[Réglé] PC Possédé ! Cherche exorciste sympathique ! HELP!!!

pcscope · le 14 Aoû 2010 21:02

Bonjour à tous,

Depuis hier, j'ai de sérieux problèmes...
Hier, dans la journée, à plusieurs reprises, avira antivir m'a prévenu d'infections par cheval de Troie.
A chaque fois, j'ai cliqué sur "non autoriser l'accès" puis "mettre en quarantaine".
J'ai, ensuite, fait l'examen complet .
D'abord, il m'a trouvé 4 infections mais quand j'ai voulu "tout réparer",voici ce qu'il m'a dit:

"C:/Documents and settings/famille/Application data/ohydy.exe
Vous ne disposez probablement pas des droits nécessaires ou l'accès au fichier est verrouillé.
Assurez-vous que vous possédez des droits d'administrateur pour l'action souhaitée.
Contient le cheval de Troie:TR/Krytick.DD

C'est dingue parce que je suis la seule utilisatrice de ce PC qui est le mien !!! :evil:

Depuis lors, je n'arrive plus à faire fonctionner quoi que ce soit...Je n'ai plus accès à rien ni même à internet !..

J'ai message d'alerte sur message d'alerte qui me disent:

INFILTRATION ALERT

Your computer is being attacked by an internet virus.It could be a password stealing attack, a trojan, dropper or similar.

DETAILS

Attack from 191.209.4.219, port 21029
Attacked port: 59587
Threat: Win32/Nuqel.E

Do you want to block this attack?

Si je clique YES, Il m'envoie une fameuse pub pour un antivirus payant !...
Le problème c'est que contrairement à ce que vous dites dans un autre sujet, j'ai de vrais problèmes puisque plus rien ne fonctionne...

Je vous écris depuis l'ordi d'une amie...

Je suis vraiment coincée... :cry:

Quelqu'un pourrait-il prendre ce problème en main avec moi ??

Merci d'avance. :roll:

Del-crosseur · le 14 Aoû 2010 22:10

Aiie Aiie ... tu n'a plus du tout accès a Internet tu dit ??
comment a tu fais pour attraper cela ??

Je pense qu'un reformatage serais nécessaire ; mais répond a mes question !

jeanmimigab · le 14 Aoû 2010 22:27

hello les jeunes

comment ça un formatage ????

@Pcscope,

suis cette procédure stp....
viewtopic.php?f=19&t=51456

pour transférer les logiciels et rapports, utilise une clef USB....

A l'étape N°2 pour la citation à copier/coller dans OTL, tu créer un document texte que tu copiera sur ta clef USB et que tu ouvrira une fois copier sur le bureau du pc infecté :wink:

si tu ne comprend pas certaines choses, n'hésites pas a me le dire

@++

pcscope · le 15 Aoû 2010 11:49

Merci Jeanmimigab de venir à mon secours...

Je vais essayer de suivre la procédure en passant par le mode sans échec.
Ça risque juste de prendre un peu de temps vu les manips pour passer d'un PC à l'autre... :roll:

Juste un truc, la vaccination de la clef USB avec USBFix, à l'étape 1, c'est sur le PC infecté ou sur l'autre que je dois l'effectuer?
A tout à l'heure.... :wink:

jeanmimigab · le 15 Aoû 2010 11:56

hello,

à l'étape 1, c'est sur le PC infecté ou sur l'autre que je dois l'effectuer?

a faire en priorité sur le pc sain qui est destiné à recevoir d'éventuels documents....cela fait ton pc et ta clef USB (ou DD externe) seront protégés contre une éventuelle propagation d'infections "autorun" :wink:

Je vais essayer de suivre la procédure en passant par le mode sans échec.

essais si possible de le faire en mode normal (les processus infectieux seront plus facilement visible), mais si ça pose un soucis on se contentera du mode sans échec pour le scan :wink:

Ça risque juste de prendre un peu de temps

pas de soucis, prend ton temps :wink:

pcscope · le 15 Aoû 2010 20:30

Me voilà de retour Jeanmimigab. :-?

...

Désolé pour le retard mais je n'ai pas eu accès au pc de l'amie en question cet après midi vu qu'elle était sortie...

En réalité, je n'arrive à lancer aucun programme actuellement hors du mode sans échec.

Même la clef USB pose des problèmes.
Je dois chaque fois graver un cd pour le transfert de données.
C'est la seule chose que mon PC veut bien lire.

Sinon, j'ai effectué l'analyse avec OTL, voici le rapport:

Je t'écoute pour la suite... :roll:

Merci....

Code: Tout sélectionner: OTL logfile created on: 15/07/2010 20:54:56 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = G:\Documents Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 0000080C | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy 511,00 Mb Total Physical Memory | 256,00 Mb Available Physical Memory | 50,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 85,00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37,27 Gb Total Space | 5,20 Gb Free Space | 13,94% Space Free | Partition Type: NTFS Drive D: | 23,59 Gb Total Space | 10,67 Gb Free Space | 45,22% Space Free | Partition Type: NTFS Drive E: | 13,65 Gb Total Space | 8,53 Gb Free Space | 62,45% Space Free | Partition Type: FAT32 Drive F: | 1,53 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 1,91 Gb Total Space | 1,90 Gb Free Space | 99,84% Space Free | Partition Type: FAT Drive H: | 5,49 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS I: Drive not present or media not loaded Computer Name: M Current User Name: Famille Logged in as Administrator. Current Boot Mode: SafeMode Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010/08/01 13:26:04 | 000,574,976 | ---- | M] (OldTimer Tools) -- G:\Documents\OTL.exe PRC - [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe PRC - [2006/05/11 15:41:42 | 004,231,168 | ---- | M] () -- C:\Documents and Settings\Famille\Application Data\U3\0000156499600955\LaunchPad.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010/08/01 13:26:04 | 000,574,976 | ---- | M] (OldTimer Tools) -- G:\Documents\OTL.exe MOD - [2008/04/14 04:32:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt) SRV - [2009/11/14 13:48:39 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009/08/02 21:37:45 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service) SRV - [2009/07/21 14:33:58 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009/05/13 16:47:40 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8) SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV - [2006/08/02 01:39:20 | 000,434,176 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R) SRV - [2006/08/02 01:31:22 | 000,937,984 | ---- | M] (Intel Corporation ) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R) SRV - [2006/08/02 01:24:22 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R) SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2003/07/28 21:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2003/06/20 09:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe -- (MDM) SRV - [2002/09/19 23:41:02 | 000,077,824 | ---- | M] (Computer Associates) [On_Demand | Stopped] -- C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe -- (CA_LIC_SRVR) SRV - [2002/09/19 23:29:30 | 000,053,248 | ---- | M] (Computer Associates) [Auto | Stopped] -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe -- (LogWatch) SRV - [2002/09/19 23:27:06 | 000,077,824 | ---- | M] (Computer Associates) [On_Demand | Stopped] -- C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe -- (CA_LIC_CLNT) SRV - [2001/11/12 15:31:48 | 000,020,480 | ---- | M] (X10) [On_Demand | Stopped] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\WudfPf.sys -- (WudfPf) DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\Wbutton.sys -- (Wbutton) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme) DRV - [2009/12/19 20:22:01 | 000,104,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2009/12/18 00:25:12 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV - [2009/11/25 12:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009/05/11 10:11:52 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009/03/30 10:32:47 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2009/03/27 02:16:28 | 000,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132) DRV - [2009/02/13 12:34:33 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008/08/14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs) DRV - [2008/04/13 20:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA) DRV - [2008/04/13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE) DRV - [2008/04/13 20:40:26 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc) DRV - [2007/05/23 04:21:12 | 000,016,272 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT) DRV - [2007/05/11 03:10:50 | 000,034,704 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio) DRV - [2007/03/05 06:00:04 | 000,027,792 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio) DRV - [2007/03/05 05:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr) DRV - [2007/03/05 05:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\vbtenum.sys -- (BTHidEnum) DRV - [2007/03/05 05:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr) DRV - [2007/03/05 05:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm) DRV - [2007/01/12 20:09:53 | 000,082,296 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x) DRV - [2006/08/02 02:27:48 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2006/07/10 18:19:58 | 000,027,032 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x) DRV - [2006/07/05 14:46:06 | 000,063,352 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01a.sys -- (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a) DRV - [2006/06/29 20:49:38 | 002,206,720 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Pilote de carte de connexion réseau Intel(R) DRV - [2006/06/14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) DRV - [2005/05/19 16:52:58 | 000,017,792 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\x10ufx2.sys -- (XUIF) DRV - [2005/01/14 18:14:07 | 000,047,616 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV - [2004/07/19 18:41:48 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32) DRV - [2004/07/17 22:11:26 | 000,768,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2004/07/14 02:00:26 | 000,067,968 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21) DRV - [2004/05/26 15:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2004/02/27 00:50:38 | 000,611,820 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2004/02/24 11:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS) DRV - [2004/01/20 23:56:56 | 000,077,925 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53) DRV - [2004/01/20 23:56:30 | 001,086,853 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51) DRV - [2004/01/20 23:55:34 | 000,619,369 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52) DRV - [2004/01/20 23:54:54 | 000,031,440 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt) DRV - [2003/12/05 18:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc) DRV - [2003/07/25 14:28:16 | 000,270,544 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2003/04/28 11:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\HOTKEY.sys -- (Hotkey) DRV - [2001/11/14 20:07:42 | 000,010,761 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\x10uif.sys -- (X10UIF) DRV - [2001/08/17 21:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA) [color=#E56717]========== Standard Registry (All) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "http://www.google.be/" FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.2 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.8 FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/10/25 01:48:55 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/01/24 16:56:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/28 20:34:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/24 22:09:23 | 000,000,000 | ---D | M] [2010/01/24 17:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Mozilla\Extensions [2009/08/11 21:32:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Famille\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2010/01/24 17:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Mozilla\Extensions\mozswing@mozswing.org [2010/08/12 00:36:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Mozilla\Firefox\Profiles\o5iwgn3a.default\extensions [2010/04/05 18:06:48 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Famille\Application Data\Mozilla\Firefox\Profiles\o5iwgn3a.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010/04/02 20:31:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/07/24 22:09:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010/07/24 22:09:11 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2010/07/24 22:09:11 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2010/01/24 16:56:30 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll [2010/07/24 22:09:15 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2010/07/01 22:05:31 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml [2010/07/01 22:05:31 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml [2010/07/01 22:05:31 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml [2010/07/01 22:05:31 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2010/07/01 22:05:31 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml [2010/07/01 22:05:31 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml O1 HOSTS File: ([2010/04/09 15:19:19 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Liens) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - Reg Error: Value error. File not found O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Bar] C:\Documents and Settings\Famille\Local Settings\temp\emrnocaxws.tmp (TODO: <Company name>) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe (Wistron) O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe () O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [PCMService] C:\Program Files\Home Cinema\PowerCinema\PCMService.exe (CyberLink Corp.) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.) O4 - HKLM..\Run: [qwnrpnpg] C:\Documents and Settings\Famille\Local Settings\Application Data\cocithuql\cbretmushdw.exe () O4 - HKLM..\Run: [smekmrvy] C:\Documents and Settings\Famille\Local Settings\Application Data\qnfjtgtoh\cbkswtfshdw.exe () O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe () O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Famille\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.) O4 - HKCU..\Run: [qwnrpnpg] C:\Documents and Settings\Famille\Local Settings\Application Data\cocithuql\cbretmushdw.exe () O4 - HKCU..\Run: [smekmrvy] C:\Documents and Settings\Famille\Local Settings\Application Data\qnfjtgtoh\cbkswtfshdw.exe () O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe (Nikon Corporation) O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\Famille\Menu Démarrer\Programmes\Démarrage\BTGuard Updates.lnk = C:\BTGUARD\update_check.bat () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc.cab (Office Update Installation Engine) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1092937461363 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll () O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: TaskMan - (C:\Documents and Settings\Famille\Application Data\ohydy.exe) - C:\Documents and Settings\Famille\Application Data\ohydy.exe File not found O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Pré-chargeur Browseui - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Démon de cache des catégories de composant - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (Ma page d'accueil) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Famille\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Famille\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/09/19 15:07:07 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010/08/01 18:51:00 | 000,000,000 | RHSD | M] - G:\Autorun.inf -- [ FAT ] O32 - AutoRun File - [2006/05/12 00:13:39 | 000,000,279 | R--- | M] () - H:\autorun.inf -- [ CDFS ] O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- [2006/04/19 00:33:36 | 000,950,272 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010/08/10 23:06:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Famille\Bureau\Photos Houcine [2010/07/24 01:41:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Famille\Local Settings\Application Data\Temp [2010/07/24 01:40:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Famille\Local Settings\Application Data\Deployment [2010/07/15 19:13:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Famille\Bureau\U3 Décompressé [2010/07/15 02:14:05 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe [2010/07/14 21:59:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Famille\Mes documents\AFFAIRE VIRUS 14 JUILLET 2010 [2010/07/14 11:53:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Famille\Local Settings\Application Data\cocithuql [2010/07/14 11:52:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Famille\Local Settings\Application Data\qnfjtgtoh [2010/07/14 11:51:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Famille\Local Settings\Application Data\Windows Server [2010/07/14 11:51:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Famille\Application Data\FC060DD4AD4DF8393EF80351F39E6F79 [2010/07/13 19:19:03 | 000,000,000 | ---D | C] -- C:\Program Files\DVDFab 7 [2010/07/13 19:16:57 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Famille\Application Data\inst.exe [2010/07/13 19:16:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Famille\Mes documents\PcSetup [2010/07/13 15:01:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Famille\Mes documents\DVDFab [2004/01/01 17:10:25 | 000,135,168 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll [172 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010/08/12 10:46:03 | 000,001,154 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2917347797-3027105718-829246846-1008UA.job [2010/08/12 03:46:55 | 002,127,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/08/12 03:24:09 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/08/12 03:17:37 | 001,099,590 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/08/12 03:17:37 | 000,529,198 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat [2010/08/12 03:17:37 | 000,437,284 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/08/12 03:17:37 | 000,092,700 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat [2010/08/12 03:17:37 | 000,070,604 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/08/12 01:46:01 | 000,001,102 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2917347797-3027105718-829246846-1008Core.job [2010/08/11 15:52:35 | 000,002,321 | ---- | M] () -- C:\Documents and Settings\Famille\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2010/08/11 15:52:34 | 000,002,343 | ---- | M] () -- C:\Documents and Settings\Famille\Bureau\Google Chrome.lnk [2010/07/30 23:03:12 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\wavepadDowngrade.job [2010/07/29 11:00:05 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2010/07/27 08:30:01 | 008,518,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll [2010/07/26 18:45:33 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\Famille\Application Data\inst.exe [2010/07/26 18:45:32 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Famille\Application Data\pcouffin.sys [2010/07/26 18:45:32 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\Famille\Application Data\pcouffin.cat [2010/07/26 18:45:32 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\Famille\Application Data\pcouffin.inf [2010/07/15 20:29:01 | 000,021,082 | ---- | M] () -- C:\Documents and Settings\Famille\Application Data\wklnhst.dat [2010/07/15 12:09:57 | 000,000,697 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk [2010/07/15 12:09:54 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2010/07/15 12:06:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/07/15 12:03:50 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/07/15 01:14:28 | 008,650,752 | ---- | M] () -- C:\Documents and Settings\Famille\NTUSER.DAT [2010/07/15 01:14:28 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Famille\ntuser.ini [2010/07/14 22:31:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/07/14 19:03:29 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010/07/12 20:55:27 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\switchShakeIcon.job [2010/07/12 19:30:51 | 000,045,568 | ---- | M] () -- C:\Documents and Settings\Famille\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/07/07 22:55:39 | 000,000,155 | ---- | M] () -- C:\WINDOWS\winamp.ini [2010/07/02 21:13:57 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job [2010/07/02 15:04:16 | 000,000,899 | ---- | M] () -- C:\Documents and Settings\Famille\Bureau\Adobe Photoshop CS4 (2).lnk [2010/06/30 14:32:14 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schannel.dll [2010/06/24 14:17:24 | 006,067,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll [2010/06/24 14:17:24 | 003,600,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2010/06/24 14:17:24 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl [2010/06/24 14:17:24 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl [2010/06/24 14:17:24 | 001,168,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll [2010/06/24 14:17:24 | 000,832,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll [2010/06/24 14:17:24 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll [2010/06/24 14:17:24 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll [2010/06/24 14:17:24 | 000,477,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll [2010/06/24 14:17:24 | 000,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll [2010/06/24 14:17:24 | 000,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll [2010/06/24 14:17:24 | 000,268,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll [2010/06/24 14:17:24 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\webcheck.dll [2010/06/24 14:17:24 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll [2010/06/24 14:17:24 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll [2010/06/24 14:17:24 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll [2010/06/24 14:17:24 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll [2010/06/24 14:17:24 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll [2010/06/24 14:17:24 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll [2010/06/24 14:17:24 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll [2010/06/24 14:17:24 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll [2010/06/24 14:17:24 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll [2010/06/24 14:17:24 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll [2010/06/24 14:17:24 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll [2010/06/24 14:17:24 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iernonce.dll [2010/06/24 14:17:24 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iernonce.dll [2010/06/24 14:17:24 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll [2010/06/24 14:17:24 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll [2010/06/24 14:17:23 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll [2010/06/24 14:17:23 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll [2010/06/24 14:17:23 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dll [2010/06/24 14:17:23 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll [2010/06/24 14:17:23 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll [2010/06/24 14:17:23 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll [2010/06/24 14:17:23 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieaksie.dll [2010/06/24 14:17:23 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieaksie.dll [2010/06/24 14:17:23 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll [2010/06/24 14:17:23 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll [2010/06/24 14:17:23 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakeng.dll [2010/06/24 14:17:23 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakeng.dll [2010/06/24 14:17:23 | 000,133,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll [2010/06/24 14:17:23 | 000,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll [2010/06/24 14:17:23 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll [2010/06/24 14:17:23 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll [2010/06/24 14:17:23 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll [2010/06/24 14:17:23 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll [2010/06/24 14:17:23 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll [2010/06/24 11:02:32 | 001,852,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys [2010/06/24 11:02:32 | 001,852,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys [2010/06/23 14:08:07 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec [2010/06/23 14:06:51 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe [2010/06/23 14:06:51 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe [2010/06/23 14:06:51 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieudinit.exe [2010/06/23 14:06:51 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe [2010/06/21 17:27:11 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys [2010/06/18 15:36:12 | 003,558,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe [2010/06/17 17:12:57 | 000,634,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe [2010/06/17 17:11:25 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakui.dll [2010/06/17 17:11:25 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakui.dll [2010/06/17 16:03:10 | 000,080,384 | ---- | M] (Radius Inc.) -- C:\WINDOWS\System32\iccvid.dll [172 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010/07/24 01:44:00 | 000,002,343 | ---- | C] () -- C:\Documents and Settings\Famille\Bureau\Google Chrome.lnk [2010/07/24 01:44:00 | 000,002,321 | ---- | C] () -- C:\Documents and Settings\Famille\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2010/07/24 01:41:05 | 000,001,154 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2917347797-3027105718-829246846-1008UA.job [2010/07/24 01:41:04 | 000,001,102 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2917347797-3027105718-829246846-1008Core.job [2010/07/15 19:13:34 | 000,110,592 | ---- | C] () -- C:\Documents and Settings\Famille\Bureau\cleanup.exe [2010/07/15 12:09:57 | 000,000,697 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk [2010/07/12 20:55:26 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\switchShakeIcon.job [2010/07/02 21:13:56 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job [2010/07/02 15:04:16 | 000,000,899 | ---- | C] () -- C:\Documents and Settings\Famille\Bureau\Adobe Photoshop CS4 (2).lnk [2010/01/28 14:36:32 | 000,000,067 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI [2009/10/23 15:17:48 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009/10/23 15:17:48 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009/10/21 11:59:30 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2009/08/26 15:17:21 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5m.DLL [2009/08/10 21:03:27 | 000,005,606 | R--- | C] () -- C:\WINDOWS\System32\stci.dll [2009/01/03 17:36:27 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI [2008/05/26 23:23:32 | 000,016,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2008/05/26 23:23:30 | 000,021,596 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2008/05/26 23:23:28 | 000,016,036 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2007/03/26 22:25:56 | 000,002,210 | ---- | C] () -- C:\WINDOWS\coolmp3.ini [2006/09/17 16:07:08 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\dprsx.dll [2006/09/17 16:07:08 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\gpvbd.dll [2006/09/17 16:07:08 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\AuthDVD.DLL [2006/07/28 23:46:28 | 000,000,029 | ---- | C] () -- C:\WINDOWS\coolacm.ini [2006/07/28 20:33:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\COOLSYS.INI [2006/07/28 20:33:19 | 000,000,027 | ---- | C] () -- C:\WINDOWS\winzip32.ini [2006/07/28 20:33:16 | 000,010,677 | ---- | C] () -- C:\WINDOWS\coolkb2k.ini [2006/07/28 20:30:00 | 000,009,973 | ---- | C] () -- C:\WINDOWS\COOL.INI [2005/04/11 23:11:13 | 000,011,270 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2005/02/27 19:10:30 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll [2005/02/27 19:10:30 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll [2005/01/08 12:46:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI [2004/12/20 11:08:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2004/12/20 11:03:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2004/12/05 23:50:53 | 000,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini [2004/10/28 15:41:23 | 000,001,557 | ---- | C] () -- C:\WINDOWS\wincmd.ini [2004/10/27 18:10:59 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\mpcsys.sys.bak [2004/09/19 16:53:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2004/09/19 14:48:06 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2004/09/01 17:49:17 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll [2004/08/20 12:30:23 | 000,000,047 | ---- | C] () -- C:\WINDOWS\InoSetup.ini [2004/08/19 23:58:38 | 000,000,820 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2004/08/19 20:45:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI [2004/08/19 19:30:37 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2004/08/19 17:37:22 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2004/08/19 17:08:35 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll [2004/08/19 17:06:44 | 000,009,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\HOTKEY.sys [2004/08/19 17:00:20 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2004/08/19 15:56:42 | 000,000,829 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004/08/19 15:44:08 | 000,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2004/01/14 07:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll [2004/01/01 17:10:25 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll [2004/01/01 17:03:46 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll [2004/01/01 16:54:45 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [2003/06/20 09:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\mdm.exe [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2009/01/05 11:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys [2009/01/05 11:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys [2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys [2004/08/04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\AGP440.SYS [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2009/01/05 11:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys [2009/01/05 11:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2004/08/05 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys [2009/01/05 11:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:cdrom.sys [2009/01/05 11:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys [2008/04/13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys [2008/04/13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [2004/08/05 14:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys [color=#A23BEC]< MD5 for: CHANGER.SYS >[/color] [2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys [2009/01/05 11:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys [2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:Changer.sys [2009/01/05 11:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys [2008/04/13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys [2008/04/13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\system32\dllcache\changer.sys [2008/04/13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\system32\drivers\changer.sys [color=#A23BEC]< MD5 for: DISK.SYS >[/color] [2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys [2009/01/05 11:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys [2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:disk.sys [2009/01/05 11:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys [2004/08/05 14:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys [2008/04/13 20:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys [2008/04/13 20:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2004/08/05 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ERDNT\cache\eventlog.dll [2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2008/04/13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys [2008/04/13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys [2008/04/13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [2004/08/05 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys [color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color] [2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ERDNT\cache\netlogon.dll [2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll [2004/08/05 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [color=#A23BEC]< MD5 for: RASACD.SYS >[/color] [2004/08/05 14:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\dllcache\rasacd.sys [2004/08/05 14:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\drivers\rasacd.sys [color=#A23BEC]< MD5 for: RDPWD.SYS >[/color] [2005/06/10 06:06:01 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=047BEA21274C8A4A233674A76C958C2C -- C:\WINDOWS\$hf_mig$\KB899591\SP2QFE\rdpwd.sys [2008/04/14 04:34:54 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\ServicePackFiles\i386\rdpwd.sys [2008/04/14 04:34:54 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\system32\dllcache\rdpwd.sys [2008/04/14 04:34:54 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\system32\drivers\RDPWD.sys [2005/06/10 06:11:22 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=B54CD38A9EBFBF2B3561426E3FE26F62 -- C:\WINDOWS\$NtServicePackUninstall$\rdpwd.sys [color=#A23BEC]< MD5 for: SCECLI.DLL >[/color] [2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ERDNT\cache\scecli.dll [2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll [2004/08/05 14:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll [color=#A23BEC]< MD5 for: SFLOPPY.SYS >[/color] [2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Sfloppy.sys [2009/01/05 11:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Sfloppy.sys [2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:Sfloppy.sys [2009/01/05 11:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Sfloppy.sys [2004/08/05 14:00:00 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=0D13B6DF6E9E101013A7AFB0CE629FE0 -- C:\WINDOWS\$NtServicePackUninstall$\sfloppy.sys [2008/04/13 20:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\ServicePackFiles\i386\sfloppy.sys [2008/04/13 20:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\system32\dllcache\sfloppy.sys [2008/04/13 20:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\system32\drivers\sfloppy.sys [color=#A23BEC]< MD5 for: SPLITTER.SYS >[/color] [2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:splitter.sys [2009/01/05 11:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:splitter.sys [2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:splitter.sys [2009/01/05 11:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:splitter.sys [2006/06/14 10:47:46 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=0CE218578FFF5F4F7E4201539C45C78F -- C:\WINDOWS\$NtServicePackUninstall$\splitter.sys [2006/06/14 10:50:19 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=9BB1DD670CB7505A90FC4E61D4AA8227 -- C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\splitter.sys [2008/04/13 20:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\ServicePackFiles\i386\splitter.sys [2008/04/13 20:45:08 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\system32\dllcache\splitter.sys [2008/04/13 20:45:08 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\system32\drivers\splitter.sys [color=#A23BEC]< MD5 for: SWMIDI.SYS >[/color] [2009/01/05 11:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:swmidi.sys [2009/01/05 11:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:swmidi.sys [2008/04/13 20:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\ServicePackFiles\i386\swmidi.sys [2008/04/13 20:45:10 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\system32\dllcache\swmidi.sys [2008/04/13 20:45:10 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\system32\drivers\swmidi.sys [2001/08/17 22:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) MD5=94ABC808FC4B6D7D2BBF42B85E25BB4D -- C:\WINDOWS\$NtServicePackUninstall$\swmidi.sys [color=#A23BEC]< MD5 for: TDPIPE.SYS >[/color] [2004/08/05 14:00:00 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=38D437CF2D98965F239B0ABCD66DCB0F -- C:\WINDOWS\$NtServicePackUninstall$\tdpipe.sys [2008/04/14 04:34:52 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\ServicePackFiles\i386\tdpipe.sys [2008/04/14 04:34:52 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\system32\dllcache\tdpipe.sys [2008/04/14 04:34:52 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\system32\drivers\TDPIPE.sys [color=#A23BEC]< MD5 for: TDTCP.SYS >[/color] [2008/04/14 04:34:53 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\ServicePackFiles\i386\tdtcp.sys [2008/04/14 04:34:53 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\system32\dllcache\tdtcp.sys [2008/04/14 04:34:53 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\system32\drivers\tdtcp.sys [2004/08/05 14:00:00 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=ED0580AF02502D00AD8C4C066B156BE9 -- C:\WINDOWS\$NtServicePackUninstall$\tdtcp.sys [color=#A23BEC]< MD5 for: USBPRINT.SYS >[/color] [2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbprint.sys [2009/01/05 11:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbprint.sys [2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:usbprint.sys [2009/01/05 11:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbprint.sys [2008/04/13 20:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\ServicePackFiles\i386\usbprint.sys [2008/04/13 19:47:38 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\system32\dllcache\usbprint.sys [2008/04/13 19:47:38 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\system32\drivers\usbprint.sys [color=#A23BEC]< MD5 for: USBSCAN.SYS >[/color] [2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbscan.sys [2009/01/05 11:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbscan.sys [2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:usbscan.sys [2009/01/05 11:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbscan.sys [2008/04/13 20:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\ServicePackFiles\i386\usbscan.sys [2008/04/13 20:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\system32\dllcache\usbscan.sys [2008/04/13 20:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\system32\drivers\usbscan.sys [2004/08/03 23:58:46 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A6BC71402F4F7DD5B77FD7F4A8DDBA85 -- C:\WINDOWS\$NtServicePackUninstall$\usbscan.sys [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] < End of report >

jeanmimigab · le 15 Aoû 2010 20:42

wow, tu es méchamment infecté, je te prépare un script OTL et une liste de tool dont nous auront besoin et que tu graveras sur un CD (ça évitera que tu en grave un boite complète :lol:

)

@++

pcscope · le 15 Aoû 2010 20:52

Bein ouais... :cry:

Merci de ta compréhension...

A très + :-?

jeanmimigab · le 15 Aoû 2010 21:54

ok, c'est partis

le dropper de l'infection c'est installé au moment où tu as installé DVDFab7 le 13 juillet

Première étape: création du CD

Commence par télécharger tous ces outils/programmes...

Rkill COM http://download.bleepingcomputer.com/grinler/rkill.com
WinsockXPFix http://www.snapfiles.com/download/dlwinsockxpfix.html
Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Antivir http://dlce.antivir.com/down/windows/an ... u_fr_h.exe

ensuite...
copier et colle le contenu de cette citation ci-dessous dans un document.txt que tu graveras sur ton CD.

:Files
C:\Documents and Settings\Famille\Application Data\inst.exe
C:\Documents and Settings\Famille\Local Settings\temp\emrnocaxws.tmp
C:\Documents and Settings\Famille\Local Settings\Application Data\cocithuql\cbretmushdw.exe
C:\Documents and Settings\Famille\Local Settings\Application Data\qnfjtgtoh\cbkswtfshdw.exe
C:\Documents and Settings\Famille\Local Settings\Application Data\cocithuql\cbretmushdw.exe
C:\Documents and Settings\Famille\Local Settings\Application Data\qnfjtgtoh\cbkswtfshdw.exe
C:\Documents and Settings\Famille\Local Settings\Application Data\cocithuql
C:\Documents and Settings\Famille\Local Settings\Application Data\qnfjtgtoh
C:\mdm.exe

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
O4 - HKLM\..\Run: [Bar] C:\Documents and Settings\Famille\Local Settings\temp\emrnocaxws.tmp (TODO: <Company name>)
O4 - HKLM\..\Run: [qwnrpnpg] C:\Documents and Settings\Famille\Local Settings\Application Data\cocithuql\cbretmushdw.exe ()
O4 - HKLM\..\Run: [smekmrvy] C:\Documents and Settings\Famille\Local Settings\Application Data\qnfjtgtoh\cbkswtfshdw.exe ()
O4 - HKCU\..\Run: [qwnrpnpg] C:\Documents and Settings\Famille\Local Settings\Application Data\cocithuql\cbretmushdw.exe ()
O4 - HKCU\..\Run: [smekmrvy] C:\Documents and Settings\Famille\Local Settings\Application Data\qnfjtgtoh\cbkswtfshdw.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\msdaipp - No CLSID value found
O20 - HKLM Winlogon: TaskMan - (C:\Documents and Settings\Famille\Application Data\ohydy.exe) - C:\Documents and Settings\Famille\Application Data\ohydy.exe File not found
O32 - AutoRun File - [2004/09/19 15:07:07 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/08/01 18:51:00 | 000,000,000 | RHSD | M] - G:\Autorun.inf -- [ FAT ]
O32 - AutoRun File - [2006/05/12 00:13:39 | 000,000,279 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\H\Shell - "" = AutoRun

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"UserInit"="C:\WINDOWS\system32\userinit.exe,"

:commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
[clearallrestorepoints]
[createrestorepoint]
[reboot]

suite de la procédure:

copier le contenu du CD sur le bureau du pc infecté et retire le CD du lecteur.

Déconnecte "physiquement" (débranche le cable réseaux ou désactive le wifi)

Ensuite a faire impérativement dans l'ordre....

1. fais un double sur RKill.com pour le lancer, Une fenêtre (très rapide) indiquera que tout s'est bien déroulé.

2. ouvre le document.txt dans lequel tu as copié le script OTL...

3.fais cela...

* Fais un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal" soit cochée.

* Copies et colles le contenue du document.txt que tu as crées et ouvert dans la partie inférieure d'OTL "Personnalisation"

* Cliques sur l'icône "Correction" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un rapport va s'ouvrir "OTL.Txt" , enregistre le sur ton bureau.
* le pc risque de redémarrer, laisse faire OTL....

Fais un double-clic sur l'icône de combofix et suis les instructions....

à la fin du scan combofix, enregistre le rapport combofix.txt sur ton bureau....

4. -Fais un double-clic sur l'icône de WinsockFix.exe
- Clique sur le bouton " Fix"
- Redémarre ton PC et réessaie ta connexion internet.

Reconnecte ton pc à internet (par câble ou wifi) ,et dit moi si tu as récupérer ta connexion internet sur ce PC :wink:

bon courage

pcscope · le 16 Aoû 2010 12:58

Voilà les nouvelles : Ça a été un vrai calvaire rien que pour transmettre les fichiers et programmes d'une machine à l'autre :evil:

mais ça avance...

J'ai scrupuleusement suivi tes instructions et te communique les rapports.
Voici la situation:

1 : Je n'ai plus de messages intempestifs d'infection ni de proposition d'achat d'antivirus payant.
Le système est beaucoup plus stable.Plus de fenêtres pop up...

2 : Je peux atteindre et mettre en route les différents programmes (word; windows media player; power dvd ...)
Il est possible maintenant d'installer ou désinstaller des programmes.Antivir fonctionne...et tout ça en mode normal !

Seule ombre au tableau: Si la connexion internet se fait (ordinateur en ligne), impossible d'ouvrir quelque page que ce soit. Ni via mozilla ni via google. Internet explorer semble ne pas être sorti indemne. Antivir non plus n'arrive pas à se mettre à jour.

Voilà le message qui s'indique sur la page:
"La connexion a été refusée par le serveur proxy
Firefox est configuré pour utiliser un serveur proxy mais celui-ci n'accepte pas les connexions."

A titre d'information, OTL m'a fait remarquer que mon horloge était erronée d'un mois (juillet au lieu d'aout).J'ai fait la correction(l'infection pourrait donc être plus récente que tu le pensais...
Ceci dit, l'installation de dvdfab date bien d' il y a un mois. Je l'avais désinstallé presque instantanément suite à des problèmes....

J'attends de tes nouvelles mais quoi qu'il en soit déjà un grand merci pour la route effectuée !....

On revient de loin. :roll:

Code: Tout sélectionner: All processes killed ========== FILES ========== C:\Documents and Settings\Famille\Application Data\inst.exe moved successfully. C:\Documents and Settings\Famille\Local Settings\temp\emrnocaxws.tmp moved successfully. C:\Documents and Settings\Famille\Local Settings\Application Data\cocithuql\cbretmushdw.exe moved successfully. C:\Documents and Settings\Famille\Local Settings\Application Data\qnfjtgtoh\cbkswtfshdw.exe moved successfully. File\Folder C:\Documents and Settings\Famille\Local Settings\Application Data\cocithuql\cbretmushdw.exe not found. File\Folder C:\Documents and Settings\Famille\Local Settings\Application Data\qnfjtgtoh\cbkswtfshdw.exe not found. C:\Documents and Settings\Famille\Local Settings\Application Data\cocithuql folder moved successfully. C:\Documents and Settings\Famille\Local Settings\Application Data\qnfjtgtoh folder moved successfully. C:\mdm.exe moved successfully. ========== OTL ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Security Risk Page| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Page_Transitions| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultName| /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found. File C:\Documents and Settings\Famille\Local Settings\temp\emrnocaxws.tmp not found. Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found. File C:\Documents and Settings\Famille\Local Settings\Application Data\cocithuql\cbretmushdw.exe not found. Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found. File C:\Documents and Settings\Famille\Local Settings\Application Data\qnfjtgtoh\cbkswtfshdw.exe not found. Registry key HKEY_CURRENT_USER\\Software\Microsoft\Windows\CurrentVersion\Run not found. File C:\Documents and Settings\Famille\Local Settings\Application Data\cocithuql\cbretmushdw.exe not found. Registry key HKEY_CURRENT_USER\\Software\Microsoft\Windows\CurrentVersion\Run not found. File C:\Documents and Settings\Famille\Local Settings\Application Data\qnfjtgtoh\cbkswtfshdw.exe not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully. Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ deleted successfully. File Protocol\Handler\ipp - No CLSID value found not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully. File Protocol\Handler\msdaipp - No CLSID value found not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\TaskMan:C:\Documents and Settings\Famille\Application Data\ohydy.exe deleted successfully. C:\AUTOEXEC.BAT moved successfully. File not found. File H:\autorun.inf not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully. ========== REGISTRY ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\"UserInit"|"C:\WINDOWS\system32\userinit.exe," /E : value set successfully! ========== COMMANDS ========== [EMPTYTEMP] User: Administrateur ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: All Users

Rapport Combo fix

Code: Tout sélectionner: ComboFix 10-08-15.01 - Famille 16/08/2010 11:43:05.5.1 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.32.1036.18.511.46 [GMT 2:00] Lancé depuis: c:\documents and settings\Famille\Bureau\Outils pour désinfect\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Famille\Local Settings\Application Data\Windows Server c:\documents and settings\Famille\Local Settings\Application Data\Windows Server\admin.txt c:\documents and settings\Famille\Local Settings\Application Data\Windows Server\flags.ini c:\documents and settings\Famille\Local Settings\Application Data\Windows Server\server.dat c:\documents and settings\Famille\Local Settings\Application Data\Windows Server\uses32.dat c:\documents and settings\Famille\Recent\Thumbs.db c:\windows\system\Color Une copie infectée de c:\windows\explorer.exe a été trouvée et désinfectée Copie restaurée à partir de - c:\windows\ERDNT\cache\explorer.exe Une copie infectée de c:\windows\system32\winlogon.exe a été trouvée et désinfectée Copie restaurée à partir de - c:\windows\ERDNT\cache\winlogon.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2010-07-16 au 2010-08-16 )))))))))))))))))))))))))))))))))))) . 2010-07-23 23:41 . 2010-08-11 13:50 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\Temp 2010-07-23 23:40 . 2010-07-23 23:40 -------- d-----w- c:\documents and settings\Famille\Local Settings\Application Data\Deployment . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-12 01:17 . 2004-08-19 21:58 92700 ----a-w- c:\windows\system32\perfc00C.dat 2010-08-12 01:17 . 2004-08-19 21:58 529198 ----a-w- c:\windows\system32\perfh00C.dat 2010-07-26 16:45 . 2010-07-13 17:19 -------- d-----w- c:\program files\DVDFab 7 2010-07-26 16:45 . 2009-10-23 12:31 -------- d-----w- c:\documents and settings\Famille\Application Data\Vso 2010-07-26 16:45 . 2009-10-23 12:31 47360 ----a-w- c:\documents and settings\Famille\Application Data\pcouffin.sys 2010-07-21 22:55 . 2010-01-24 15:02 -------- d-----w- c:\documents and settings\Famille\Application Data\LimeWire 2010-07-16 09:23 . 2004-10-27 15:54 21260 ----a-w- c:\documents and settings\Famille\Application Data\wklnhst.dat 2010-07-15 11:43 . 2005-04-11 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink 2010-07-15 10:09 . 2010-03-02 16:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-14 09:52 . 2010-07-14 09:51 -------- d-----w- c:\documents and settings\Famille\Application Data\FC060DD4AD4DF8393EF80351F39E6F79 2010-07-13 17:19 . 2009-10-23 12:31 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys 2010-07-13 17:17 . 2010-01-28 12:59 -------- d-----w- c:\program files\DVDFab 6 2010-06-30 12:32 . 2004-08-19 21:57 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-24 12:17 . 2004-08-19 21:58 832512 ----a-w- c:\windows\system32\wininet.dll 2010-06-24 12:17 . 2004-08-19 21:57 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-06-24 12:17 . 2004-08-19 21:57 17408 ----a-w- c:\windows\system32\corpol.dll 2010-06-24 09:02 . 2004-08-19 21:58 1852032 ----a-w- c:\windows\system32\win32k.sys 2010-06-21 15:27 . 2004-08-19 21:58 354304 ----a-w- c:\windows\system32\drivers\srv.sys 2010-06-17 14:03 . 2004-08-19 21:57 80384 ----a-w- c:\windows\system32\iccvid.dll 2010-06-14 07:42 . 2004-08-19 21:57 1172480 ----a-w- c:\windows\system32\msxml3.dll 2010-05-21 12:14 . 2009-10-17 13:37 221568 ------w- c:\windows\system32\MpSigStub.exe 2009-11-18 18:19 . 2009-11-18 18:13 2693555 ----a-w- c:\program files\btguard-1-00.exe 2005-04-09 13:17 . 2005-04-09 13:17 1573 ----a-w- c:\program files\qsetup.html 2006-08-03 22:22 . 2005-04-11 21:11 11270 --sha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288] "Google Update"="c:\documents and settings\Famille\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-07-23 136176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2004-02-26 65024] "LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2004-08-06 32768] "HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2004-07-26 49152] "CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480] "LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2004-07-26 204800] "Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2004-08-06 73728] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-07-25 110592] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-07-25 618496] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-17 339968] "PCMService"="c:\program files\Home Cinema\PowerCinema\PCMService.exe" [2004-09-09 81920] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-08-11 282624] "SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816] "AdobeCS4ServiceManager"="c:\program files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-24 149280] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 1848648] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264] c:\documents and settings\Famille\Menu D‚marrer\Programmes\D‚marrage\ BTGuard Updates.lnk - c:\btguard\update_check.bat [2009-5-1 60] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696] NkvMon.exe.lnk - c:\program files\Nikon\NkView6\NkvMon.exe [2009-12-23 233472] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmjb.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Tiscali\\Tiscali Internet\\Tiscali Inet.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\BTGUARD\\uTorrent.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Fichiers communs\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\Bluetooth\\BlueSoleil\\BlueSoleil.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:*:Disabled:Adobe CSI CS4 "19129:TCP"= 19129:TCP:UTorrent R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5/07/2006 14:46 63352] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [3/03/2010 1:37 108289] S3 CA_LIC_CLNT;Client de licence CA;c:\program files\CA\SharedComponents\CA_LIC\lic98rmt.exe [19/09/2002 23:27 77824] S3 CA_LIC_SRVR;Serveur de licence CA;c:\program files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [19/09/2002 23:41 77824] S3 MEMSWEEP2;MEMSWEEP2; [x] . Contenu du dossier 'Tâches planifiées' 2010-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2917347797-3027105718-829246846-1008Core.job - c:\documents and settings\Famille\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-23 23:40] 2010-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2917347797-3027105718-829246846-1008UA.job - c:\documents and settings\Famille\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-23 23:40] 2010-08-16 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20] 2010-07-12 c:\windows\Tasks\switchShakeIcon.job - c:\program files\NCH Swift Sound\Switch\switch.exe [2010-03-23 13:23] 2010-07-30 c:\windows\Tasks\wavepadDowngrade.job - c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-03-23 13:24] 2010-07-02 c:\windows\Tasks\wavepadShakeIcon.job - c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-03-23 13:24] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.be/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = http=127.0.0.1:6522 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: &eBay Search IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: Translate this web page with Babylon IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm FF - ProfilePath - c:\documents and settings\Famille\Application Data\Mozilla\Firefox\Profiles\o5iwgn3a.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon) FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - plugin: c:\documents and settings\Famille\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\utilitaires\RealPlayer8\Netscape6\nppl3260.dll FF - plugin: c:\utilitaires\RealPlayer8\Netscape6\nprjplug.dll FF - plugin: c:\utilitaires\RealPlayer8\Netscape6\nprpjplug.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-smekmrvy - c:\documents and settings\Famille\Local Settings\Application Data\qnfjtgtoh\cbkswtfshdw.exe HKCU-Run-qwnrpnpg - c:\documents and settings\Famille\Local Settings\Application Data\cocithuql\cbretmushdw.exe HKLM-Run-smekmrvy - c:\documents and settings\Famille\Local Settings\Application Data\qnfjtgtoh\cbkswtfshdw.exe HKLM-Run-qwnrpnpg - c:\documents and settings\Famille\Local Settings\Application Data\cocithuql\cbretmushdw.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-16 11:57 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-2917347797-3027105718-829246846-1008\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(3968) c:\windows\system32\eappprxy.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\program files\Fichiers communs\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Windows Defender\MsMpEng.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\windows\system32\SearchIndexer.exe c:\program files\Canon\CAL\CALMAIN.exe c:\program files\Windows Media Player\WMPNetwk.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\wscntfy.exe c:\windows\SOUNDMAN.EXE . ************************************************************************** . Heure de fin: 2010-08-16 12:12:02 - La machine a redémarré ComboFix-quarantined-files.txt 2010-08-16 10:11 Avant-CF: 8.482.287.616 octets libres Après-CF: 8.471.117.824 octets libres - - End Of File - - 5AF45F50B91525B1C5623D7EF850ABC5

A très +

jeanmimigab · le 16 Aoû 2010 13:44

c'est déjà mieux !

on va essayer de réparer ta connexion avant de poursuivre pour que ça soit plus pratique... :wink:

Fais cela stp...

o Dans Firefox Menu "outils" > "options".
o Cliques sur en haut à droite sur "Avancé" > "onglet "réseau" > à la rubrique "connexions",cliques sur paramètres.
o Vérifie que "pas de proxy" soit bien cochée.
o Fermes les fenêtre en cliquant sur "OK".

ensuite...

o Ouvres Internet Explorer,cliques sur le menu "Outils" > "Options Internet".
o A l'onglet "Connexions" > cliques en bas à droite sur "paramètres réseaux".
o Si la case "utiliser un serveur proxi pour votre réseau local" est cochée,décoches la...
o Quittes les fenêtre par "OK" et "Appliquer".

Redémarre l'ordinateur

ensuite si toujours des problèmes...relance WinsokXPFix et redémarre à nouveau ton ordinateur...

dit moi si il y a du mieux après tout ça :wink:

pcscope · le 16 Aoû 2010 14:21

WAOW !!!

!!!!Ça marche !!!

T'es un as !!!

Si tu savais comme ça me fait plaisir.....

Je n'ai pas eu à réutiliser WinsokXPFix.

Antivir s'est mis aussi à jour.... :wink:

Que penses tu que je dois faire maintenant ?

jeanmimigab · le 16 Aoû 2010 15:19

doucement, j'ai mal aux cheville là :lol:

c'est cool :wink:

refait un scan OTL comme tu l'as fais la première fois et poste le rapport car il reste des crasses

est ce que tes ports USB re-fonctionnent ?

pcscope · le 16 Aoû 2010 16:31

Désolé pour tes chevilles... chacun son talon d'achille ! :lol:

Sinon l'analyse OTL, en rapport standard ?

Avec ou sans script de personnalisation ? :wink:

jeanmimigab · le 16 Aoû 2010 16:35

pcscope a écrit:Désolé pour tes chevilles... chacun son talon d'achille !

Sinon l'analyse OTL, en rapport standard ?

Avec ou sans script de personnalisation ?

Avec le script, exactement comme tu l'as fais la première fois en suivant la procédure :wink:

viewtopic.php?f=19&t=51456

[Réglé] PC Possédé ! Cherche exorciste sympathique ! HELP!!!

[Réglé] PC Possédé ! Cherche exorciste sympathique ! HELP!!!

Re: ** PC Possédé ! Cherche exorciste sympathique ! HELP!!!*

Re: ** PC Possédé ! Cherche exorciste sympathique ! HELP!!!*

Re: ** PC Possédé ! Cherche exorciste sympathique ! HELP!!!*

Re: ** PC Possédé ! Cherche exorciste sympathique ! HELP!!!*

Re: ** PC Possédé ! Cherche exorciste sympathique ! HELP!!!*

Re: ** PC Possédé ! Cherche exorciste sympathique ! HELP!!!*

Re: ** PC Possédé ! Cherche exorciste sympathique ! HELP!!!*

Re: ** PC Possédé ! Cherche exorciste sympathique ! HELP!!!*

Re: ** PC Possédé ! Cherche exorciste sympathique ! HELP!!!*

Re: ** PC Possédé ! Cherche exorciste sympathique ! HELP!!!*

Re: ** PC Possédé ! Cherche exorciste sympathique ! HELP!!!*

Re: ** PC Possédé ! Cherche exorciste sympathique ! HELP!!!*

Re: ** PC Possédé ! Cherche exorciste sympathique ! HELP!!!*

Re: ** PC Possédé ! Cherche exorciste sympathique ! HELP!!!*

Sujets similaires

Qui est en ligne