30 -------- d-----w- C:\rsit
2011-08-29 20:13 . 2011-08-29 20:13 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess
2011-08-29 20:10 . 2011-08-29 20:10 -------- d-----w- c:\documents and settings\lam\Application Data\f-secure
2011-08-29 20:09 . 2011-08-29 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2011-08-29 19:58 . 2011-08-29 19:58 -------- d-----w- c:\program files\ESET
2011-08-29 19:38 . 2011-08-16 06:48 7152464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{758D41A4-E2C9-4839-A26B-878D551648F9}\mpengine.dll
2011-08-29 19:38 . 2011-05-24 17:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-08-29 19:32 . 2011-08-29 20:10 -------- d-----w- c:\program files\Microsoft Security Client
2011-08-29 18:53 . 2011-08-29 18:53 -------- d--h--w- c:\windows\update.8.1
2011-08-24 16:22 . 2011-08-30 18:30 -------- d-----w- C:\rei
2011-08-24 16:22 . 2011-08-24 16:22 -------- d-----w- c:\program files\Reimage
2011-08-22 06:56 . 2011-08-22 07:14 -------- d-----w- c:\documents and settings\lam\Application Data\Skype
2011-08-21 20:38 . 2005-04-03 21:02 753664 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-08-21 20:38 . 2005-04-03 21:02 69714 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-08-21 20:38 . 2005-04-03 21:01 274432 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-08-21 20:38 . 2005-04-03 21:00 184320 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-08-21 20:38 . 2005-04-03 20:59 5632 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-08-21 20:38 . 2005-04-03 20:57 32768 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\Objectps.dll
2011-08-21 20:37 . 2011-08-21 20:37 200836 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-08-21 20:37 . 2011-08-21 20:37 331908 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-08-21 20:28 . 2011-08-31 18:19 -------- d-----w- c:\program files\NetDrive
2011-08-21 20:28 . 2003-06-04 10:49 503808 ----a-w- c:\windows\system32\RFHelper.dll
2011-08-21 20:28 . 2003-06-04 08:58 126976 ----a-w- c:\windows\system32\rfshext.dll
2011-08-21 20:28 . 2003-03-26 10:52 139264 ----a-w- c:\windows\system32\RFNP32.dll
2011-08-21 20:28 . 2001-10-05 07:48 225280 ----a-w- c:\windows\system32\rfwdres.dll
2011-08-21 20:28 . 2001-10-05 07:48 24576 ----a-w- c:\windows\system32\rfstrres.dll
2011-08-21 20:28 . 2001-10-05 07:48 24576 ----a-w- c:\windows\system32\rfshres.dll
2011-08-21 20:28 . 2001-10-05 07:47 36864 ----a-w- c:\windows\system32\rfhres.dll
2011-08-21 18:59 . 2011-08-22 07:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2011-08-20 12:23 . 2011-08-29 19:23 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-08-20 12:23 . 2011-08-20 12:23 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-08-20 12:23 . 2011-08-20 12:23 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-08-20 12:23 . 2011-08-29 19:23 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-08-20 12:23 . 2011-08-29 19:23 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-08-20 12:23 . 2011-08-29 19:23 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-08-20 12:23 . 2011-08-29 19:23 785368 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-08-20 12:23 . 2011-08-29 19:23 1846232 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-08-19 14:53 . 2011-08-19 14:53 -------- d-----w- c:\windows\ufa
2011-08-19 14:43 . 2011-08-19 14:53 246272 ----a-w- c:\windows\unrar.exe
2011-08-19 14:37 . 2011-08-19 14:37 -------- d-----w- c:\documents and settings\LocalService\Menu Démarrer
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-31 16:36 . 2008-04-13 10:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-08-31 06:14 . 2009-04-30 14:05 110848 ----a-w- c:\windows\system32\drivers\savonaccesscontrol.sys
2011-08-30 13:13 . 2008-04-13 11:21 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-08-30 11:50 . 2008-04-13 11:19 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2011-08-30 11:40 . 2008-04-13 11:19 138112 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-29 19:23 . 2011-08-20 12:23 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{228B2BEC-3E3C-42de-8D00-84C56594DFA2}]
2010-12-14 22:56 129024 ----a-w- c:\documents and settings\lam\Local Settings\Application Data\BestPlay\bestplie.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]
"nwiz"="nwiz.exe" [2008-11-12 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072]
"TLogonPath"="c:\program files\Timbuktu Pro\minitb2.exe" [2003-07-09 65536]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2010-12-15 245760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Timbuktu Pro]
2003-07-09 10:02 81973 ----a-w- c:\program files\Timbuktu Pro\HOOK32.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebDriveTray]
2003-06-04 10:49 294912 ----a-w- c:\program files\NetDrive\NetDrive.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Security Client\\msseces.exe"=
"c:\\Program Files\\Fichiers communs\\Microsoft Shared\\DW\\DW20.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\lam\\Mes documents\\Téléchargements\\esetsmartinstaller_enu.exe"=
"c:\\Program Files\\ESET\\ESET Online Scanner\\OnlineCmdLineScanner.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\lam\\Mes documents\\Téléchargements\\jre-6u27-windows-i586-s.exe"=
"c:\\Documents and Settings\\lam\\Mes documents\\Téléchargements\\RSIT.exe"=
"c:\\Program Files\\Fichiers communs\\Java\\Java Update\\jucheck.exe"=
"c:\\Program Files\\Timbuktu Pro\\minitb2.exe"=
"c:\\Program Files\\Reimage\\Reimage Repair\\ReimageRepair.exe"=
"c:\\Program Files\\Reimage\\Reimage Repair\\Reimage.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Usenet.nl\\Usenet.nl.exe"=
.
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [16/04/2009 15:24 16640]
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [30/04/2009 16:05 110848]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [06/05/2009 11:34 38528]
R1 Tb2Device;TB2 Remote Control Driver;NetopiaRC\Tb2Device.sys --> NetopiaRC\Tb2Device.sys [?]
R1 Tb2MirrorSys;TB2 Remote Control Mirror Driver;NetopiaRC\Tb2MirrorSys.sys --> NetopiaRC\Tb2MirrorSys.sys [?]
R2 WebDriveFSD;WebDrive File System Driver;c:\program files\NetDrive\rffsd.sys [21/08/2011 22:28 67032]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [09/11/2009 16:40 130048]
S2 SAVAdminService;Créateur de rapports d'état Sophos Anti-Virus;"c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe" --> c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [?]
S2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [30/04/2009 16:04 98304]
S3 cpuz134;cpuz134;\??\c:\docume~1\lam\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\lam\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\drivers\fbxusb32.sys [20/10/2004 14:23 21344]
S3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [09/11/2009 16:40 130048]
S4 RFNP32;WebDrive Provider; [x]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [06/05/2009 11:36 14976]
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - SOPHOS_AUTOUPDATE_SERVICE
.
Contenu du dossier 'Tâches planifiées'
.
2011-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc5cf3544e4248.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-09 14:40]
.
2011-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cc5cf3545ef2be.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-09 14:40]
.
2011-08-29 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39]
.
2011-08-31 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39]
.
2011-08-30 c:\windows\Tasks\Reimage Reminder.job
- c:\program files\Reimage\Reimage Repair\ReimageReminder.exe [2011-08-17 10:32]
.
2010-12-22 c:\windows\Tasks\Scan hebdo 12h30.job
- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2009-05-06 09:38]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://fr.yahoo.com/
mStart Page = hxxp://mivolo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:59274
uInternet Settings,ProxyOverride = <local>
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.27.40.240 212.27.40.241
FF - ProfilePath - c:\documents and settings\lam\Application Data\Mozilla\Firefox\Profiles\nuysbbnb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - mivolo.com
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.ftp - CYBERBOX
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - CYBERBOX
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - CYBERBOX
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - CYBERBOX
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - CYBERBOX
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHELINS SUPPRIMES - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-wxpdrv - (no file)
HKLM-Run-systemup - c:\windows\systemup.exe
SafeBoot-29827084.sys
MSConfigStartUp-1183745 - c:\windows\TEMP\1183745.exe
MSConfigStartUp-1516971 - c:\windows\TEMP\1516971.exe
MSConfigStartUp-1968484 - c:\docume~1\lam\LOCALS~1\Temp\1968484.exe
MSConfigStartUp-2392719 - c:\docume~1\lam\LOCALS~1\Temp\2392719.exe
MSConfigStartUp-5481841 - c:\windows\TEMP\5481841.exe
MSConfigStartUp-66385224-loader2 - c:\windows\TEMP\66385224-loader2.exe
MSConfigStartUp-JP595IR86O - c:\docume~1\lam\LOCALS~1\Temp\Mvl.exe
MSConfigStartUp-l1rezerv - c:\windows\l1rezerv.exe
MSConfigStartUp-sysdriver32 - c:\windows\sysdriver32.exe
MSConfigStartUp-sysdriver32_ - c:\windows\sysdriver32_.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-31 20:22
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sophos Message Router]
"ImagePath"="\"c:\program files\Sophos\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'explorer.exe'(3196)
c:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Citrix\Client ICA\ssonsvr.exe
c:\windows\system32\msiexec.exe
c:\program files\Sophos\AutoUpdate\ALsvc.exe
c:\\?\c:\windows\system32\WBEM\WMIADAP.EXE
.
**************************************************************************
.
Heure de fin: 2011-08-31 20:26:17 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-08-31 18:26
.
Avant-CF: 9 603 489 792 octets libres
Après-CF: 9 793 474 560 octets libres
.
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
.
- - End Of File - - F134BA4B94A0F56ABC222EC05CFC9224
Bon, et maintenant?
Hello,
Désinstalle Sophos Antivirus, Microsoft Security Essentials et F-Secure pour ne garder qu'ESET.
Désinstalle Java
![]()
Fix ComboFix
![]()
[#ff0000]Seul Marino 0112 peut suivre cette procédure[/#ff] ![]()
Crée un fichier txt sur ton bureau : pour cela fais un clic droit sur ton bureau, clique sur Nouveau, puis sur Document texte. Ouvre le document que tu viens de créer.
Copie exactement le texte dans le cadre ci-dessous (et rien d'autre, et rien de moins !!) et colle-le dans ton document.
Va dans Fichier > Enregistrer sous... et choisis comme nom de fichier CFScript et valide.
![]()
[#ff0000]Déconnecte-toi, ferme toutes les applications en cours et désactive ton antivirus[/#ff] ![]()
Glisse le document que tu viens de créer sur ComboFix, comme dans l'animation ci-dessous :
![]()
Patiente pendant l'opération. Le bureau peut disparaître et réapparaître plusieurs fois, c'est normal. Ne touche à rien tant que le scan n'est pas fini.
Ton PC va peut-être redémarrer, il se peut qu'après redémarrage ton antivirus émette des alertes, ignore-les en refusant de supprimer les éventuels fichiers infectés.
Un rapport apparaît, copie/colle-le ici (il se trouve dans C:\Combofix.txt)
![]()
[#ff0000]Cette procédure a été faite spécialement pour ce PC. Toute utilisation tierce peut endommager le système.[/#ff] ![]()
--> Comment se comporte le PC ?
Fix ComboFix [#ff0000]Seul Marino 0112 peut suivre cette procédure[/#ff] KillAll::
File::
C:\program files\Timbuktu Pro\tb2launch.exe
C:\program files\NetDrive\wdService.exe
C:\Program Files\Citrix\Client ICA\ssonsvr.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Timbuktu Pro\tb2pro.exe
C:\Program Files\Timbuktu Pro\TNotify.exe
File::
C:\program files\Timbuktu Pro\tb2launch.exe
C:\program files\NetDrive\wdService.exe
C:\Program Files\Citrix\Client ICA\ssonsvr.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Timbuktu Pro\tb2pro.exe
C:\Program Files\Timbuktu Pro\TNotify.exe
[#ff0000]Déconnecte-toi, ferme toutes les applications en cours et désactive ton antivirus[/#ff] 
[#ff0000]Cette procédure a été faite spécialement pour ce PC. Toute utilisation tierce peut endommager le système.[/#ff] --> Comment se comporte le PC ?
Dis moi, j'ai désinstallé Java, Sophos antivirus, Microsoft Security Essentials, mais F-Secure n'est pas présent dans les progs à supprimer. ESET est l'application scan on line, c'est pas l'antivirus. En théorie, je n'ai plus d'antivirus!
Faut il que je désinstalle tout Sophos? (AutoUpdate et Remote Managment System)
Je viens de mettre Combofix sur le bureau (firefox me l'avait mis directement dans le dossier téléchargement).
J'attends ta réponse avant de continuer!
Faut il que je désinstalle tout Sophos? (AutoUpdate et Remote Managment System)
Je viens de mettre Combofix sur le bureau (firefox me l'avait mis directement dans le dossier téléchargement).
J'attends ta réponse avant de continuer!
Salut Maestro,
Je n'ai pas pu désinstaller Sophos Remote Management system (il m'affiche "erreur irrécupérable lors de l'installation").
J'ai donc passé outre!
Rapport de Combofix:
ComboFix 11-08-31.04 - LAM 01/09/2011 11:52:14.2.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1279.970 [GMT 2:00]
Lancé depuis: c:\documents and settings\lam\Mes documents\Téléchargements\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\lam\Bureau\CFScript.txt
.
FILE ::
"c:\program files\Citrix\Client ICA\ssonsvr.exe"
"c:\program files\Google\Update\GoogleUpdate.exe"
"c:\program files\NetDrive\wdService.exe"
"c:\program files\Timbuktu Pro\tb2launch.exe"
"c:\program files\Timbuktu Pro\tb2pro.exe"
"c:\program files\Timbuktu Pro\TNotify.exe"
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Citrix\Client ICA\ssonsvr.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Timbuktu Pro\tb2pro.exe
c:\program files\Timbuktu Pro\TNotify.exe
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_gupdate
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-08-01 au 2011-09-01 ))))))))))))))))))))))))))))))))))))
.
.
2011-08-31 20:05 . 2011-08-31 20:05 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-08-31 17:58 . 2011-08-31 05:46 54144 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
2011-08-31 17:58 . 2011-08-31 05:46 54144 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-08-30 13:51 . 2011-08-30 13:51 -------- d--h--w- c:\windows\PIF
2011-08-30 11:37 . 2011-08-31 17:00 43408 --sha-w- c:\windows\system32\c_64013.nl_
2011-08-29 20:27 . 2011-08-29 20:27 -------- d-----w- c:\program files\trend micro
2011-08-29 20:27 . 2011-08-29 20:30 -------- d-----w- C:\rsit
2011-08-29 20:13 . 2011-08-29 20:13 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess
2011-08-29 20:10 . 2011-08-29 20:10 -------- d-----w- c:\documents and settings\lam\Application Data\f-secure
2011-08-29 20:09 . 2011-08-29 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2011-08-29 19:58 . 2011-08-29 19:58 -------- d-----w- c:\program files\ESET
2011-08-29 19:38 . 2011-05-24 17:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-08-29 18:53 . 2011-08-29 18:53 -------- d--h--w- c:\windows\update.8.1
2011-08-24 16:22 . 2011-08-30 18:30 -------- d-----w- C:\rei
2011-08-24 16:22 . 2011-08-24 16:22 -------- d-----w- c:\program files\Reimage
2011-08-22 06:56 . 2011-08-22 07:14 -------- d-----w- c:\documents and settings\lam\Application Data\Skype
2011-08-21 20:38 . 2005-04-03 21:02 753664 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-08-21 20:38 . 2005-04-03 21:02 69714 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-08-21 20:38 . 2005-04-03 21:01 274432 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-08-21 20:38 . 2005-04-03 21:00 184320 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-08-21 20:38 . 2005-04-03 20:59 5632 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-08-21 20:38 . 2005-04-03 20:57 32768 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\Objectps.dll
2011-08-21 20:37 . 2011-08-21 20:37 200836 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-08-21 20:37 . 2011-08-21 20:37 331908 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-08-21 20:28 . 2011-08-31 18:19 -------- d-----w- c:\program files\NetDrive
2011-08-21 20:28 . 2003-06-04 10:49 503808 ----a-w- c:\windows\system32\RFHelper.dll
2011-08-21 20:28 . 2003-06-04 08:58 126976 ----a-w- c:\windows\system32\rfshext.dll
2011-08-21 20:28 . 2003-03-26 10:52 139264 ----a-w- c:\windows\system32\RFNP32.dll
2011-08-21 20:28 . 2001-10-05 07:48 225280 ----a-w- c:\windows\system32\rfwdres.dll
2011-08-21 20:28 . 2001-10-05 07:48 24576 ----a-w- c:\windows\system32\rfstrres.dll
2011-08-21 20:28 . 2001-10-05 07:48 24576 ----a-w- c:\windows\system32\rfshres.dll
2011-08-21 20:28 . 2001-10-05 07:47 36864 ----a-w- c:\windows\system32\rfhres.dll
2011-08-21 18:59 . 2011-08-22 07:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2011-08-20 12:23 . 2011-08-31 20:06 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-08-20 12:23 . 2011-08-20 12:23 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-08-20 12:23 . 2011-08-20 12:23 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-08-20 12:23 . 2011-08-31 20:06 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-08-20 12:23 . 2011-08-31 20:06 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-08-20 12:23 . 2011-08-31 20:06 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-08-20 12:23 . 2011-08-31 20:06 1846232 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-08-20 12:23 . 2011-08-31 20:06 785368 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-08-19 14:53 . 2011-08-19 14:53 -------- d-----w- c:\windows\ufa
2011-08-19 14:43 . 2011-08-19 14:53 246272 ----a-w- c:\windows\unrar.exe
2011-08-19 14:37 . 2011-08-19 14:37 -------- d-----w- c:\documents and settings\LocalService\Menu Démarrer
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-31 16:36 . 2008-04-13 10:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-08-30 13:13 . 2008-04-13 11:21 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-08-30 11:50 . 2008-04-13 11:19 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2011-08-30 11:40 . 2008-04-13 11:19 138112 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-31 20:06 . 2011-08-20 12:23 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-31_18.22.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-05 11:00 . 2011-08-30 13:06 72528 c:\windows\system32\perfc00C.dat
+ 2004-08-05 11:00 . 2011-09-01 09:49 72528 c:\windows\system32\perfc00C.dat
- 2004-08-05 11:00 . 2011-08-30 13:06 59774 c:\windows\system32\perfc009.dat
+ 2004-08-05 11:00 . 2011-09-01 09:49 59774 c:\windows\system32\perfc009.dat
+ 2004-08-05 11:00 . 2011-09-01 09:49 461554 c:\windows\system32\perfh00C.dat
- 2004-08-05 11:00 . 2011-08-30 13:06 461554 c:\windows\system32\perfh00C.dat
+ 2004-08-05 11:00 . 2011-09-01 09:49 395534 c:\windows\system32\perfh009.dat
- 2004-08-05 11:00 . 2011-08-30 13:06 395534 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{228B2BEC-3E3C-42de-8D00-84C56594DFA2}]
2010-12-14 22:56 129024 ----a-w- c:\documents and settings\lam\Local Settings\Application Data\BestPlay\bestplie.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]
"nwiz"="nwiz.exe" [2008-11-12 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072]
"TLogonPath"="c:\program files\Timbuktu Pro\minitb2.exe" [2003-07-09 65536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Timbuktu Pro]
2003-07-09 10:02 81973 ----a-w- c:\program files\Timbuktu Pro\HOOK32.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebDriveTray]
2003-06-04 10:49 294912 ----a-w- c:\program files\NetDrive\NetDrive.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Fichiers communs\\Microsoft Shared\\DW\\DW20.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\lam\\Mes documents\\Téléchargements\\esetsmartinstaller_enu.exe"=
"c:\\Program Files\\ESET\\ESET Online Scanner\\OnlineCmdLineScanner.exe"=
"c:\\Documents and Settings\\lam\\Mes documents\\Téléchargements\\jre-6u27-windows-i586-s.exe"=
"c:\\Documents and Settings\\lam\\Mes documents\\Téléchargements\\RSIT.exe"=
"c:\\Program Files\\Timbuktu Pro\\minitb2.exe"=
"c:\\Program Files\\Reimage\\Reimage Repair\\ReimageRepair.exe"=
"c:\\Program Files\\Reimage\\Reimage Repair\\Reimage.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Usenet.nl\\Usenet.nl.exe"=
.
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [16/04/2009 15:24 16640]
R1 Tb2Device;TB2 Remote Control Driver;NetopiaRC\Tb2Device.sys --> NetopiaRC\Tb2Device.sys [?]
R1 Tb2MirrorSys;TB2 Remote Control Mirror Driver;NetopiaRC\Tb2MirrorSys.sys --> NetopiaRC\Tb2MirrorSys.sys [?]
R2 WebDriveFSD;WebDrive File System Driver;c:\program files\NetDrive\rffsd.sys [21/08/2011 22:28 67032]
S3 cpuz134;cpuz134;\??\c:\docume~1\lam\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\lam\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\drivers\fbxusb32.sys [20/10/2004 14:23 21344]
S4 RFNP32;WebDrive Provider; [x]
.
Contenu du dossier 'Tâches planifiées'
.
2011-08-30 c:\windows\Tasks\Reimage Reminder.job
- c:\program files\Reimage\Reimage Repair\ReimageReminder.exe [2011-08-17 10:32]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://fr.yahoo.com/
mStart Page = hxxp://mivolo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:59274
uInternet Settings,ProxyOverride = <local>
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.27.40.240 212.27.40.241
FF - ProfilePath - c:\documents and settings\lam\Application Data\Mozilla\Firefox\Profiles\nuysbbnb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - mivolo.com
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.ftp - CYBERBOX
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - CYBERBOX
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - CYBERBOX
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - CYBERBOX
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - CYBERBOX
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-01 11:58
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sophos Message Router]
"ImagePath"="\"c:\program files\Sophos\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'explorer.exe'(1456)
c:\windows\system32\eappprxy.dll
.
Heure de fin: 2011-09-01 12:01:10 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-09-01 10:01
ComboFix2.txt 2011-08-31 18:26
.
Avant-CF: 9 973 325 824 octets libres
Après-CF: 9 960 816 640 octets libres
.
- - End Of File - - 8A3410B8A03F8CA4F621858EE75AA979
Je n'ai pas pu désinstaller Sophos Remote Management system (il m'affiche "erreur irrécupérable lors de l'installation").
J'ai donc passé outre!
Rapport de Combofix:
ComboFix 11-08-31.04 - LAM 01/09/2011 11:52:14.2.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1279.970 [GMT 2:00]
Lancé depuis: c:\documents and settings\lam\Mes documents\Téléchargements\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\lam\Bureau\CFScript.txt
.
FILE ::
"c:\program files\Citrix\Client ICA\ssonsvr.exe"
"c:\program files\Google\Update\GoogleUpdate.exe"
"c:\program files\NetDrive\wdService.exe"
"c:\program files\Timbuktu Pro\tb2launch.exe"
"c:\program files\Timbuktu Pro\tb2pro.exe"
"c:\program files\Timbuktu Pro\TNotify.exe"
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Citrix\Client ICA\ssonsvr.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Timbuktu Pro\tb2pro.exe
c:\program files\Timbuktu Pro\TNotify.exe
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_gupdate
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-08-01 au 2011-09-01 ))))))))))))))))))))))))))))))))))))
.
.
2011-08-31 20:05 . 2011-08-31 20:05 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-08-31 17:58 . 2011-08-31 05:46 54144 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
2011-08-31 17:58 . 2011-08-31 05:46 54144 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-08-30 13:51 . 2011-08-30 13:51 -------- d--h--w- c:\windows\PIF
2011-08-30 11:37 . 2011-08-31 17:00 43408 --sha-w- c:\windows\system32\c_64013.nl_
2011-08-29 20:27 . 2011-08-29 20:27 -------- d-----w- c:\program files\trend micro
2011-08-29 20:27 . 2011-08-29 20:30 -------- d-----w- C:\rsit
2011-08-29 20:13 . 2011-08-29 20:13 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess
2011-08-29 20:10 . 2011-08-29 20:10 -------- d-----w- c:\documents and settings\lam\Application Data\f-secure
2011-08-29 20:09 . 2011-08-29 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2011-08-29 19:58 . 2011-08-29 19:58 -------- d-----w- c:\program files\ESET
2011-08-29 19:38 . 2011-05-24 17:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-08-29 18:53 . 2011-08-29 18:53 -------- d--h--w- c:\windows\update.8.1
2011-08-24 16:22 . 2011-08-30 18:30 -------- d-----w- C:\rei
2011-08-24 16:22 . 2011-08-24 16:22 -------- d-----w- c:\program files\Reimage
2011-08-22 06:56 . 2011-08-22 07:14 -------- d-----w- c:\documents and settings\lam\Application Data\Skype
2011-08-21 20:38 . 2005-04-03 21:02 753664 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-08-21 20:38 . 2005-04-03 21:02 69714 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-08-21 20:38 . 2005-04-03 21:01 274432 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-08-21 20:38 . 2005-04-03 21:00 184320 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-08-21 20:38 . 2005-04-03 20:59 5632 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-08-21 20:38 . 2005-04-03 20:57 32768 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\Objectps.dll
2011-08-21 20:37 . 2011-08-21 20:37 200836 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-08-21 20:37 . 2011-08-21 20:37 331908 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-08-21 20:28 . 2011-08-31 18:19 -------- d-----w- c:\program files\NetDrive
2011-08-21 20:28 . 2003-06-04 10:49 503808 ----a-w- c:\windows\system32\RFHelper.dll
2011-08-21 20:28 . 2003-06-04 08:58 126976 ----a-w- c:\windows\system32\rfshext.dll
2011-08-21 20:28 . 2003-03-26 10:52 139264 ----a-w- c:\windows\system32\RFNP32.dll
2011-08-21 20:28 . 2001-10-05 07:48 225280 ----a-w- c:\windows\system32\rfwdres.dll
2011-08-21 20:28 . 2001-10-05 07:48 24576 ----a-w- c:\windows\system32\rfstrres.dll
2011-08-21 20:28 . 2001-10-05 07:48 24576 ----a-w- c:\windows\system32\rfshres.dll
2011-08-21 20:28 . 2001-10-05 07:47 36864 ----a-w- c:\windows\system32\rfhres.dll
2011-08-21 18:59 . 2011-08-22 07:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2011-08-20 12:23 . 2011-08-31 20:06 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-08-20 12:23 . 2011-08-20 12:23 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-08-20 12:23 . 2011-08-20 12:23 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-08-20 12:23 . 2011-08-31 20:06 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-08-20 12:23 . 2011-08-31 20:06 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-08-20 12:23 . 2011-08-31 20:06 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-08-20 12:23 . 2011-08-31 20:06 1846232 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-08-20 12:23 . 2011-08-31 20:06 785368 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-08-19 14:53 . 2011-08-19 14:53 -------- d-----w- c:\windows\ufa
2011-08-19 14:43 . 2011-08-19 14:53 246272 ----a-w- c:\windows\unrar.exe
2011-08-19 14:37 . 2011-08-19 14:37 -------- d-----w- c:\documents and settings\LocalService\Menu Démarrer
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-31 16:36 . 2008-04-13 10:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-08-30 13:13 . 2008-04-13 11:21 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-08-30 11:50 . 2008-04-13 11:19 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2011-08-30 11:40 . 2008-04-13 11:19 138112 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-31 20:06 . 2011-08-20 12:23 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-31_18.22.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-05 11:00 . 2011-08-30 13:06 72528 c:\windows\system32\perfc00C.dat
+ 2004-08-05 11:00 . 2011-09-01 09:49 72528 c:\windows\system32\perfc00C.dat
- 2004-08-05 11:00 . 2011-08-30 13:06 59774 c:\windows\system32\perfc009.dat
+ 2004-08-05 11:00 . 2011-09-01 09:49 59774 c:\windows\system32\perfc009.dat
+ 2004-08-05 11:00 . 2011-09-01 09:49 461554 c:\windows\system32\perfh00C.dat
- 2004-08-05 11:00 . 2011-08-30 13:06 461554 c:\windows\system32\perfh00C.dat
+ 2004-08-05 11:00 . 2011-09-01 09:49 395534 c:\windows\system32\perfh009.dat
- 2004-08-05 11:00 . 2011-08-30 13:06 395534 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{228B2BEC-3E3C-42de-8D00-84C56594DFA2}]
2010-12-14 22:56 129024 ----a-w- c:\documents and settings\lam\Local Settings\Application Data\BestPlay\bestplie.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]
"nwiz"="nwiz.exe" [2008-11-12 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072]
"TLogonPath"="c:\program files\Timbuktu Pro\minitb2.exe" [2003-07-09 65536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Timbuktu Pro]
2003-07-09 10:02 81973 ----a-w- c:\program files\Timbuktu Pro\HOOK32.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebDriveTray]
2003-06-04 10:49 294912 ----a-w- c:\program files\NetDrive\NetDrive.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Fichiers communs\\Microsoft Shared\\DW\\DW20.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\lam\\Mes documents\\Téléchargements\\esetsmartinstaller_enu.exe"=
"c:\\Program Files\\ESET\\ESET Online Scanner\\OnlineCmdLineScanner.exe"=
"c:\\Documents and Settings\\lam\\Mes documents\\Téléchargements\\jre-6u27-windows-i586-s.exe"=
"c:\\Documents and Settings\\lam\\Mes documents\\Téléchargements\\RSIT.exe"=
"c:\\Program Files\\Timbuktu Pro\\minitb2.exe"=
"c:\\Program Files\\Reimage\\Reimage Repair\\ReimageRepair.exe"=
"c:\\Program Files\\Reimage\\Reimage Repair\\Reimage.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Usenet.nl\\Usenet.nl.exe"=
.
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [16/04/2009 15:24 16640]
R1 Tb2Device;TB2 Remote Control Driver;NetopiaRC\Tb2Device.sys --> NetopiaRC\Tb2Device.sys [?]
R1 Tb2MirrorSys;TB2 Remote Control Mirror Driver;NetopiaRC\Tb2MirrorSys.sys --> NetopiaRC\Tb2MirrorSys.sys [?]
R2 WebDriveFSD;WebDrive File System Driver;c:\program files\NetDrive\rffsd.sys [21/08/2011 22:28 67032]
S3 cpuz134;cpuz134;\??\c:\docume~1\lam\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\lam\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\drivers\fbxusb32.sys [20/10/2004 14:23 21344]
S4 RFNP32;WebDrive Provider; [x]
.
Contenu du dossier 'Tâches planifiées'
.
2011-08-30 c:\windows\Tasks\Reimage Reminder.job
- c:\program files\Reimage\Reimage Repair\ReimageReminder.exe [2011-08-17 10:32]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://fr.yahoo.com/
mStart Page = hxxp://mivolo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:59274
uInternet Settings,ProxyOverride = <local>
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.27.40.240 212.27.40.241
FF - ProfilePath - c:\documents and settings\lam\Application Data\Mozilla\Firefox\Profiles\nuysbbnb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - mivolo.com
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.ftp - CYBERBOX
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - CYBERBOX
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - CYBERBOX
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - CYBERBOX
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - CYBERBOX
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-01 11:58
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sophos Message Router]
"ImagePath"="\"c:\program files\Sophos\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'explorer.exe'(1456)
c:\windows\system32\eappprxy.dll
.
Heure de fin: 2011-09-01 12:01:10 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-09-01 10:01
ComboFix2.txt 2011-08-31 18:26
.
Avant-CF: 9 973 325 824 octets libres
Après-CF: 9 960 816 640 octets libres
.
- - End Of File - - 8A3410B8A03F8CA4F621858EE75AA979
Re,
Bon on va virer les restes de Sophos à la bourrin, parce que les fichiers patchés sont encore là :
![]()
Fix ComboFix
![]()
[#ff0000]Seul Marino 0112 peut suivre cette procédure[/#ff] ![]()
Crée un fichier txt sur ton bureau : pour cela fais un clic droit sur ton bureau, clique sur Nouveau, puis sur Document texte. Ouvre le document que tu viens de créer.
Copie exactement le texte dans le cadre ci-dessous (et rien d'autre, et rien de moins !!) et colle-le dans ton document.
Va dans Fichier > Enregistrer sous... et choisis comme nom de fichier CFScript et valide.
![]()
[#ff0000]Déconnecte-toi, ferme toutes les applications en cours et désactive ton antivirus[/#ff] ![]()
Glisse le document que tu viens de créer sur ComboFix, comme dans l'animation ci-dessous :
![]()
Patiente pendant l'opération. Le bureau peut disparaître et réapparaître plusieurs fois, c'est normal. Ne touche à rien tant que le scan n'est pas fini.
Ton PC va peut-être redémarrer, il se peut qu'après redémarrage ton antivirus émette des alertes, ignore-les en refusant de supprimer les éventuels fichiers infectés.
Un rapport apparaît, copie/colle-le ici (il se trouve dans C:\Combofix.txt)
![]()
[#ff0000]Cette procédure a été faite spécialement pour ce PC. Toute utilisation tierce peut endommager le système.[/#ff] ![]()
A l'issue de cette manipulation, pourras-tu me dire comment se comporte le PC s'il te plaît ?
Bon on va virer les restes de Sophos à la bourrin, parce que les fichiers patchés sont encore là :
Fix ComboFix [#ff0000]Seul Marino 0112 peut suivre cette procédure[/#ff] KillAll::
Folder::
C:\program files\Sophos
Folder::
C:\program files\Sophos
[#ff0000]Déconnecte-toi, ferme toutes les applications en cours et désactive ton antivirus[/#ff] [#ff0000]Cette procédure a été faite spécialement pour ce PC. Toute utilisation tierce peut endommager le système.[/#ff] A l'issue de cette manipulation, pourras-tu me dire comment se comporte le PC s'il te plaît ?
Alors, rapport Combofix:
ComboFix 11-08-31.04 - LAM 01/09/2011 14:35:56.3.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1279.981 [GMT 2:00]
Lancé depuis: c:\documents and settings\lam\Mes documents\TÚlÚchargements\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\lam\Bureau\CFScript.txt
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Sophos
c:\program files\Sophos\Remote Management System\ace.dll
c:\program files\Sophos\Remote Management System\ACE_SSL.dll
c:\program files\Sophos\Remote Management System\acetao-license.txt
c:\program files\Sophos\Remote Management System\AutoUpdateAgentNT.exe
c:\program files\Sophos\Remote Management System\cac.pem
c:\program files\Sophos\Remote Management System\CertificationClientLibrary.dll
c:\program files\Sophos\Remote Management System\CertificationLib.dll
c:\program files\Sophos\Remote Management System\ClientMRInit.exe
c:\program files\Sophos\Remote Management System\EmErr.dll
c:\program files\Sophos\Remote Management System\EMLibUpdateAgentNT.exe
c:\program files\Sophos\Remote Management System\EMTrace.dll
c:\program files\Sophos\Remote Management System\libeay32.dll
c:\program files\Sophos\Remote Management System\mrinit.conf
c:\program files\Sophos\Remote Management System\MSClientLib.dll
c:\program files\Sophos\Remote Management System\msvcp71.dll
c:\program files\Sophos\Remote Management System\msvcr71.dll
c:\program files\Sophos\Remote Management System\openssl-license.txt
c:\program files\Sophos\Remote Management System\RtrEvent.dll
c:\program files\Sophos\Remote Management System\scf.dat
c:\program files\Sophos\Remote Management System\ssleay32.dll
c:\program files\Sophos\Remote Management System\svc.conf
c:\program files\Sophos\Remote Management System\TAO.dll
c:\program files\Sophos\Remote Management System\TAO_DynamicAny.dll
c:\program files\Sophos\Remote Management System\TAO_IORInterceptor.dll
c:\program files\Sophos\Remote Management System\TAO_ObjRefTemplate.dll
c:\program files\Sophos\Remote Management System\TAO_PortableServer.dll
c:\program files\Sophos\Remote Management System\TAO_Security.dll
c:\program files\Sophos\Remote Management System\TAO_SSLIOP.dll
c:\program files\Sophos\Remote Management System\TAO_Valuetype.dll
c:\program files\Sophos\Sophos Anti-Virus\SavService.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-08-01 au 2011-09-01 ))))))))))))))))))))))))))))))))))))
.
.
2011-08-31 20:05 . 2011-08-31 20:05 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-08-31 17:58 . 2011-08-31 05:46 54144 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
2011-08-31 17:58 . 2011-08-31 05:46 54144 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-08-30 13:51 . 2011-08-30 13:51 -------- d--h--w- c:\windows\PIF
2011-08-30 11:37 . 2011-08-31 17:00 43408 --sha-w- c:\windows\system32\c_64013.nl_
2011-08-29 20:27 . 2011-08-29 20:27 -------- d-----w- c:\program files\trend micro
2011-08-29 20:27 . 2011-08-29 20:30 -------- d-----w- C:\rsit
2011-08-29 20:13 . 2011-08-29 20:13 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess
2011-08-29 20:10 . 2011-08-29 20:10 -------- d-----w- c:\documents and settings\lam\Application Data\f-secure
2011-08-29 20:09 . 2011-08-29 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2011-08-29 19:58 . 2011-08-29 19:58 -------- d-----w- c:\program files\ESET
2011-08-29 19:38 . 2011-05-24 17:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-08-29 18:53 . 2011-08-29 18:53 -------- d--h--w- c:\windows\update.8.1
2011-08-24 16:22 . 2011-08-30 18:30 -------- d-----w- C:\rei
2011-08-24 16:22 . 2011-08-24 16:22 -------- d-----w- c:\program files\Reimage
2011-08-22 06:56 . 2011-08-22 07:14 -------- d-----w- c:\documents and settings\lam\Application Data\Skype
2011-08-21 20:38 . 2005-04-03 21:02 753664 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-08-21 20:38 . 2005-04-03 21:02 69714 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-08-21 20:38 . 2005-04-03 21:01 274432 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-08-21 20:38 . 2005-04-03 21:00 184320 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-08-21 20:38 . 2005-04-03 20:59 5632 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-08-21 20:38 . 2005-04-03 20:57 32768 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\Objectps.dll
2011-08-21 20:37 . 2011-08-21 20:37 200836 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-08-21 20:37 . 2011-08-21 20:37 331908 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-08-21 20:28 . 2011-08-31 18:19 -------- d-----w- c:\program files\NetDrive
2011-08-21 20:28 . 2003-06-04 10:49 503808 ----a-w- c:\windows\system32\RFHelper.dll
2011-08-21 20:28 . 2003-06-04 08:58 126976 ----a-w- c:\windows\system32\rfshext.dll
2011-08-21 20:28 . 2003-03-26 10:52 139264 ----a-w- c:\windows\system32\RFNP32.dll
2011-08-21 20:28 . 2001-10-05 07:48 225280 ----a-w- c:\windows\system32\rfwdres.dll
2011-08-21 20:28 . 2001-10-05 07:48 24576 ----a-w- c:\windows\system32\rfstrres.dll
2011-08-21 20:28 . 2001-10-05 07:48 24576 ----a-w- c:\windows\system32\rfshres.dll
2011-08-21 20:28 . 2001-10-05 07:47 36864 ----a-w- c:\windows\system32\rfhres.dll
2011-08-21 18:59 . 2011-08-22 07:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2011-08-20 12:23 . 2011-08-31 20:06 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-08-20 12:23 . 2011-08-20 12:23 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-08-20 12:23 . 2011-08-20 12:23 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-08-20 12:23 . 2011-08-31 20:06 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-08-20 12:23 . 2011-08-31 20:06 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-08-20 12:23 . 2011-08-31 20:06 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-08-20 12:23 . 2011-08-31 20:06 1846232 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-08-20 12:23 . 2011-08-31 20:06 785368 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-08-19 14:53 . 2011-08-19 14:53 -------- d-----w- c:\windows\ufa
2011-08-19 14:43 . 2011-08-19 14:53 246272 ----a-w- c:\windows\unrar.exe
2011-08-19 14:37 . 2011-08-19 14:37 -------- d-----w- c:\documents and settings\LocalService\Menu Démarrer
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-31 16:36 . 2008-04-13 10:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-08-30 13:13 . 2008-04-13 11:21 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-08-30 11:50 . 2008-04-13 11:19 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2011-08-30 11:40 . 2008-04-13 11:19 138112 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-31 20:06 . 2011-08-20 12:23 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-31_18.22.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-05 11:00 . 2011-08-30 13:06 72528 c:\windows\system32\perfc00C.dat
+ 2004-08-05 11:00 . 2011-09-01 12:37 72528 c:\windows\system32\perfc00C.dat
- 2004-08-05 11:00 . 2011-08-30 13:06 59774 c:\windows\system32\perfc009.dat
+ 2004-08-05 11:00 . 2011-09-01 12:37 59774 c:\windows\system32\perfc009.dat
+ 2004-08-05 11:00 . 2011-09-01 12:37 461554 c:\windows\system32\perfh00C.dat
- 2004-08-05 11:00 . 2011-08-30 13:06 461554 c:\windows\system32\perfh00C.dat
+ 2004-08-05 11:00 . 2011-09-01 12:37 395534 c:\windows\system32\perfh009.dat
- 2004-08-05 11:00 . 2011-08-30 13:06 395534 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{228B2BEC-3E3C-42de-8D00-84C56594DFA2}]
2010-12-14 22:56 129024 ----a-w- c:\documents and settings\lam\Local Settings\Application Data\BestPlay\bestplie.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]
"nwiz"="nwiz.exe" [2008-11-12 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072]
"TLogonPath"="c:\program files\Timbuktu Pro\minitb2.exe" [2003-07-09 65536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Timbuktu Pro]
2003-07-09 10:02 81973 ----a-w- c:\program files\Timbuktu Pro\HOOK32.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebDriveTray]
2003-06-04 10:49 294912 ----a-w- c:\program files\NetDrive\NetDrive.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Fichiers communs\\Microsoft Shared\\DW\\DW20.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\lam\\Mes documents\\Téléchargements\\esetsmartinstaller_enu.exe"=
"c:\\Program Files\\ESET\\ESET Online Scanner\\OnlineCmdLineScanner.exe"=
"c:\\Documents and Settings\\lam\\Mes documents\\Téléchargements\\jre-6u27-windows-i586-s.exe"=
"c:\\Documents and Settings\\lam\\Mes documents\\Téléchargements\\RSIT.exe"=
"c:\\Program Files\\Timbuktu Pro\\minitb2.exe"=
"c:\\Program Files\\Reimage\\Reimage Repair\\ReimageRepair.exe"=
"c:\\Program Files\\Reimage\\Reimage Repair\\Reimage.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Usenet.nl\\Usenet.nl.exe"=
.
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [16/04/2009 15:24 16640]
R1 Tb2Device;TB2 Remote Control Driver;NetopiaRC\Tb2Device.sys --> NetopiaRC\Tb2Device.sys [?]
R1 Tb2MirrorSys;TB2 Remote Control Mirror Driver;NetopiaRC\Tb2MirrorSys.sys --> NetopiaRC\Tb2MirrorSys.sys [?]
R2 WebDriveFSD;WebDrive File System Driver;c:\program files\NetDrive\rffsd.sys [21/08/2011 22:28 67032]
S3 cpuz134;cpuz134;\??\c:\docume~1\lam\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\lam\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\drivers\fbxusb32.sys [20/10/2004 14:23 21344]
S4 RFNP32;WebDrive Provider; [x]
.
Contenu du dossier 'Tâches planifiées'
.
2011-08-30 c:\windows\Tasks\Reimage Reminder.job
- c:\program files\Reimage\Reimage Repair\ReimageReminder.exe [2011-08-17 10:32]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://fr.yahoo.com/
mStart Page = hxxp://mivolo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:59274
uInternet Settings,ProxyOverride = <local>
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.27.40.240 212.27.40.241
FF - ProfilePath - c:\documents and settings\lam\Application Data\Mozilla\Firefox\Profiles\nuysbbnb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - mivolo.com
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.ftp - CYBERBOX
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - CYBERBOX
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - CYBERBOX
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - CYBERBOX
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - CYBERBOX
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-01 14:42
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sophos Message Router]
"ImagePath"="\"c:\program files\Sophos\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'explorer.exe'(272)
c:\windows\system32\eappprxy.dll
.
Heure de fin: 2011-09-01 14:44:25 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-09-01 12:44
ComboFix2.txt 2011-09-01 10:01
ComboFix3.txt 2011-08-31 18:26
.
Avant-CF: 9 961 189 376 octets libres
Après-CF: 9 944 436 736 octets libres
.
- - End Of File - - 7010FB3FFBF1018D5A960E33719902F5
Mon pc encaisse Combofix comme une lettre à la poste!![:)]( ":)")
Il est bien plus vif qu'auparavant en tout cas.
ComboFix 11-08-31.04 - LAM 01/09/2011 14:35:56.3.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1279.981 [GMT 2:00]
Lancé depuis: c:\documents and settings\lam\Mes documents\TÚlÚchargements\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\lam\Bureau\CFScript.txt
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Sophos
c:\program files\Sophos\Remote Management System\ace.dll
c:\program files\Sophos\Remote Management System\ACE_SSL.dll
c:\program files\Sophos\Remote Management System\acetao-license.txt
c:\program files\Sophos\Remote Management System\AutoUpdateAgentNT.exe
c:\program files\Sophos\Remote Management System\cac.pem
c:\program files\Sophos\Remote Management System\CertificationClientLibrary.dll
c:\program files\Sophos\Remote Management System\CertificationLib.dll
c:\program files\Sophos\Remote Management System\ClientMRInit.exe
c:\program files\Sophos\Remote Management System\EmErr.dll
c:\program files\Sophos\Remote Management System\EMLibUpdateAgentNT.exe
c:\program files\Sophos\Remote Management System\EMTrace.dll
c:\program files\Sophos\Remote Management System\libeay32.dll
c:\program files\Sophos\Remote Management System\mrinit.conf
c:\program files\Sophos\Remote Management System\MSClientLib.dll
c:\program files\Sophos\Remote Management System\msvcp71.dll
c:\program files\Sophos\Remote Management System\msvcr71.dll
c:\program files\Sophos\Remote Management System\openssl-license.txt
c:\program files\Sophos\Remote Management System\RtrEvent.dll
c:\program files\Sophos\Remote Management System\scf.dat
c:\program files\Sophos\Remote Management System\ssleay32.dll
c:\program files\Sophos\Remote Management System\svc.conf
c:\program files\Sophos\Remote Management System\TAO.dll
c:\program files\Sophos\Remote Management System\TAO_DynamicAny.dll
c:\program files\Sophos\Remote Management System\TAO_IORInterceptor.dll
c:\program files\Sophos\Remote Management System\TAO_ObjRefTemplate.dll
c:\program files\Sophos\Remote Management System\TAO_PortableServer.dll
c:\program files\Sophos\Remote Management System\TAO_Security.dll
c:\program files\Sophos\Remote Management System\TAO_SSLIOP.dll
c:\program files\Sophos\Remote Management System\TAO_Valuetype.dll
c:\program files\Sophos\Sophos Anti-Virus\SavService.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-08-01 au 2011-09-01 ))))))))))))))))))))))))))))))))))))
.
.
2011-08-31 20:05 . 2011-08-31 20:05 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-08-31 17:58 . 2011-08-31 05:46 54144 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
2011-08-31 17:58 . 2011-08-31 05:46 54144 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-08-30 13:51 . 2011-08-30 13:51 -------- d--h--w- c:\windows\PIF
2011-08-30 11:37 . 2011-08-31 17:00 43408 --sha-w- c:\windows\system32\c_64013.nl_
2011-08-29 20:27 . 2011-08-29 20:27 -------- d-----w- c:\program files\trend micro
2011-08-29 20:27 . 2011-08-29 20:30 -------- d-----w- C:\rsit
2011-08-29 20:13 . 2011-08-29 20:13 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess
2011-08-29 20:10 . 2011-08-29 20:10 -------- d-----w- c:\documents and settings\lam\Application Data\f-secure
2011-08-29 20:09 . 2011-08-29 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2011-08-29 19:58 . 2011-08-29 19:58 -------- d-----w- c:\program files\ESET
2011-08-29 19:38 . 2011-05-24 17:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-08-29 18:53 . 2011-08-29 18:53 -------- d--h--w- c:\windows\update.8.1
2011-08-24 16:22 . 2011-08-30 18:30 -------- d-----w- C:\rei
2011-08-24 16:22 . 2011-08-24 16:22 -------- d-----w- c:\program files\Reimage
2011-08-22 06:56 . 2011-08-22 07:14 -------- d-----w- c:\documents and settings\lam\Application Data\Skype
2011-08-21 20:38 . 2005-04-03 21:02 753664 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-08-21 20:38 . 2005-04-03 21:02 69714 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-08-21 20:38 . 2005-04-03 21:01 274432 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-08-21 20:38 . 2005-04-03 21:00 184320 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-08-21 20:38 . 2005-04-03 20:59 5632 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-08-21 20:38 . 2005-04-03 20:57 32768 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\Objectps.dll
2011-08-21 20:37 . 2011-08-21 20:37 200836 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-08-21 20:37 . 2011-08-21 20:37 331908 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-08-21 20:28 . 2011-08-31 18:19 -------- d-----w- c:\program files\NetDrive
2011-08-21 20:28 . 2003-06-04 10:49 503808 ----a-w- c:\windows\system32\RFHelper.dll
2011-08-21 20:28 . 2003-06-04 08:58 126976 ----a-w- c:\windows\system32\rfshext.dll
2011-08-21 20:28 . 2003-03-26 10:52 139264 ----a-w- c:\windows\system32\RFNP32.dll
2011-08-21 20:28 . 2001-10-05 07:48 225280 ----a-w- c:\windows\system32\rfwdres.dll
2011-08-21 20:28 . 2001-10-05 07:48 24576 ----a-w- c:\windows\system32\rfstrres.dll
2011-08-21 20:28 . 2001-10-05 07:48 24576 ----a-w- c:\windows\system32\rfshres.dll
2011-08-21 20:28 . 2001-10-05 07:47 36864 ----a-w- c:\windows\system32\rfhres.dll
2011-08-21 18:59 . 2011-08-22 07:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2011-08-20 12:23 . 2011-08-31 20:06 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-08-20 12:23 . 2011-08-20 12:23 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-08-20 12:23 . 2011-08-20 12:23 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-08-20 12:23 . 2011-08-31 20:06 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-08-20 12:23 . 2011-08-31 20:06 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-08-20 12:23 . 2011-08-31 20:06 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-08-20 12:23 . 2011-08-31 20:06 1846232 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-08-20 12:23 . 2011-08-31 20:06 785368 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-08-19 14:53 . 2011-08-19 14:53 -------- d-----w- c:\windows\ufa
2011-08-19 14:43 . 2011-08-19 14:53 246272 ----a-w- c:\windows\unrar.exe
2011-08-19 14:37 . 2011-08-19 14:37 -------- d-----w- c:\documents and settings\LocalService\Menu Démarrer
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-31 16:36 . 2008-04-13 10:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-08-30 13:13 . 2008-04-13 11:21 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-08-30 11:50 . 2008-04-13 11:19 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2011-08-30 11:40 . 2008-04-13 11:19 138112 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-31 20:06 . 2011-08-20 12:23 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-31_18.22.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-05 11:00 . 2011-08-30 13:06 72528 c:\windows\system32\perfc00C.dat
+ 2004-08-05 11:00 . 2011-09-01 12:37 72528 c:\windows\system32\perfc00C.dat
- 2004-08-05 11:00 . 2011-08-30 13:06 59774 c:\windows\system32\perfc009.dat
+ 2004-08-05 11:00 . 2011-09-01 12:37 59774 c:\windows\system32\perfc009.dat
+ 2004-08-05 11:00 . 2011-09-01 12:37 461554 c:\windows\system32\perfh00C.dat
- 2004-08-05 11:00 . 2011-08-30 13:06 461554 c:\windows\system32\perfh00C.dat
+ 2004-08-05 11:00 . 2011-09-01 12:37 395534 c:\windows\system32\perfh009.dat
- 2004-08-05 11:00 . 2011-08-30 13:06 395534 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{228B2BEC-3E3C-42de-8D00-84C56594DFA2}]
2010-12-14 22:56 129024 ----a-w- c:\documents and settings\lam\Local Settings\Application Data\BestPlay\bestplie.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]
"nwiz"="nwiz.exe" [2008-11-12 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072]
"TLogonPath"="c:\program files\Timbuktu Pro\minitb2.exe" [2003-07-09 65536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Timbuktu Pro]
2003-07-09 10:02 81973 ----a-w- c:\program files\Timbuktu Pro\HOOK32.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebDriveTray]
2003-06-04 10:49 294912 ----a-w- c:\program files\NetDrive\NetDrive.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Fichiers communs\\Microsoft Shared\\DW\\DW20.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\lam\\Mes documents\\Téléchargements\\esetsmartinstaller_enu.exe"=
"c:\\Program Files\\ESET\\ESET Online Scanner\\OnlineCmdLineScanner.exe"=
"c:\\Documents and Settings\\lam\\Mes documents\\Téléchargements\\jre-6u27-windows-i586-s.exe"=
"c:\\Documents and Settings\\lam\\Mes documents\\Téléchargements\\RSIT.exe"=
"c:\\Program Files\\Timbuktu Pro\\minitb2.exe"=
"c:\\Program Files\\Reimage\\Reimage Repair\\ReimageRepair.exe"=
"c:\\Program Files\\Reimage\\Reimage Repair\\Reimage.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Usenet.nl\\Usenet.nl.exe"=
.
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [16/04/2009 15:24 16640]
R1 Tb2Device;TB2 Remote Control Driver;NetopiaRC\Tb2Device.sys --> NetopiaRC\Tb2Device.sys [?]
R1 Tb2MirrorSys;TB2 Remote Control Mirror Driver;NetopiaRC\Tb2MirrorSys.sys --> NetopiaRC\Tb2MirrorSys.sys [?]
R2 WebDriveFSD;WebDrive File System Driver;c:\program files\NetDrive\rffsd.sys [21/08/2011 22:28 67032]
S3 cpuz134;cpuz134;\??\c:\docume~1\lam\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\lam\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\drivers\fbxusb32.sys [20/10/2004 14:23 21344]
S4 RFNP32;WebDrive Provider; [x]
.
Contenu du dossier 'Tâches planifiées'
.
2011-08-30 c:\windows\Tasks\Reimage Reminder.job
- c:\program files\Reimage\Reimage Repair\ReimageReminder.exe [2011-08-17 10:32]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://fr.yahoo.com/
mStart Page = hxxp://mivolo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:59274
uInternet Settings,ProxyOverride = <local>
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.27.40.240 212.27.40.241
FF - ProfilePath - c:\documents and settings\lam\Application Data\Mozilla\Firefox\Profiles\nuysbbnb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - mivolo.com
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.ftp - CYBERBOX
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - CYBERBOX
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - CYBERBOX
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - CYBERBOX
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - CYBERBOX
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-01 14:42
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sophos Message Router]
"ImagePath"="\"c:\program files\Sophos\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'explorer.exe'(272)
c:\windows\system32\eappprxy.dll
.
Heure de fin: 2011-09-01 14:44:25 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-09-01 12:44
ComboFix2.txt 2011-09-01 10:01
ComboFix3.txt 2011-08-31 18:26
.
Avant-CF: 9 961 189 376 octets libres
Après-CF: 9 944 436 736 octets libres
.
- - End Of File - - 7010FB3FFBF1018D5A960E33719902F5
Mon pc encaisse Combofix comme une lettre à la poste!
Il est bien plus vif qu'auparavant en tout cas.
Re,
Ok on a bien avancé, on va voir si il reste du boulot![:)]( ":)")
Fais un scan complet avec ESET et poste le rapport obtenu ![:)]( ":)")
Ensuite :
![]()
Diagnostic :
Télécharge ![]()
OTL (de [#ff9000]OldTimer[/#ff]) sur ton Bureau.
Si tu es sous XP, double-clique dessus pour le lancer, si tu es sous Vista/7, fais un clic droit dessus et fais Exécuter en tant qu'administrateur pour le lancer.
Une fenêtre apparaît.
Coche la case : Tous les utilisateurs
Coche les cases correspondant à la Recherche LOP et à la Recherche Purity (En bleu vers le bas de la fenêtre).
Sous Personnalisation, copie-colle l'ensemble du texte ci-dessous, laisse les autres options par défaut.
Enfin, clique sur le bouton Analyse. Pendant la durée du scanne, ne touche à rien. Le scan prendra quelques temps.
A la fin du scan, deux rapports s'ouvriront : OTL.Txt et Extras.Txt. Copie/colle ici l'ensemble des rapports.
Pour les rapports, qui ont tendance à être trop longs pour le forum, merci d'utiliser ce service de rapport en ligne : dépose le fichier via "parcourir" et poste simplement le lien obtenu.
Ok on a bien avancé, on va voir si il reste du boulot
Ensuite :
Diagnostic :netsvcs
msconfig
drivers32
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
%systemroot%\System32\config\*.sav
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.dll /lockedfiles
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
iexplore.exe
/md5stop
CREATERESTOREPOINT
msconfig
drivers32
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
%systemroot%\System32\config\*.sav
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.dll /lockedfiles
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
iexplore.exe
/md5stop
CREATERESTOREPOINT
Pour les rapports, qui ont tendance à être trop longs pour le forum, merci d'utiliser ce service de rapport en ligne : dépose le fichier via "parcourir" et poste simplement le lien obtenu.
Bon, rapport ESET, il fait plus peur que mal (enfin j'espère!!!!)
http://www.cijoint.fr/cjlink.php?file=cj201109/cijCwIoN...
Rapport OTL :
http://www.cijoint.fr/cjlink.php?file=cj201109/cijXCOSN...
Rapport Extras:
http://www.cijoint.fr/cjlink.php?file=cj201109/cij2Lb6J...
http://www.cijoint.fr/cjlink.php?file=cj201109/cijCwIoN...
Rapport OTL :
http://www.cijoint.fr/cjlink.php?file=cj201109/cijXCOSN...
Rapport Extras:
http://www.cijoint.fr/cjlink.php?file=cj201109/cij2Lb6J...
Salut, un ami est passé chez moi en mon absence et il s'est permis d'installer AntiMalware et CCleaner et de scanner mon PC... (Je ne lui avais pas dis que je faisais une désinfection) J'espère que ça va pas nuire à ce que l'on a déjà fait ensemble. Voici le rapport en tout cas.
Rapport MBAM:
http://www.cijoint.fr/cjlink.php?file=cj201109/cijaB9RU...
Rapport MBAM:
http://www.cijoint.fr/cjlink.php?file=cj201109/cijaB9RU...
Bonjour,
Quel antimalware ?
![:)]( ":)")
Ok il reste une petite infection ASKbar, mais rien de bien sérieux :
![]()
Scan Ad-Remover
Télécharge ![]()
Ad-Remover (de C_XX[/#ff]) sur ton Bureau.
![]()
[#ff0000]Déconnecte-toi et ferme toutes applications en cours[/#ff] ![]()
Double-clique sur AD-R présent sur ton bureau. (Clic droit -> "Exécuter en tant qu'administrateur" pour VISTA/7)
Patiente jusqu'à l'apparition du menu principal. A partir de là, clique sur Scanner. On te demandera de confirmer, clique sur Oui et patiente jusqu'à la fin du scan.
![]()
[#ff0000]Laisse travailler l'outil [/#ff] ![]()
Une fenêtre contenant le rapport va s'ouvrir, poste-moi le rapport dans ta prochaine réponse.
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
Ensuite clique sur Quitter pour fermer Ad-Remover.
Note : Le rapport que Ad-Remover viens de générer se trouve ici : C:\Ad-Report-SCAN
[#ff9d00]Pour t'aider : ![]()
Tuto sur AD-R
Citation :
Salut, un ami est passé chez moi en mon absence et il s'est permis d'installer AntiMalware et CCleaner et de scanner mon PC... (Je ne lui avais pas dis que je faisais une désinfection) J'espère que ça va pas nuire à ce que l'on a déjà fait ensemble. Voici le rapport en tout cas. Quel antimalware ?
Ok il reste une petite infection ASKbar, mais rien de bien sérieux :
Scan Ad-Remover
Ad-Remover (de C_XX[/#ff]) sur ton Bureau. [#ff0000]Déconnecte-toi et ferme toutes applications en cours[/#ff] [#ff0000]Laisse travailler l'outil [/#ff] ( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
Ensuite clique sur Quitter pour fermer Ad-Remover.
Note : Le rapport que Ad-Remover viens de générer se trouve ici : C:\Ad-Report-SCAN
[#ff9d00]Pour t'aider :
Tuto sur AD-R
Re,
Bon décidément c'est le bronx sur ton PC... Il va falloir être plus prudent sur le net![;)]( ";)")
![]()
Fix Ad-Remover
![]()
Déconnecte-toi et ferme toutes applications en cours[/#ff] ![]()
Relance Ad-Remover. (Clic droit -> "Exécuter en tant qu'administrateur" pour VISTA/7)
Patiente jusqu'à l'apparition du menu principal. A partir de là, clique sur Nettoyer. On te demandera de confirmer, clique sur Oui et patiente jusqu'à la fin du scan.
![]()
[#ff0000]Laisse travailler l'outil [/#ff] ![]()
Une fenêtre contenant un nouveau rapport va s'ouvrir, poste-moi le rapport dans ta prochaine réponse.
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
Ensuite clique sur Quitter pour fermer Ad-Remover.
Note : Le rapport que Ad-Remover viens de générer se trouve ici : C:\Ad-Report-CLEAN
[#ff9d00]Pour t'aider : ![]()
Tuto sur AD-R
Ensuite, poste un nouveau rapport OTL![:)]( ":)")
Bon décidément c'est le bronx sur ton PC... Il va falloir être plus prudent sur le net
Fix Ad-Remover Déconnecte-toi et ferme toutes applications en cours[/#ff] [#ff0000]Laisse travailler l'outil [/#ff] ( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
Ensuite clique sur Quitter pour fermer Ad-Remover.
Note : Le rapport que Ad-Remover viens de générer se trouve ici : C:\Ad-Report-CLEAN
[#ff9d00]Pour t'aider :
Tuto sur AD-R Ensuite, poste un nouveau rapport OTL
Et moi qui croyait que j'étais un modèle de prudence sur le net... ![:D]( ":D")
Rapport ADR Nettoyage:
http://www.cijoint.fr/cjlink.php?file=cj201109/cijhOOis...
Rapport OTL: (ci joint ne veut pas me le prendre celui là...)
OTL logfile created on: 02/09/2011 18:12:38 - Run 2
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\lam\Mes documents\Téléchargements
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
1,25 Gb Total Physical Memory | 0,82 Gb Available Physical Memory | 65,99% Memory free
2,98 Gb Paging File | 2,71 Gb Available in Paging File | 91,02% Paging File free
Paging file location(s): C:\pagefile.sys 1920 3840 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,25 Gb Total Space | 9,75 Gb Free Space | 26,18% Space Free | Partition Type: NTFS
Computer Name: MEHQ | User Name: LAM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/09/01 18:07:04 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\lam\Mes documents\Téléchargements\OTL.exe
PRC - [2011/08/31 22:06:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/04/13 20:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2011/08/31 22:06:27 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/08/16 16:31:18 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\lam\Application Data\Mozilla\Firefox\Profiles\nuysbbnb.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko6.dll
MOD - [2010/10/21 20:36:11 | 005,969,360 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2009/02/27 17:37:16 | 000,311,296 | ---- | M] () -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\pdfshell.FRA
MOD - [2008/04/13 20:33:32 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/03/29 17:42:20 | 000,159,744 | ---- | M] () -- C:\Program Files\Satsuki Decoder Pack\Filtres\mmfinfo.dll
MOD - [2008/03/29 17:41:52 | 000,023,552 | ---- | M] () -- C:\Program Files\Satsuki Decoder Pack\Filtres\mkunicode.dll
MOD - [2003/06/04 12:49:42 | 000,503,808 | ---- | M] () -- C:\WINDOWS\system32\RFHelper.dll
MOD - [2001/10/05 09:47:46 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\rfhres.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (WebDriveService)
SRV - File not found [Auto | Stopped] -- -- (Tb2Launch)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2003/07/28 20:28:22 | 000,082,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | System | Running] -- -- (Tb2MirrorSys)
DRV - File not found [Kernel | System | Running] -- -- (Tb2Device)
DRV - [2008/10/30 21:10:48 | 000,117,120 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/08/13 14:46:30 | 000,822,272 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/09/05 20:07:00 | 000,061,536 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59bus.sys -- (se59bus) Sony Ericsson Device 089 driver (WDM)
DRV - [2006/06/19 05:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/02/26 17:22:48 | 000,414,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA(R) nForce(TM)
DRV - [2006/02/26 17:22:48 | 000,053,376 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA(R) nForce(TM)
DRV - [2006/02/26 17:21:18 | 000,089,856 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2006/02/26 17:21:18 | 000,016,640 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvcchflt.sys -- (nvcchflt)
DRV - [2006/02/26 17:03:28 | 000,021,760 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2004/10/20 14:23:34 | 000,021,344 | ---- | M] (FreeBox SA) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fbxusb32.sys -- (fbxusb)
DRV - [2003/03/26 12:52:42 | 000,139,264 | ---- | M] (River Front Software) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\RFNP32.dll -- (RFNP32)
DRV - [2002/11/27 13:40:32 | 000,067,032 | ---- | M] () [File_System | Auto | Running] -- C:\Program Files\NetDrive\rffsd.sys -- (WebDriveFSD)
DRV - [2001/08/17 22:53:32 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qv2kux.sys -- (QV2KUX)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = CYBERBOX:80
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = CYBERBOX:80
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://intranet
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = CYBERBOX:80
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://CYBERBOX:8081/proxy-chu.pac
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://intranet
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = CYBERBOX:80
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://CYBERBOX:8081/proxy-chu.pac
IE - HKU\S-1-5-21-771168771-453390946-965413785-10985\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\S-1-5-21-771168771-453390946-965413785-10985\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-771168771-453390946-965413785-10985\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "mivolo.com"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.12.2.100006
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {B10A7CD3-C859-4bab-8866-859F1DB8E616}:2.0.0.0
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - prefs.js..network.proxy.ftp: "CYBERBOX"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "CYBERBOX"
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http: "CYBERBOX"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "CYBERBOX"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "CYBERBOX"
FF - prefs.js..network.proxy.ssl_port: 80
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/02 18:00:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/29 21:24:16 | 000,000,000 | ---D | M]
[2009/11/28 23:46:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\lam\Application Data\Mozilla\Extensions
[2011/08/20 14:28:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\lam\Application Data\Mozilla\Firefox\Profiles\nuysbbnb.default\extensions
[2011/08/18 08:06:21 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\lam\Application Data\Mozilla\Firefox\Profiles\nuysbbnb.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/12/15 00:56:27 | 000,000,000 | ---D | M] (BestPlayFF Module) -- C:\Documents and Settings\lam\Application Data\Mozilla\Firefox\Profiles\nuysbbnb.default\extensions\{B10A7CD3-C859-4bab-8866-859F1DB8E616}
[2011/08/22 09:15:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/02 20:09:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/08/31 22:06:28 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/20 14:23:44 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2011/08/20 14:23:44 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/08/20 14:23:44 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2011/08/20 14:23:44 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2011/08/20 14:23:44 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2011/08/20 14:23:44 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml
O1 HOSTS File: ([2011/09/01 14:42:01 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [TLogonPath] C:\Program Files\Timbuktu Pro\minitb2.exe (Netopia, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-771168771-453390946-965413785-10985\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-771168771-453390946-965413785-10985\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-771168771-453390946-965413785-10985\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-771168771-453390946-965413785-10985\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = chu-toulouse.fr
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1DAAE476-87A7-4050-84CF-8EFE5919F730}: DhcpNameServer = 212.27.40.240 212.27.40.241
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\Timbuktu Pro: DllName - C:\Program Files\Timbuktu Pro\Hook32.dll - C:\Program Files\Timbuktu Pro\HOOK32.DLL (Netopia, Inc.)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/16 13:37:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/09/02 17:14:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lam\Menu Démarrer\Programmes\Ad-Remover
[2011/09/02 17:13:56 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover
[2011/09/02 14:22:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\lam\Recent
[2011/09/02 13:25:44 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/09/02 13:23:43 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/09/02 13:21:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lam\Application Data\Malwarebytes
[2011/09/02 13:21:25 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/09/02 13:21:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/09/02 13:21:20 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/09/02 13:21:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/01 14:44:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/08/31 22:05:24 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/08/31 19:58:47 | 000,054,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i8042prt.sys
[2011/08/31 19:57:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/08/31 19:54:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/08/31 19:54:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/08/31 19:54:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/08/31 19:54:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/08/31 19:54:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/08/31 19:52:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/31 19:52:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\lam\Menu Démarrer\Programmes\Outils d'administration
[2011/08/30 15:51:32 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/08/29 22:27:17 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011/08/29 22:27:16 | 000,000,000 | ---D | C] -- C:\rsit
[2011/08/29 22:13:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/08/29 22:10:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lam\Application Data\f-secure
[2011/08/29 22:09:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2011/08/29 21:58:56 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/08/29 21:38:18 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011/08/29 20:53:27 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.8.1
[2011/08/24 18:22:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Reimage Repair
[2011/08/24 18:22:41 | 000,000,000 | ---D | C] -- C:\rei
[2011/08/24 18:22:35 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2011/08/23 12:15:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis
[2011/08/23 12:13:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/08/22 08:56:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lam\Application Data\Skype
[2011/08/21 22:28:24 | 000,139,264 | ---- | C] (River Front Software) -- C:\WINDOWS\System32\RFNP32.dll
[2011/08/21 22:28:24 | 000,000,000 | ---D | C] -- C:\Program Files\NetDrive
[2011/08/21 22:28:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\NetDrive
[2011/08/21 20:59:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2011/08/19 16:53:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ufa
[2011/08/19 16:43:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\WinRAR
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/09/02 18:08:01 | 000,461,554 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2011/09/02 18:08:01 | 000,395,534 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/02 18:08:01 | 000,072,528 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2011/09/02 18:08:01 | 000,059,774 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/02 18:03:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/02 18:03:51 | 1341,181,952 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/02 17:14:03 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\lam\Bureau\Ad-Remover.lnk
[2011/09/02 17:11:36 | 001,563,105 | ---- | M] () -- C:\Documents and Settings\lam\Bureau\AD-R.exe
[2011/09/02 17:05:55 | 000,210,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/01 14:42:01 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/08/31 22:41:31 | 000,000,701 | ---- | M] () -- C:\Documents and Settings\lam\Bureau\ComboFix.lnk
[2011/08/31 22:05:46 | 000,001,912 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/08/31 19:57:22 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2011/08/31 18:36:47 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdrom.sys
[2011/08/31 07:46:57 | 000,054,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i8042prt.sys
[2011/08/30 20:30:21 | 000,000,286 | ---- | M] () -- C:\WINDOWS\reimage.ini
[2011/08/30 18:56:56 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\Reimage Reminder.job
[2011/08/30 15:13:02 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netbt.sys
[2011/08/30 13:50:20 | 000,075,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsec.sys
[2011/08/30 13:40:16 | 000,138,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\afd.sys
[2011/08/29 21:30:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/24 18:22:42 | 000,001,749 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\PC Scan & Repair by Reimage.lnk
[2011/08/24 17:59:47 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\scud.udf
[2011/08/24 15:36:16 | 000,185,856 | ---- | M] () -- C:\Documents and Settings\lam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/21 22:41:59 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\lam\Local Settings\Application Data\housecall.guid.cache
[2011/08/20 10:00:48 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\lam\Mes documents\Poste de travail.lnk
[2011/08/19 16:53:07 | 000,246,272 | ---- | M] () -- C:\WINDOWS\unrar.exe
[2011/08/17 17:46:54 | 000,001,552 | ---- | M] () -- C:\Documents and Settings\lam\Bureau\Usenet.nl.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/09/02 17:14:03 | 000,001,554 | ---- | C] () -- C:\Documents and Settings\lam\Bureau\Ad-Remover.lnk
[2011/09/02 17:11:36 | 001,563,105 | ---- | C] () -- C:\Documents and Settings\lam\Bureau\AD-R.exe
[2011/09/02 17:05:55 | 000,210,488 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/31 22:41:31 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\lam\Bureau\ComboFix.lnk
[2011/08/31 19:57:22 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2011/08/31 19:57:17 | 000,263,488 | RHS- | C] () -- C:\cmldr
[2011/08/31 19:54:28 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/31 19:54:28 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/31 19:54:28 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/31 19:54:28 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/31 19:54:28 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/08/29 21:43:49 | 052,390,856 | ---- | C] () -- C:\WINDOWS\System32\MRT.exe
[2011/08/29 21:33:50 | 000,001,912 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/08/24 18:23:10 | 000,000,270 | ---- | C] () -- C:\WINDOWS\tasks\Reimage Reminder.job
[2011/08/24 18:23:07 | 000,000,286 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2011/08/24 18:22:42 | 000,001,749 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\PC Scan & Repair by Reimage.lnk
[2011/08/24 17:59:47 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\scud.udf
[2011/08/24 17:16:39 | 000,401,720 | ---- | C] () -- C:\Documents and Settings\lam\Bureau\HijackThis.exe
[2011/08/21 22:41:59 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\lam\Local Settings\Application Data\housecall.guid.cache
[2011/08/21 22:28:24 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\RFHelper.dll
[2011/08/21 22:28:24 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\rfwdres.dll
[2011/08/21 22:28:24 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\rfshext.dll
[2011/08/21 22:28:24 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\rfhres.dll
[2011/08/21 22:28:24 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\rfstrres.dll
[2011/08/21 22:28:24 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\rfshres.dll
[2011/08/20 14:23:55 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Mozilla Firefox.lnk
[2011/08/20 10:00:48 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\lam\Mes documents\Poste de travail.lnk
[2011/08/19 16:43:01 | 000,246,272 | ---- | C] () -- C:\WINDOWS\unrar.exe
[2011/08/17 17:45:23 | 000,001,552 | ---- | C] () -- C:\Documents and Settings\lam\Bureau\Usenet.nl.lnk
[2010/04/24 16:09:27 | 000,000,820 | ---- | C] () -- C:\WINDOWS\disney.ini
[2009/11/28 23:45:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/11/07 12:18:26 | 000,290,816 | ---- | C] () -- C:\WINDOWS\System32\decdll.dll
[2009/09/02 21:20:19 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/06/06 17:11:18 | 000,185,856 | ---- | C] () -- C:\Documents and Settings\lam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/16 15:31:18 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009/04/16 15:31:17 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/04/16 15:31:17 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/04/16 15:31:17 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2009/04/16 15:31:17 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/04/16 15:31:17 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/04/16 15:31:17 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009/04/16 15:31:17 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2009/04/16 15:28:04 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/04/16 13:51:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tb2pro.INI
[2009/04/16 13:49:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Tb2Desk.INI
[2009/04/16 13:47:07 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/04/16 13:41:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/04/16 13:34:18 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/13 20:50:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/03/28 18:41:32 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2006/12/30 20:27:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/12/20 12:08:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/20 12:03:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/08/05 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/05 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/05 13:00:00 | 000,461,554 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat
[2004/08/05 13:00:00 | 000,395,534 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/05 13:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat
[2004/08/05 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/05 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/05 13:00:00 | 000,072,528 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat
[2004/08/05 13:00:00 | 000,059,774 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/05 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/05 13:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat
[2004/08/05 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/05 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/05 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/04/01 10:58:02 | 000,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/12/14 23:46:02 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\oggDS.dll
[2002/12/14 23:46:02 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/12/14 23:46:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/12/14 22:46:04 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/11/15 14:11:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2000/11/24 12:48:00 | 000,032,144 | ---- | C] () -- C:\WINDOWS\WAIT.EXE
========== LOP Check ==========
[2009/04/16 13:47:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\ICAClient
[2009/05/10 21:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2011/08/29 22:13:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/08/29 22:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2009/05/06 11:42:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2011/09/02 13:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lam\Application Data\Azureus
[2011/08/29 22:10:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lam\Application Data\f-secure
[2009/11/07 12:28:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lam\Application Data\FreeHDConverter
[2009/11/07 12:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lam\Application Data\FreeVideoConverter
[2010/01/24 18:33:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lam\Application Data\ICAClient
[2011/08/30 22:47:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lam\Application Data\Usenet.nl
[2009/05/26 16:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lam\Application Data\XnView
[2009/04/17 13:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LAM.CHU\Application Data\Azureus
[2009/04/17 13:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LAM.CHU\Application Data\InterVideo
[2009/04/17 13:42:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LAM.CHU\Application Data\Panasonic
[2009/04/17 13:42:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LAM.CHU\Application Data\XnView
[2011/08/30 18:56:56 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\Reimage Reminder.job
========== Purity Check ==========
< End of report >
Rapport ADR Nettoyage:
http://www.cijoint.fr/cjlink.php?file=cj201109/cijhOOis...
Rapport OTL: (ci joint ne veut pas me le prendre celui là...)
OTL logfile created on: 02/09/2011 18:12:38 - Run 2
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\lam\Mes documents\Téléchargements
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
1,25 Gb Total Physical Memory | 0,82 Gb Available Physical Memory | 65,99% Memory free
2,98 Gb Paging File | 2,71 Gb Available in Paging File | 91,02% Paging File free
Paging file location(s): C:\pagefile.sys 1920 3840 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,25 Gb Total Space | 9,75 Gb Free Space | 26,18% Space Free | Partition Type: NTFS
Computer Name: MEHQ | User Name: LAM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/09/01 18:07:04 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\lam\Mes documents\Téléchargements\OTL.exe
PRC - [2011/08/31 22:06:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/04/13 20:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2011/08/31 22:06:27 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/08/16 16:31:18 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\lam\Application Data\Mozilla\Firefox\Profiles\nuysbbnb.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko6.dll
MOD - [2010/10/21 20:36:11 | 005,969,360 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2009/02/27 17:37:16 | 000,311,296 | ---- | M] () -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\pdfshell.FRA
MOD - [2008/04/13 20:33:32 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/03/29 17:42:20 | 000,159,744 | ---- | M] () -- C:\Program Files\Satsuki Decoder Pack\Filtres\mmfinfo.dll
MOD - [2008/03/29 17:41:52 | 000,023,552 | ---- | M] () -- C:\Program Files\Satsuki Decoder Pack\Filtres\mkunicode.dll
MOD - [2003/06/04 12:49:42 | 000,503,808 | ---- | M] () -- C:\WINDOWS\system32\RFHelper.dll
MOD - [2001/10/05 09:47:46 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\rfhres.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (WebDriveService)
SRV - File not found [Auto | Stopped] -- -- (Tb2Launch)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2003/07/28 20:28:22 | 000,082,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | System | Running] -- -- (Tb2MirrorSys)
DRV - File not found [Kernel | System | Running] -- -- (Tb2Device)
DRV - [2008/10/30 21:10:48 | 000,117,120 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/08/13 14:46:30 | 000,822,272 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/09/05 20:07:00 | 000,061,536 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59bus.sys -- (se59bus) Sony Ericsson Device 089 driver (WDM)
DRV - [2006/06/19 05:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/02/26 17:22:48 | 000,414,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA(R) nForce(TM)
DRV - [2006/02/26 17:22:48 | 000,053,376 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA(R) nForce(TM)
DRV - [2006/02/26 17:21:18 | 000,089,856 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2006/02/26 17:21:18 | 000,016,640 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvcchflt.sys -- (nvcchflt)
DRV - [2006/02/26 17:03:28 | 000,021,760 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2004/10/20 14:23:34 | 000,021,344 | ---- | M] (FreeBox SA) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fbxusb32.sys -- (fbxusb)
DRV - [2003/03/26 12:52:42 | 000,139,264 | ---- | M] (River Front Software) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\RFNP32.dll -- (RFNP32)
DRV - [2002/11/27 13:40:32 | 000,067,032 | ---- | M] () [File_System | Auto | Running] -- C:\Program Files\NetDrive\rffsd.sys -- (WebDriveFSD)
DRV - [2001/08/17 22:53:32 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qv2kux.sys -- (QV2KUX)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = CYBERBOX:80
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = CYBERBOX:80
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://intranet
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = CYBERBOX:80
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://CYBERBOX:8081/proxy-chu.pac
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://intranet
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = CYBERBOX:80
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://CYBERBOX:8081/proxy-chu.pac
IE - HKU\S-1-5-21-771168771-453390946-965413785-10985\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\S-1-5-21-771168771-453390946-965413785-10985\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-771168771-453390946-965413785-10985\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "mivolo.com"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.12.2.100006
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {B10A7CD3-C859-4bab-8866-859F1DB8E616}:2.0.0.0
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - prefs.js..network.proxy.ftp: "CYBERBOX"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "CYBERBOX"
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http: "CYBERBOX"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "CYBERBOX"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "CYBERBOX"
FF - prefs.js..network.proxy.ssl_port: 80
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/02 18:00:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/29 21:24:16 | 000,000,000 | ---D | M]
[2009/11/28 23:46:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\lam\Application Data\Mozilla\Extensions
[2011/08/20 14:28:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\lam\Application Data\Mozilla\Firefox\Profiles\nuysbbnb.default\extensions
[2011/08/18 08:06:21 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\lam\Application Data\Mozilla\Firefox\Profiles\nuysbbnb.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/12/15 00:56:27 | 000,000,000 | ---D | M] (BestPlayFF Module) -- C:\Documents and Settings\lam\Application Data\Mozilla\Firefox\Profiles\nuysbbnb.default\extensions\{B10A7CD3-C859-4bab-8866-859F1DB8E616}
[2011/08/22 09:15:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/02 20:09:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/08/31 22:06:28 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/20 14:23:44 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2011/08/20 14:23:44 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/08/20 14:23:44 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2011/08/20 14:23:44 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2011/08/20 14:23:44 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2011/08/20 14:23:44 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml
O1 HOSTS File: ([2011/09/01 14:42:01 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [TLogonPath] C:\Program Files\Timbuktu Pro\minitb2.exe (Netopia, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-771168771-453390946-965413785-10985\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-771168771-453390946-965413785-10985\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-771168771-453390946-965413785-10985\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-771168771-453390946-965413785-10985\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = chu-toulouse.fr
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1DAAE476-87A7-4050-84CF-8EFE5919F730}: DhcpNameServer = 212.27.40.240 212.27.40.241
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\Timbuktu Pro: DllName - C:\Program Files\Timbuktu Pro\Hook32.dll - C:\Program Files\Timbuktu Pro\HOOK32.DLL (Netopia, Inc.)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/16 13:37:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/09/02 17:14:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lam\Menu Démarrer\Programmes\Ad-Remover
[2011/09/02 17:13:56 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover
[2011/09/02 14:22:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\lam\Recent
[2011/09/02 13:25:44 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/09/02 13:23:43 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/09/02 13:21:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lam\Application Data\Malwarebytes
[2011/09/02 13:21:25 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/09/02 13:21:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/09/02 13:21:20 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/09/02 13:21:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/01 14:44:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/08/31 22:05:24 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/08/31 19:58:47 | 000,054,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i8042prt.sys
[2011/08/31 19:57:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/08/31 19:54:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/08/31 19:54:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/08/31 19:54:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/08/31 19:54:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/08/31 19:54:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/08/31 19:52:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/31 19:52:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\lam\Menu Démarrer\Programmes\Outils d'administration
[2011/08/30 15:51:32 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/08/29 22:27:17 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011/08/29 22:27:16 | 000,000,000 | ---D | C] -- C:\rsit
[2011/08/29 22:13:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/08/29 22:10:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lam\Application Data\f-secure
[2011/08/29 22:09:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2011/08/29 21:58:56 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/08/29 21:38:18 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011/08/29 20:53:27 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.8.1
[2011/08/24 18:22:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Reimage Repair
[2011/08/24 18:22:41 | 000,000,000 | ---D | C] -- C:\rei
[2011/08/24 18:22:35 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2011/08/23 12:15:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis
[2011/08/23 12:13:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/08/22 08:56:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lam\Application Data\Skype
[2011/08/21 22:28:24 | 000,139,264 | ---- | C] (River Front Software) -- C:\WINDOWS\System32\RFNP32.dll
[2011/08/21 22:28:24 | 000,000,000 | ---D | C] -- C:\Program Files\NetDrive
[2011/08/21 22:28:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\NetDrive
[2011/08/21 20:59:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2011/08/19 16:53:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ufa
[2011/08/19 16:43:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\WinRAR
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/09/02 18:08:01 | 000,461,554 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2011/09/02 18:08:01 | 000,395,534 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/02 18:08:01 | 000,072,528 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2011/09/02 18:08:01 | 000,059,774 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/02 18:03:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/02 18:03:51 | 1341,181,952 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/02 17:14:03 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\lam\Bureau\Ad-Remover.lnk
[2011/09/02 17:11:36 | 001,563,105 | ---- | M] () -- C:\Documents and Settings\lam\Bureau\AD-R.exe
[2011/09/02 17:05:55 | 000,210,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/01 14:42:01 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/08/31 22:41:31 | 000,000,701 | ---- | M] () -- C:\Documents and Settings\lam\Bureau\ComboFix.lnk
[2011/08/31 22:05:46 | 000,001,912 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/08/31 19:57:22 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2011/08/31 18:36:47 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdrom.sys
[2011/08/31 07:46:57 | 000,054,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i8042prt.sys
[2011/08/30 20:30:21 | 000,000,286 | ---- | M] () -- C:\WINDOWS\reimage.ini
[2011/08/30 18:56:56 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\Reimage Reminder.job
[2011/08/30 15:13:02 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netbt.sys
[2011/08/30 13:50:20 | 000,075,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsec.sys
[2011/08/30 13:40:16 | 000,138,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\afd.sys
[2011/08/29 21:30:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/24 18:22:42 | 000,001,749 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\PC Scan & Repair by Reimage.lnk
[2011/08/24 17:59:47 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\scud.udf
[2011/08/24 15:36:16 | 000,185,856 | ---- | M] () -- C:\Documents and Settings\lam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/21 22:41:59 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\lam\Local Settings\Application Data\housecall.guid.cache
[2011/08/20 10:00:48 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\lam\Mes documents\Poste de travail.lnk
[2011/08/19 16:53:07 | 000,246,272 | ---- | M] () -- C:\WINDOWS\unrar.exe
[2011/08/17 17:46:54 | 000,001,552 | ---- | M] () -- C:\Documents and Settings\lam\Bureau\Usenet.nl.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/09/02 17:14:03 | 000,001,554 | ---- | C] () -- C:\Documents and Settings\lam\Bureau\Ad-Remover.lnk
[2011/09/02 17:11:36 | 001,563,105 | ---- | C] () -- C:\Documents and Settings\lam\Bureau\AD-R.exe
[2011/09/02 17:05:55 | 000,210,488 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/31 22:41:31 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\lam\Bureau\ComboFix.lnk
[2011/08/31 19:57:22 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2011/08/31 19:57:17 | 000,263,488 | RHS- | C] () -- C:\cmldr
[2011/08/31 19:54:28 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/31 19:54:28 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/31 19:54:28 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/31 19:54:28 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/31 19:54:28 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/08/29 21:43:49 | 052,390,856 | ---- | C] () -- C:\WINDOWS\System32\MRT.exe
[2011/08/29 21:33:50 | 000,001,912 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/08/24 18:23:10 | 000,000,270 | ---- | C] () -- C:\WINDOWS\tasks\Reimage Reminder.job
[2011/08/24 18:23:07 | 000,000,286 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2011/08/24 18:22:42 | 000,001,749 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\PC Scan & Repair by Reimage.lnk
[2011/08/24 17:59:47 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\scud.udf
[2011/08/24 17:16:39 | 000,401,720 | ---- | C] () -- C:\Documents and Settings\lam\Bureau\HijackThis.exe
[2011/08/21 22:41:59 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\lam\Local Settings\Application Data\housecall.guid.cache
[2011/08/21 22:28:24 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\RFHelper.dll
[2011/08/21 22:28:24 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\rfwdres.dll
[2011/08/21 22:28:24 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\rfshext.dll
[2011/08/21 22:28:24 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\rfhres.dll
[2011/08/21 22:28:24 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\rfstrres.dll
[2011/08/21 22:28:24 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\rfshres.dll
[2011/08/20 14:23:55 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Mozilla Firefox.lnk
[2011/08/20 10:00:48 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\lam\Mes documents\Poste de travail.lnk
[2011/08/19 16:43:01 | 000,246,272 | ---- | C] () -- C:\WINDOWS\unrar.exe
[2011/08/17 17:45:23 | 000,001,552 | ---- | C] () -- C:\Documents and Settings\lam\Bureau\Usenet.nl.lnk
[2010/04/24 16:09:27 | 000,000,820 | ---- | C] () -- C:\WINDOWS\disney.ini
[2009/11/28 23:45:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/11/07 12:18:26 | 000,290,816 | ---- | C] () -- C:\WINDOWS\System32\decdll.dll
[2009/09/02 21:20:19 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/06/06 17:11:18 | 000,185,856 | ---- | C] () -- C:\Documents and Settings\lam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/16 15:31:18 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009/04/16 15:31:17 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/04/16 15:31:17 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/04/16 15:31:17 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2009/04/16 15:31:17 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/04/16 15:31:17 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/04/16 15:31:17 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009/04/16 15:31:17 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2009/04/16 15:28:04 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/04/16 13:51:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tb2pro.INI
[2009/04/16 13:49:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Tb2Desk.INI
[2009/04/16 13:47:07 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/04/16 13:41:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/04/16 13:34:18 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/13 20:50:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/03/28 18:41:32 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2006/12/30 20:27:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/12/20 12:08:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/20 12:03:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/08/05 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/05 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/05 13:00:00 | 000,461,554 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat
[2004/08/05 13:00:00 | 000,395,534 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/05 13:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat
[2004/08/05 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/05 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/05 13:00:00 | 000,072,528 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat
[2004/08/05 13:00:00 | 000,059,774 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/05 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/05 13:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat
[2004/08/05 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/05 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/05 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/04/01 10:58:02 | 000,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/12/14 23:46:02 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\oggDS.dll
[2002/12/14 23:46:02 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/12/14 23:46:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/12/14 22:46:04 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/11/15 14:11:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2000/11/24 12:48:00 | 000,032,144 | ---- | C] () -- C:\WINDOWS\WAIT.EXE
========== LOP Check ==========
[2009/04/16 13:47:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\ICAClient
[2009/05/10 21:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2011/08/29 22:13:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/08/29 22:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2009/05/06 11:42:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2011/09/02 13:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lam\Application Data\Azureus
[2011/08/29 22:10:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lam\Application Data\f-secure
[2009/11/07 12:28:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lam\Application Data\FreeHDConverter
[2009/11/07 12:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lam\Application Data\FreeVideoConverter
[2010/01/24 18:33:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lam\Application Data\ICAClient
[2011/08/30 22:47:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lam\Application Data\Usenet.nl
[2009/05/26 16:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lam\Application Data\XnView
[2009/04/17 13:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LAM.CHU\Application Data\Azureus
[2009/04/17 13:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LAM.CHU\Application Data\InterVideo
[2009/04/17 13:42:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LAM.CHU\Application Data\Panasonic
[2009/04/17 13:42:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LAM.CHU\Application Data\XnView
[2011/08/30 18:56:56 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\Reimage Reminder.job
========== Purity Check ==========
< End of report >
Bonjour !
Allez on termine :
![]()
Fix OTL :[/#ff]
Relance OTL.exe.
Copie exactement le texte ci-dessous :
Colle-le dans le cadre Personnalisation en bas à gauche.
Clique sur le bouton [#ff9000]Correction[/#ff] en haut à gauche.
Si le pc te demande de redémarrer, confirme l'opération.
Un rapport après le redémarrage va apparaître, copie/colle-le dans ta prochaine réponse.
==> Désinstalle Combofix en allant dans démarrer > exécuter, en tapant combofix /u et en validant.
Si tu n'as plus de soucis :
1)
![]()
[#ff0000]Important : purge de la restauration du système[/#ff] ![]()
--> Il y a toujours des virus dans tes points de restauration. Suis ce tuto pour la purger.
N'oublie pas de créer un nouveau point de restauration une fois l'opération effectuée (en appuyant sur le bouton créer)
2)
Les menaces diverses sur Internet étant de plus en plus nombreuses, je te conseille vivement de consulter ces liens, afin de mieux te protéger sur le Net :
![]()
Les dangers du P2P (comme emule, limewire...) : http://forum.zebulon.fr/index.php?showtopic=85544
Pour télécharger gratuitement et légalement, je te conseille Beezik , qui a pour avantages :
Une meilleure qualité de son
Pas de virus !
![]()
Les dangers des cracks, des keygens : http://forum.malekal.com/danger-des-cracks-t893.html
![]()
Rappels sur les OS piratés : http://redirectingat.com/?id=1402X522807&xs=1&url=http%...
********************************
Logiciels de sécurité conseillés :
![]()
Anti-virus : Avast 6.0
![]()
Pour scanner tes fichiers : MBAM
********************************
![]()
Attention, contrairement aux idées reçues :
Ne jamais avoir deux anti-virus avec la protection en temps réelle activée, c'est la meilleure façon de créer des conflits. Plusieurs anti-virus actifs peuvent s'entraver, et, au final, le PC que l'on croyait plus sécurisé devient une vraie passoire...
Les anti-spywares ne servent à rien !!
Je te conseille fortement de ne pas installer des packs de "transformation', qui donnent par exemple l'allure de Windows Vista à un Windows XP. Ce genre de programmes posent beaucoup de problèmes !!!
Enfin, n'oublie pas que la meilleure protection de ton ordinateur, c'est toi !
3)
Si tu estimes que ton problème est résolu, ajoute [Résolu] au titre de ton sujet :
Clique, dans ton premier message, sur le bouton Editer ![]()
.
Ajoute [Résolu] devant le titre.
Clique ensuite sur Valider votre message.
Sois plus vigilant(e) sur Internet !![;)]( ";)")
A+ sur Tom's Guide![:hello:]( ":hello:")
Allez on termine :
Fix OTL :[/#ff] :OTL
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.startup.homepage: "mivolo.com"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.12.2.100006
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
[2011/08/29 22:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
:Files
C:\Documents and Settings\lam\Application Data\f-secure
:Reg
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Documents and Settings\\lam\\Local Settings\\Temp\\fsonlinescanner.exe"=-
:Commands
[purity]
[emptytemp]
[emptyflash]
[createrestorepoint]
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.startup.homepage: "mivolo.com"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.12.2.100006
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
[2011/08/29 22:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
:Files
C:\Documents and Settings\lam\Application Data\f-secure
:Reg
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Documents and Settings\\lam\\Local Settings\\Temp\\fsonlinescanner.exe"=-
:Commands
[purity]
[emptytemp]
[emptyflash]
[createrestorepoint]
==> Désinstalle Combofix en allant dans démarrer > exécuter, en tapant combofix /u et en validant.
Si tu n'as plus de soucis :
1)
[#ff0000]Important : purge de la restauration du système[/#ff] --> Il y a toujours des virus dans tes points de restauration. Suis ce tuto pour la purger.
N'oublie pas de créer un nouveau point de restauration une fois l'opération effectuée (en appuyant sur le bouton créer)
2)
[#0033ff]
![]()
Prévention ![]()
Prévention Les menaces diverses sur Internet étant de plus en plus nombreuses, je te conseille vivement de consulter ces liens, afin de mieux te protéger sur le Net :
Les dangers du P2P (comme emule, limewire...) : http://forum.zebulon.fr/index.php?showtopic=85544 Pour télécharger gratuitement et légalement, je te conseille Beezik , qui a pour avantages :
Les dangers des cracks, des keygens : http://forum.malekal.com/danger-des-cracks-t893.html Rappels sur les OS piratés : http://redirectingat.com/?id=1402X522807&xs=1&url=http%...********************************
Logiciels de sécurité conseillés :
Anti-virus : Avast 6.0 Pour scanner tes fichiers : MBAM ********************************
Attention, contrairement aux idées reçues : Enfin, n'oublie pas que la meilleure protection de ton ordinateur, c'est toi !
3)
Si tu estimes que ton problème est résolu, ajoute [Résolu] au titre de ton sujet :
.Sois plus vigilant(e) sur Internet !
A+ sur Tom's Guide
Salut,
Rapport OTL:
http://www.cijoint.fr/cjlink.php?file=cj201109/cijU7r4u...
J'ai un problème avec Combofix, quand je tape ta commande dans exécuter, il me lance combofix, me sort un rapport mais ne désinstalle rien!![:D]( ":D")
Sinon, pour la purge, je la ferai dès que ce sera ok.
Pour l'antivirus, dans votre Tuto vous ne conseillez pas AVAST, alors je fais quoi moi?![:D]( ":D")
Sinon, un GRAND MERCI pour le temps que tu m'as consacré si généreusement, ça fait vraiment plaisir, et mes plus sincères salutations à tous ceux qui font vivre ce site et aident les pauvres ignares que nous sommes!
Marino
Rapport OTL:
http://www.cijoint.fr/cjlink.php?file=cj201109/cijU7r4u...
J'ai un problème avec Combofix, quand je tape ta commande dans exécuter, il me lance combofix, me sort un rapport mais ne désinstalle rien!
Sinon, pour la purge, je la ferai dès que ce sera ok.
Pour l'antivirus, dans votre Tuto vous ne conseillez pas AVAST, alors je fais quoi moi?
Sinon, un GRAND MERCI pour le temps que tu m'as consacré si généreusement, ça fait vraiment plaisir, et mes plus sincères salutations à tous ceux qui font vivre ce site et aident les pauvres ignares que nous sommes!
Marino
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumVirus bloquant task manager et site antivirus
- ForumVirus. pc infecte bloquant les antivirus.
- ForumVirus bloquant sites microsoft antivirus
- ForumVirus bloquant site antivirus
- ForumVirus bloquant l'acces aux sites antivirus
- ForumHelp virus bloquant internet antivirus
- ForumVirus bloquant acces aux sites antivirus
- ForumVirus bloquant execution antivirus
- ForumUrgent virus bloque antivirus
- ForumVirus bloque internet et antivirus
- Voir plus
