Comment supprimer un rootkit physical drive
Fermé
darkovnus
Messages postés
35
Date d'inscription
jeudi 8 janvier 2009
Statut
Membre
Dernière intervention
26 septembre 2011
-
16 févr. 2011 à 00:37
Utilisateur anonyme - 2 avril 2011 à 03:51
Utilisateur anonyme - 2 avril 2011 à 03:51
A voir également:
- Comment supprimer un rootkit physical drive
- Comment supprimer une page sur word - Guide
- Supprimer compte instagram - Guide
- Comment recuperer un message supprimé sur whatsapp - Guide
- Comment supprimer un compte gmail - Guide
- Supprimer one drive - Guide
37 réponses
darkovnus
Messages postés
35
Date d'inscription
jeudi 8 janvier 2009
Statut
Membre
Dernière intervention
26 septembre 2011
18 févr. 2011 à 20:26
18 févr. 2011 à 20:26
Et bien j'ai cure, mais ce la ne change rien le virus et toujours là, j'ai recommencer deux fois mais rien n'y fait, j'ai aussi redemarrer mon pc a chaque fois biensur, mais cela ne change rien d'ailleur quand il se rallume l'ordi se lance dans la reparation de demarrage windows a chaque fois et cela depuis que j'ai essayer de l'effacer !! Auriez vous une idée de se que je doit faire !!!
Utilisateur anonyme
18 févr. 2011 à 21:22
18 févr. 2011 à 21:22
/!\ ATTENTION SUIVRE A LA LETTRE CES INDICATIONS/!\
__________________________________________________________
>Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.<
>>>>>>>Ne pas utiliser en dehors de ce cas de figure : dangereux!<<<<<<<<
=====================================================
▶ Surtout , pense à l'enregistrement à renommer Combofix en "ton prenom.exe" avant qu'il soit enregistré sur ton disque dur
Telecharge ici : Combofix
Avant d'utiliser ComboFix :
Si tu utilises AVG, IL FAUT IMPERATIVEMENT LE DESINSTALLER avant d'utiliser Combofix car il peut causer des dégâts en interaction avec l'outil pouvant mener à la réinstallation totale du système.
La simple désactivation du résident n'est pas suffisante.
Télécharge le désinstalleur d'AVG sur ce lien : https://www.avg.com/fr-fr/avg-remover
Choisis la version adéquate (32 ou 64 bits)/!\
Les logiciels d'émulation de CD comme Daemon Tools peuvent gêner les outils de désinfection. Utilise Defogger pour les désactiver temporairement :
▶ Télécharge Defogger (de jpshortstuff) sur ton Bureau
▶ Lance le
Une fenêtre apparait : clique sur "Disable"
▶ Fais redémarrer l'ordinateur si l'outil te le demande
Note : Quand nous aurons terminé la désinfection, tu pourras réactiver ces logiciels en relançant Defogger et en cliquant sur "Re-enable"
_________________________________________________________
>> referme les fenêtres de tous les programmes en cours.
>> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
>>la protection en temps réel de ton Antivirus et de tes Antispywares,
>>qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur combofix renommé
¤¤¤¤¤¤¤¤¤¤ LAISSE-LE INSTALLER LA CONSOLE DE RECUPERATION S'IL TE LE DEMANDE ¤¤¤¤¤¤¤¤¤¤
▶ !!!!!NE TOUCHE A RIEN PENDANT LE TRAVAIL DE COMBOFIX (SOURIS/CLAVIER.....)!!!!!
▶ n'oublie pas de reactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
▶▶ Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
darkovnus
Messages postés
35
Date d'inscription
jeudi 8 janvier 2009
Statut
Membre
Dernière intervention
26 septembre 2011
13 mars 2011 à 10:01
13 mars 2011 à 10:01
Desoler j'ai mis du temps avant de vous repondre le travaille ma pris de cours.
J'ai fait se que vous m'avez dit je vous colle le rapport qui est apparue a la fin sur combofix
ComboFix 11-03-12.01 - Lolo 13/03/2011 9:29.1.1 - x86
Microsoft® Windows Vista(TM) Professionnel 6.0.6002.2.1252.33.1036.18.1976.904 [GMT 1:00]
Lancé depuis: c:\users\Lolo\Downloads\ComboFix.exe
AV: avast! antivirus *Disabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! antivirus *Disabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Lolo\AppData\Roaming\AntiVirus 2010
c:\users\Lolo\AppData\Roaming\WhereSphere
c:\users\Lolo\AppData\Roaming\WhereSphere\config.cfg
c:\users\Lolo\Desktop\Internet Explorer.lnk
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-02-13 au 2011-03-13 ))))))))))))))))))))))))))))))))))))
.
.
2011-03-13 08:42 . 2011-03-13 08:47 -------- d-----w- c:\users\Lolo\AppData\Local\temp
2011-03-13 08:42 . 2011-03-13 08:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-10 18:51 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-10 18:51 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-10 18:51 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-10 18:51 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-10 18:51 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-10 18:51 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-02-27 11:26 . 2011-02-27 11:26 -------- d-----w- c:\program files\iPod
2011-02-27 11:26 . 2011-02-27 11:27 -------- d-----w- c:\program files\iTunes
2011-02-27 11:20 . 2011-02-27 11:20 -------- d-----w- c:\program files\Bonjour
2011-02-19 02:05 . 2011-02-19 02:05 23040 ----a-w- c:\windows\system32\bddel.exe
2011-02-18 22:33 . 2011-02-18 22:33 -------- d-----w- c:\users\Lolo\AppData\Roaming\QuickScan
2011-02-18 22:31 . 2011-03-13 08:44 -------- d-----w- c:\program files\Common Files\BitDefender
2011-02-18 22:29 . 2011-03-13 08:24 512599 ----a-w- c:\programdata\bdinstall.bin
2011-02-18 17:32 . 2011-02-02 16:10 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{48C382E4-26E4-45EF-B541-0D40565F2CDC}\mpengine.dll
2011-02-17 19:03 . 2011-02-17 19:03 -------- d-----w- c:\windows\fr
2011-02-17 18:57 . 2009-09-04 16:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-02-17 18:57 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-02-17 18:57 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-02-17 18:54 . 2011-02-17 18:54 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\2a9c98e31cbced407\DSETUP.dll
2011-02-17 18:54 . 2011-02-17 18:54 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\2a9c98e31cbced407\DXSETUP.exe
2011-02-17 18:54 . 2011-02-17 18:54 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\2a9c98e31cbced407\dsetup32.dll
2011-02-17 18:54 . 2011-02-17 18:54 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\29f397431cbced406\DSETUP.dll
2011-02-17 18:54 . 2011-02-17 18:54 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\29f397431cbced406\DXSETUP.exe
2011-02-17 18:54 . 2011-02-17 18:54 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\29f397431cbced406\dsetup32.dll
2011-02-17 18:53 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2011-02-16 22:35 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe
2011-02-16 22:34 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll
2011-02-16 22:34 . 2011-01-08 08:47 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-16 22:34 . 2011-01-08 06:28 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-02-16 22:34 . 2010-06-16 15:30 72704 ----a-w- c:\windows\system32\fontsub.dll
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-10 18:41 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-02 16:11 . 2009-10-03 07:56 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-14 17:51 . 2010-12-14 17:51 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-12-14 17:51 . 2010-12-14 17:51 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-18 2289664]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-06 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2008-05-08 238984]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-05-21 24848]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-05-12 318488]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1045800]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2008-05-02 10244096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-14 177456]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2008-04-21 197904]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-10 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-10 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-10 145944]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1314816]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
.
c:\users\Lolo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-2-19 503808]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-1-16 727592]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-6-18 197904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 135664]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-08 1112560]
R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 aswSP;avast! Self Protection; [x]
S1 RsvLock;RsvLock; [x]
S2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2007-05-15 182576]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2008-05-14 34184]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2008-05-14 256512]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [2008-05-02 77824]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-04-07 24936]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2008-05-12 576024]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-18 00:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'
.
2011-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 17:08]
.
2011-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 17:08]
.
2011-03-12 c:\windows\Tasks\Norton Security Scan for Lolo.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-10-23 07:48]
.
2011-03-13 c:\windows\Tasks\User_Feed_Synchronization-{AF1FD668-6C39-4ACD-B4AA-8512F55AB2A9}.job
- c:\windows\system32\msfeedssync.exe [2011-02-16 04:47]
.
.
------- Examen supplémentaire -------
.
uStart Page = about:blank
mStart Page = about:blank
mSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Lolo\AppData\Roaming\Mozilla\Firefox\Profiles\4m9vyvqd.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHELINS SUPPRIMES - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-{F0A37341-D692-11D4-A984-009027EC0A9C} - c:\program files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe
.
.
.
**************************************************************************
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'Explorer.exe'(3572)
c:\program files\Hewlett-Packard\IAM\Bin\ItClient.dll
c:\program files\Hewlett-Packard\File Sanitizer\HPPMDesktopIcon.dll
c:\windows\system32\btncopy.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\AEADISRV.EXE
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe
c:\windows\system32\conime.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Heure de fin: 2011-03-13 09:54:31 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-03-13 08:53
.
Avant-CF: 134 128 775 168 octets libres
Après-CF: 134 470 795 264 octets libres
.
- - End Of File - - E1A3675C92304167E5540E5FD198C973
J'ai fait se que vous m'avez dit je vous colle le rapport qui est apparue a la fin sur combofix
ComboFix 11-03-12.01 - Lolo 13/03/2011 9:29.1.1 - x86
Microsoft® Windows Vista(TM) Professionnel 6.0.6002.2.1252.33.1036.18.1976.904 [GMT 1:00]
Lancé depuis: c:\users\Lolo\Downloads\ComboFix.exe
AV: avast! antivirus *Disabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! antivirus *Disabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Lolo\AppData\Roaming\AntiVirus 2010
c:\users\Lolo\AppData\Roaming\WhereSphere
c:\users\Lolo\AppData\Roaming\WhereSphere\config.cfg
c:\users\Lolo\Desktop\Internet Explorer.lnk
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-02-13 au 2011-03-13 ))))))))))))))))))))))))))))))))))))
.
.
2011-03-13 08:42 . 2011-03-13 08:47 -------- d-----w- c:\users\Lolo\AppData\Local\temp
2011-03-13 08:42 . 2011-03-13 08:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-10 18:51 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-10 18:51 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-10 18:51 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-10 18:51 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-10 18:51 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-10 18:51 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-02-27 11:26 . 2011-02-27 11:26 -------- d-----w- c:\program files\iPod
2011-02-27 11:26 . 2011-02-27 11:27 -------- d-----w- c:\program files\iTunes
2011-02-27 11:20 . 2011-02-27 11:20 -------- d-----w- c:\program files\Bonjour
2011-02-19 02:05 . 2011-02-19 02:05 23040 ----a-w- c:\windows\system32\bddel.exe
2011-02-18 22:33 . 2011-02-18 22:33 -------- d-----w- c:\users\Lolo\AppData\Roaming\QuickScan
2011-02-18 22:31 . 2011-03-13 08:44 -------- d-----w- c:\program files\Common Files\BitDefender
2011-02-18 22:29 . 2011-03-13 08:24 512599 ----a-w- c:\programdata\bdinstall.bin
2011-02-18 17:32 . 2011-02-02 16:10 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{48C382E4-26E4-45EF-B541-0D40565F2CDC}\mpengine.dll
2011-02-17 19:03 . 2011-02-17 19:03 -------- d-----w- c:\windows\fr
2011-02-17 18:57 . 2009-09-04 16:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-02-17 18:57 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-02-17 18:57 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-02-17 18:54 . 2011-02-17 18:54 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\2a9c98e31cbced407\DSETUP.dll
2011-02-17 18:54 . 2011-02-17 18:54 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\2a9c98e31cbced407\DXSETUP.exe
2011-02-17 18:54 . 2011-02-17 18:54 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\2a9c98e31cbced407\dsetup32.dll
2011-02-17 18:54 . 2011-02-17 18:54 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\29f397431cbced406\DSETUP.dll
2011-02-17 18:54 . 2011-02-17 18:54 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\29f397431cbced406\DXSETUP.exe
2011-02-17 18:54 . 2011-02-17 18:54 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\29f397431cbced406\dsetup32.dll
2011-02-17 18:53 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2011-02-16 22:35 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe
2011-02-16 22:34 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll
2011-02-16 22:34 . 2011-01-08 08:47 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-16 22:34 . 2011-01-08 06:28 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-02-16 22:34 . 2010-06-16 15:30 72704 ----a-w- c:\windows\system32\fontsub.dll
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-10 18:41 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-02 16:11 . 2009-10-03 07:56 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-14 17:51 . 2010-12-14 17:51 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-12-14 17:51 . 2010-12-14 17:51 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-18 2289664]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-06 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2008-05-08 238984]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-05-21 24848]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-05-12 318488]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1045800]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2008-05-02 10244096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-14 177456]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2008-04-21 197904]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-10 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-10 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-10 145944]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1314816]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
.
c:\users\Lolo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-2-19 503808]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-1-16 727592]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-6-18 197904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 135664]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-08 1112560]
R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 aswSP;avast! Self Protection; [x]
S1 RsvLock;RsvLock; [x]
S2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2007-05-15 182576]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2008-05-14 34184]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2008-05-14 256512]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [2008-05-02 77824]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-04-07 24936]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2008-05-12 576024]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-18 00:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'
.
2011-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 17:08]
.
2011-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 17:08]
.
2011-03-12 c:\windows\Tasks\Norton Security Scan for Lolo.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-10-23 07:48]
.
2011-03-13 c:\windows\Tasks\User_Feed_Synchronization-{AF1FD668-6C39-4ACD-B4AA-8512F55AB2A9}.job
- c:\windows\system32\msfeedssync.exe [2011-02-16 04:47]
.
.
------- Examen supplémentaire -------
.
uStart Page = about:blank
mStart Page = about:blank
mSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Lolo\AppData\Roaming\Mozilla\Firefox\Profiles\4m9vyvqd.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHELINS SUPPRIMES - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-{F0A37341-D692-11D4-A984-009027EC0A9C} - c:\program files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe
.
.
.
**************************************************************************
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'Explorer.exe'(3572)
c:\program files\Hewlett-Packard\IAM\Bin\ItClient.dll
c:\program files\Hewlett-Packard\File Sanitizer\HPPMDesktopIcon.dll
c:\windows\system32\btncopy.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\AEADISRV.EXE
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe
c:\windows\system32\conime.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Heure de fin: 2011-03-13 09:54:31 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-03-13 08:53
.
Avant-CF: 134 128 775 168 octets libres
Après-CF: 134 470 795 264 octets libres
.
- - End Of File - - E1A3675C92304167E5540E5FD198C973
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
darkovnus
Messages postés
35
Date d'inscription
jeudi 8 janvier 2009
Statut
Membre
Dernière intervention
26 septembre 2011
13 mars 2011 à 13:39
13 mars 2011 à 13:39
comment ça ? je doit faire quoi alors ??
darkovnus
Messages postés
35
Date d'inscription
jeudi 8 janvier 2009
Statut
Membre
Dernière intervention
26 septembre 2011
13 mars 2011 à 13:40
13 mars 2011 à 13:40
j'ai pourtant suivis a la lettre le message que tu m'a envoyer !!!
totobetourne
Messages postés
5592
Date d'inscription
dimanche 23 mars 2008
Statut
Membre
Dernière intervention
6 juin 2012
65
13 mars 2011 à 13:52
13 mars 2011 à 13:52
IL VEUT TE DIRE QUE TU NE L AS PAS RENOMMé combo fix avant de le telecharger et aussi mais ce n est pas indique(je crois) c est que combo fix doit se situer sur ton bureau lorsque tu lances le scan.
darkovnus
Messages postés
35
Date d'inscription
jeudi 8 janvier 2009
Statut
Membre
Dernière intervention
26 septembre 2011
13 mars 2011 à 14:16
13 mars 2011 à 14:16
oK d'accord je vais relancer le scan tout de suite en installant cette fois combo directement sur mon bureau merci beaucoup
darkovnus
Messages postés
35
Date d'inscription
jeudi 8 janvier 2009
Statut
Membre
Dernière intervention
26 septembre 2011
13 mars 2011 à 15:05
13 mars 2011 à 15:05
Et voici le rapport Combofix.txt
ComboFix 11-03-12.01 - Lolo 13/03/2011 14:28:47.2.1 - x86
Microsoft® Windows Vista(TM) Professionnel 6.0.6002.2.1252.33.1036.18.1976.833 [GMT 1:00]
Lancé depuis: c:\users\Lolo\Desktop\ComboFix.exe
AV: avast! antivirus *Disabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! antivirus *Disabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-02-13 au 2011-03-13 ))))))))))))))))))))))))))))))))))))
.
.
2011-03-13 13:41 . 2011-03-13 13:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-13 13:26 . 2011-03-13 13:27 -------- d-----w- C:\32788R22FWJFW
2011-03-13 09:06 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FF469371-68B2-4F03-871D-582C1D7F8437}\mpengine.dll
2011-03-13 08:42 . 2011-03-13 13:41 -------- d-----w- c:\users\Lolo\AppData\Local\temp
2011-03-10 18:51 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-10 18:51 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-10 18:51 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-10 18:51 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-10 18:51 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-10 18:51 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-02-27 11:26 . 2011-02-27 11:26 -------- d-----w- c:\program files\iPod
2011-02-27 11:26 . 2011-02-27 11:27 -------- d-----w- c:\program files\iTunes
2011-02-27 11:20 . 2011-02-27 11:20 -------- d-----w- c:\program files\Bonjour
2011-02-19 02:05 . 2011-02-19 02:05 23040 ----a-w- c:\windows\system32\bddel.exe
2011-02-18 22:33 . 2011-02-18 22:33 -------- d-----w- c:\users\Lolo\AppData\Roaming\QuickScan
2011-02-18 22:31 . 2011-03-13 08:44 -------- d-----w- c:\program files\Common Files\BitDefender
2011-02-18 22:29 . 2011-03-13 08:24 512599 ----a-w- c:\programdata\bdinstall.bin
2011-02-17 19:03 . 2011-02-17 19:03 -------- d-----w- c:\windows\fr
2011-02-17 18:57 . 2009-09-04 16:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-02-17 18:57 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-02-17 18:57 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-02-17 18:54 . 2011-02-17 18:54 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\2a9c98e31cbced407\DSETUP.dll
2011-02-17 18:54 . 2011-02-17 18:54 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\2a9c98e31cbced407\DXSETUP.exe
2011-02-17 18:54 . 2011-02-17 18:54 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\2a9c98e31cbced407\dsetup32.dll
2011-02-17 18:54 . 2011-02-17 18:54 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\29f397431cbced406\DSETUP.dll
2011-02-17 18:54 . 2011-02-17 18:54 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\29f397431cbced406\DXSETUP.exe
2011-02-17 18:54 . 2011-02-17 18:54 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\29f397431cbced406\dsetup32.dll
2011-02-17 18:53 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2011-02-16 22:35 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe
2011-02-16 22:34 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll
2011-02-16 22:34 . 2011-01-08 08:47 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-16 22:34 . 2011-01-08 06:28 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-02-16 22:34 . 2010-06-16 15:30 72704 ----a-w- c:\windows\system32\fontsub.dll
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-10 18:41 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-02 16:11 . 2009-10-03 07:56 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-14 17:51 . 2010-12-14 17:51 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-12-14 17:51 . 2010-12-14 17:51 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-18 2289664]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-06 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2008-05-08 238984]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-05-21 24848]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-05-12 318488]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1045800]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2008-05-02 10244096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-14 177456]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2008-04-21 197904]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-10 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-10 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-10 145944]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1314816]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
.
c:\users\Lolo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-2-19 503808]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-1-16 727592]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-6-18 197904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 135664]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-08 1112560]
R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 aswSP;avast! Self Protection; [x]
S1 RsvLock;RsvLock; [x]
S2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2007-05-15 182576]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2008-05-14 34184]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2008-05-14 256512]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [2008-05-02 77824]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-04-07 24936]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2008-05-12 576024]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-18 00:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'
.
2011-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 17:08]
.
2011-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 17:08]
.
2011-03-12 c:\windows\Tasks\Norton Security Scan for Lolo.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-10-23 07:48]
.
2011-03-13 c:\windows\Tasks\User_Feed_Synchronization-{AF1FD668-6C39-4ACD-B4AA-8512F55AB2A9}.job
- c:\windows\system32\msfeedssync.exe [2011-02-16 04:47]
.
.
------- Examen supplémentaire -------
.
uStart Page = about:blank
mStart Page = about:blank
mSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Lolo\AppData\Roaming\Mozilla\Firefox\Profiles\4m9vyvqd.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-13 14:41
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'winlogon.exe'(644)
c:\windows\System32\APSHook.dll
.
- - - - - - - > 'lsass.exe'(704)
c:\windows\System32\APSHook.dll
.
- - - - - - - > 'Explorer.exe'(5368)
c:\windows\system32\btmmhook.dll
c:\program files\Hewlett-Packard\File Sanitizer\HPPMDesktopIcon.dll
.
Heure de fin: 2011-03-13 14:45:07
ComboFix-quarantined-files.txt 2011-03-13 13:45
ComboFix2.txt 2011-03-13 08:54
.
Avant-CF: 130 688 692 224 octets libres
Après-CF: 130 658 848 768 octets libres
.
- - End Of File - - 9571D68C735367A57F156DADABECDF1E
ComboFix 11-03-12.01 - Lolo 13/03/2011 14:28:47.2.1 - x86
Microsoft® Windows Vista(TM) Professionnel 6.0.6002.2.1252.33.1036.18.1976.833 [GMT 1:00]
Lancé depuis: c:\users\Lolo\Desktop\ComboFix.exe
AV: avast! antivirus *Disabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! antivirus *Disabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-02-13 au 2011-03-13 ))))))))))))))))))))))))))))))))))))
.
.
2011-03-13 13:41 . 2011-03-13 13:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-13 13:26 . 2011-03-13 13:27 -------- d-----w- C:\32788R22FWJFW
2011-03-13 09:06 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FF469371-68B2-4F03-871D-582C1D7F8437}\mpengine.dll
2011-03-13 08:42 . 2011-03-13 13:41 -------- d-----w- c:\users\Lolo\AppData\Local\temp
2011-03-10 18:51 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-10 18:51 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-10 18:51 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-10 18:51 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-10 18:51 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-10 18:51 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-02-27 11:26 . 2011-02-27 11:26 -------- d-----w- c:\program files\iPod
2011-02-27 11:26 . 2011-02-27 11:27 -------- d-----w- c:\program files\iTunes
2011-02-27 11:20 . 2011-02-27 11:20 -------- d-----w- c:\program files\Bonjour
2011-02-19 02:05 . 2011-02-19 02:05 23040 ----a-w- c:\windows\system32\bddel.exe
2011-02-18 22:33 . 2011-02-18 22:33 -------- d-----w- c:\users\Lolo\AppData\Roaming\QuickScan
2011-02-18 22:31 . 2011-03-13 08:44 -------- d-----w- c:\program files\Common Files\BitDefender
2011-02-18 22:29 . 2011-03-13 08:24 512599 ----a-w- c:\programdata\bdinstall.bin
2011-02-17 19:03 . 2011-02-17 19:03 -------- d-----w- c:\windows\fr
2011-02-17 18:57 . 2009-09-04 16:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-02-17 18:57 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-02-17 18:57 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-02-17 18:54 . 2011-02-17 18:54 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\2a9c98e31cbced407\DSETUP.dll
2011-02-17 18:54 . 2011-02-17 18:54 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\2a9c98e31cbced407\DXSETUP.exe
2011-02-17 18:54 . 2011-02-17 18:54 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\2a9c98e31cbced407\dsetup32.dll
2011-02-17 18:54 . 2011-02-17 18:54 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\29f397431cbced406\DSETUP.dll
2011-02-17 18:54 . 2011-02-17 18:54 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\29f397431cbced406\DXSETUP.exe
2011-02-17 18:54 . 2011-02-17 18:54 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\29f397431cbced406\dsetup32.dll
2011-02-17 18:53 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2011-02-16 22:35 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe
2011-02-16 22:34 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll
2011-02-16 22:34 . 2011-01-08 08:47 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-16 22:34 . 2011-01-08 06:28 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-02-16 22:34 . 2010-06-16 15:30 72704 ----a-w- c:\windows\system32\fontsub.dll
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-10 18:41 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-02 16:11 . 2009-10-03 07:56 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-14 17:51 . 2010-12-14 17:51 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-12-14 17:51 . 2010-12-14 17:51 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-18 2289664]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-06 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2008-05-08 238984]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-05-21 24848]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-05-12 318488]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1045800]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2008-05-02 10244096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-14 177456]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2008-04-21 197904]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-10 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-10 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-10 145944]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1314816]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
.
c:\users\Lolo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-2-19 503808]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-1-16 727592]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-6-18 197904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 135664]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-08 1112560]
R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 aswSP;avast! Self Protection; [x]
S1 RsvLock;RsvLock; [x]
S2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2007-05-15 182576]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2008-05-14 34184]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2008-05-14 256512]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [2008-05-02 77824]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-04-07 24936]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2008-05-12 576024]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-18 00:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'
.
2011-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 17:08]
.
2011-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 17:08]
.
2011-03-12 c:\windows\Tasks\Norton Security Scan for Lolo.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-10-23 07:48]
.
2011-03-13 c:\windows\Tasks\User_Feed_Synchronization-{AF1FD668-6C39-4ACD-B4AA-8512F55AB2A9}.job
- c:\windows\system32\msfeedssync.exe [2011-02-16 04:47]
.
.
------- Examen supplémentaire -------
.
uStart Page = about:blank
mStart Page = about:blank
mSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Lolo\AppData\Roaming\Mozilla\Firefox\Profiles\4m9vyvqd.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-13 14:41
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'winlogon.exe'(644)
c:\windows\System32\APSHook.dll
.
- - - - - - - > 'lsass.exe'(704)
c:\windows\System32\APSHook.dll
.
- - - - - - - > 'Explorer.exe'(5368)
c:\windows\system32\btmmhook.dll
c:\program files\Hewlett-Packard\File Sanitizer\HPPMDesktopIcon.dll
.
Heure de fin: 2011-03-13 14:45:07
ComboFix-quarantined-files.txt 2011-03-13 13:45
ComboFix2.txt 2011-03-13 08:54
.
Avant-CF: 130 688 692 224 octets libres
Après-CF: 130 658 848 768 octets libres
.
- - End Of File - - 9571D68C735367A57F156DADABECDF1E
Utilisateur anonyme
13 mars 2011 à 17:39
13 mars 2011 à 17:39
qu'est-ce-qui lui arrive à cette Dll ?
Fais analyser le(s) fichier(s) suivants sur Virustotal :
Virus Total
* * Colle directement le chemin des fichiers , un par un , dans l'espace "Parcourir" apres chaque analyse :
c:\windows\System32\APSHook.dll
* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée colle le lien de(s)( la) page(s) dans ta prochaine réponse.
Fais analyser le(s) fichier(s) suivants sur Virustotal :
Virus Total
* * Colle directement le chemin des fichiers , un par un , dans l'espace "Parcourir" apres chaque analyse :
c:\windows\System32\APSHook.dll
* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée colle le lien de(s)( la) page(s) dans ta prochaine réponse.
darkovnus
Messages postés
35
Date d'inscription
jeudi 8 janvier 2009
Statut
Membre
Dernière intervention
26 septembre 2011
13 mars 2011 à 17:54
13 mars 2011 à 17:54
je doit faire analyser sur se site juste le liens
c:\windows\System32\APSHook.dll
ou tout les fichier qui se trouve dans system 32 et il n'y en a pas qu'un peu
c:\windows\System32\APSHook.dll
ou tout les fichier qui se trouve dans system 32 et il n'y en a pas qu'un peu
totobetourne
Messages postés
5592
Date d'inscription
dimanche 23 mars 2008
Statut
Membre
Dernière intervention
6 juin 2012
65
13 mars 2011 à 18:03
13 mars 2011 à 18:03
a ton avis, réflechis un peu .qu est ce qui est écrit ?
darkovnus
Messages postés
35
Date d'inscription
jeudi 8 janvier 2009
Statut
Membre
Dernière intervention
26 septembre 2011
13 mars 2011 à 19:49
13 mars 2011 à 19:49
j'espere que c sa
http://www.virustotal.com/file-scan/report.html?id=78a96c7c37dc9f37eec81e06c0b099b37a838cda2863ef0064e0ce6a60605283-1300035866
http://www.virustotal.com/file-scan/report.html?id=78a96c7c37dc9f37eec81e06c0b099b37a838cda2863ef0064e0ce6a60605283-1300035866
Utilisateur anonyme
13 mars 2011 à 20:21
13 mars 2011 à 20:21
__________________________________________________
=>/!\Le script qui suit a été écrit spécialement cet ordinateur/!\ <=
=>il est fort déconseillé de le transposer sur un autre ordinateur !<=
----------------------------------------------------------------------------
Toujours avec toutes les protections désactivées, fais ceci :
▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
▶ Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :
----------------------------------------------------------
KillAll::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"SunJavaUpdateSched"=-
"HP Software Update"=-
"QuickTime Task"=-
"iTunesHelper"=-
RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
------------------------------------------------------------------
▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
▶ Quitte le Bloc Notes
▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier combofix
▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt
darkovnus
Messages postés
35
Date d'inscription
jeudi 8 janvier 2009
Statut
Membre
Dernière intervention
26 septembre 2011
13 mars 2011 à 21:13
13 mars 2011 à 21:13
je fait sa tout de suite merci beaucoup !!!
darkovnus
Messages postés
35
Date d'inscription
jeudi 8 janvier 2009
Statut
Membre
Dernière intervention
26 septembre 2011
13 mars 2011 à 21:44
13 mars 2011 à 21:44
voici le rapport
ComboFix 11-03-12.01 - Lolo 13/03/2011 21:19:40.3.1 - x86
Microsoft® Windows Vista(TM) Professionnel 6.0.6002.2.1252.33.1036.18.1976.1010 [GMT 1:00]
Lancé depuis: c:\users\Lolo\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Lolo\Desktop\CFScript.txt.lnk
AV: avast! antivirus *Disabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! antivirus *Disabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-02-13 au 2011-03-13 ))))))))))))))))))))))))))))))))))))
.
.
2011-03-13 20:30 . 2011-03-13 20:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-13 09:06 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FF469371-68B2-4F03-871D-582C1D7F8437}\mpengine.dll
2011-03-13 08:42 . 2011-03-13 20:30 -------- d-----w- c:\users\Lolo\AppData\Local\temp
2011-03-10 18:51 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-10 18:51 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-10 18:51 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-10 18:51 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-10 18:51 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-10 18:51 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-02-27 11:26 . 2011-02-27 11:26 -------- d-----w- c:\program files\iPod
2011-02-27 11:26 . 2011-02-27 11:27 -------- d-----w- c:\program files\iTunes
2011-02-27 11:20 . 2011-02-27 11:20 -------- d-----w- c:\program files\Bonjour
2011-02-19 02:05 . 2011-02-19 02:05 23040 ----a-w- c:\windows\system32\bddel.exe
2011-02-18 22:33 . 2011-02-18 22:33 -------- d-----w- c:\users\Lolo\AppData\Roaming\QuickScan
2011-02-18 22:31 . 2011-03-13 08:44 -------- d-----w- c:\program files\Common Files\BitDefender
2011-02-18 22:29 . 2011-03-13 08:24 512599 ----a-w- c:\programdata\bdinstall.bin
2011-02-17 19:03 . 2011-02-17 19:03 -------- d-----w- c:\windows\fr
2011-02-17 18:57 . 2009-09-04 16:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-02-17 18:57 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-02-17 18:57 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-02-17 18:54 . 2011-02-17 18:54 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\2a9c98e31cbced407\DSETUP.dll
2011-02-17 18:54 . 2011-02-17 18:54 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\2a9c98e31cbced407\DXSETUP.exe
2011-02-17 18:54 . 2011-02-17 18:54 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\2a9c98e31cbced407\dsetup32.dll
2011-02-17 18:54 . 2011-02-17 18:54 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\29f397431cbced406\DSETUP.dll
2011-02-17 18:54 . 2011-02-17 18:54 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\29f397431cbced406\DXSETUP.exe
2011-02-17 18:54 . 2011-02-17 18:54 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\29f397431cbced406\dsetup32.dll
2011-02-17 18:53 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2011-02-16 22:35 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe
2011-02-16 22:34 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll
2011-02-16 22:34 . 2011-01-08 08:47 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-16 22:34 . 2011-01-08 06:28 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-02-16 22:34 . 2010-06-16 15:30 72704 ----a-w- c:\windows\system32\fontsub.dll
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-10 18:41 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-02 16:11 . 2009-10-03 07:56 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-14 17:51 . 2010-12-14 17:51 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-12-14 17:51 . 2010-12-14 17:51 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-18 2289664]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-06 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2008-05-08 238984]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-05-21 24848]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-05-12 318488]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1045800]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2008-05-02 10244096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-14 177456]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2008-04-21 197904]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-10 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-10 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-10 145944]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1314816]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
.
c:\users\Lolo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-2-19 503808]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-1-16 727592]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-6-18 197904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 135664]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-08 1112560]
R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 aswSP;avast! Self Protection; [x]
S1 RsvLock;RsvLock; [x]
S2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2007-05-15 182576]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2008-05-14 34184]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2008-05-14 256512]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [2008-05-02 77824]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-04-07 24936]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2008-05-12 576024]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-18 00:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'
.
2011-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 17:08]
.
2011-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 17:08]
.
2011-03-13 c:\windows\Tasks\Norton Security Scan for Lolo.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-10-23 07:48]
.
2011-03-13 c:\windows\Tasks\User_Feed_Synchronization-{AF1FD668-6C39-4ACD-B4AA-8512F55AB2A9}.job
- c:\windows\system32\msfeedssync.exe [2011-02-16 04:47]
.
.
------- Examen supplémentaire -------
.
uStart Page = about:blank
mStart Page = about:blank
mSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Lolo\AppData\Roaming\Mozilla\Firefox\Profiles\4m9vyvqd.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-13 21:30
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'Explorer.exe'(4644)
c:\windows\system32\btmmhook.dll
c:\program files\Hewlett-Packard\File Sanitizer\HPPMDesktopIcon.dll
.
Heure de fin: 2011-03-13 21:33:39
ComboFix-quarantined-files.txt 2011-03-13 20:33
ComboFix2.txt 2011-03-13 13:45
ComboFix3.txt 2011-03-13 08:54
.
Avant-CF: 130 713 485 312 octets libres
Après-CF: 130 684 121 088 octets libres
.
- - End Of File - - 8E0041898CD2E32113FE41EB861EE285
ComboFix 11-03-12.01 - Lolo 13/03/2011 21:19:40.3.1 - x86
Microsoft® Windows Vista(TM) Professionnel 6.0.6002.2.1252.33.1036.18.1976.1010 [GMT 1:00]
Lancé depuis: c:\users\Lolo\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Lolo\Desktop\CFScript.txt.lnk
AV: avast! antivirus *Disabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! antivirus *Disabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-02-13 au 2011-03-13 ))))))))))))))))))))))))))))))))))))
.
.
2011-03-13 20:30 . 2011-03-13 20:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-13 09:06 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FF469371-68B2-4F03-871D-582C1D7F8437}\mpengine.dll
2011-03-13 08:42 . 2011-03-13 20:30 -------- d-----w- c:\users\Lolo\AppData\Local\temp
2011-03-10 18:51 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-10 18:51 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-10 18:51 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-10 18:51 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-10 18:51 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-10 18:51 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-02-27 11:26 . 2011-02-27 11:26 -------- d-----w- c:\program files\iPod
2011-02-27 11:26 . 2011-02-27 11:27 -------- d-----w- c:\program files\iTunes
2011-02-27 11:20 . 2011-02-27 11:20 -------- d-----w- c:\program files\Bonjour
2011-02-19 02:05 . 2011-02-19 02:05 23040 ----a-w- c:\windows\system32\bddel.exe
2011-02-18 22:33 . 2011-02-18 22:33 -------- d-----w- c:\users\Lolo\AppData\Roaming\QuickScan
2011-02-18 22:31 . 2011-03-13 08:44 -------- d-----w- c:\program files\Common Files\BitDefender
2011-02-18 22:29 . 2011-03-13 08:24 512599 ----a-w- c:\programdata\bdinstall.bin
2011-02-17 19:03 . 2011-02-17 19:03 -------- d-----w- c:\windows\fr
2011-02-17 18:57 . 2009-09-04 16:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-02-17 18:57 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-02-17 18:57 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-02-17 18:54 . 2011-02-17 18:54 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\2a9c98e31cbced407\DSETUP.dll
2011-02-17 18:54 . 2011-02-17 18:54 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\2a9c98e31cbced407\DXSETUP.exe
2011-02-17 18:54 . 2011-02-17 18:54 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\2a9c98e31cbced407\dsetup32.dll
2011-02-17 18:54 . 2011-02-17 18:54 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\29f397431cbced406\DSETUP.dll
2011-02-17 18:54 . 2011-02-17 18:54 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\29f397431cbced406\DXSETUP.exe
2011-02-17 18:54 . 2011-02-17 18:54 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\29f397431cbced406\dsetup32.dll
2011-02-17 18:53 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2011-02-16 22:35 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe
2011-02-16 22:34 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll
2011-02-16 22:34 . 2011-01-08 08:47 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-16 22:34 . 2011-01-08 06:28 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-02-16 22:34 . 2010-06-16 15:30 72704 ----a-w- c:\windows\system32\fontsub.dll
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-10 18:41 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-02 16:11 . 2009-10-03 07:56 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-14 17:51 . 2010-12-14 17:51 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-12-14 17:51 . 2010-12-14 17:51 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-18 2289664]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-06 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2008-05-08 238984]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-05-21 24848]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-05-12 318488]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1045800]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2008-05-02 10244096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-14 177456]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2008-04-21 197904]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-10 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-10 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-10 145944]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1314816]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
.
c:\users\Lolo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-2-19 503808]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-1-16 727592]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-6-18 197904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 135664]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-08 1112560]
R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 aswSP;avast! Self Protection; [x]
S1 RsvLock;RsvLock; [x]
S2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2007-05-15 182576]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2008-05-14 34184]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2008-05-14 256512]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [2008-05-02 77824]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-04-07 24936]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2008-05-12 576024]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-18 00:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'
.
2011-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 17:08]
.
2011-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 17:08]
.
2011-03-13 c:\windows\Tasks\Norton Security Scan for Lolo.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-10-23 07:48]
.
2011-03-13 c:\windows\Tasks\User_Feed_Synchronization-{AF1FD668-6C39-4ACD-B4AA-8512F55AB2A9}.job
- c:\windows\system32\msfeedssync.exe [2011-02-16 04:47]
.
.
------- Examen supplémentaire -------
.
uStart Page = about:blank
mStart Page = about:blank
mSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Lolo\AppData\Roaming\Mozilla\Firefox\Profiles\4m9vyvqd.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-13 21:30
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'Explorer.exe'(4644)
c:\windows\system32\btmmhook.dll
c:\program files\Hewlett-Packard\File Sanitizer\HPPMDesktopIcon.dll
.
Heure de fin: 2011-03-13 21:33:39
ComboFix-quarantined-files.txt 2011-03-13 20:33
ComboFix2.txt 2011-03-13 13:45
ComboFix3.txt 2011-03-13 08:54
.
Avant-CF: 130 713 485 312 octets libres
Après-CF: 130 684 121 088 octets libres
.
- - End Of File - - 8E0041898CD2E32113FE41EB861EE285
darkovnus
Messages postés
35
Date d'inscription
jeudi 8 janvier 2009
Statut
Membre
Dernière intervention
26 septembre 2011
14 mars 2011 à 21:12
14 mars 2011 à 21:12
Mon ordi peut s'en tirer a votre avis ??
Utilisateur anonyme
14 mars 2011 à 21:14
14 mars 2011 à 21:14
refais un rapport de TDSSKILLEr
darkovnus
Messages postés
35
Date d'inscription
jeudi 8 janvier 2009
Statut
Membre
Dernière intervention
26 septembre 2011
14 mars 2011 à 22:37
14 mars 2011 à 22:37
Je fait sa tout de suite
darkovnus
Messages postés
35
Date d'inscription
jeudi 8 janvier 2009
Statut
Membre
Dernière intervention
26 septembre 2011
14 mars 2011 à 22:40
14 mars 2011 à 22:40
et voici le rapport de tdsskiller
2011/03/14 22:38:26.0068 5108 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20
2011/03/14 22:38:30.0405 5108 ================================================================================
2011/03/14 22:38:30.0405 5108 SystemInfo:
2011/03/14 22:38:30.0405 5108
2011/03/14 22:38:30.0405 5108 OS Version: 6.0.6002 ServicePack: 2.0
2011/03/14 22:38:30.0405 5108 Product type: Workstation
2011/03/14 22:38:30.0405 5108 ComputerName: PC-DE-LOLO
2011/03/14 22:38:30.0421 5108 UserName: Lolo
2011/03/14 22:38:30.0421 5108 Windows directory: C:\windows
2011/03/14 22:38:30.0421 5108 System windows directory: C:\windows
2011/03/14 22:38:30.0421 5108 Processor architecture: Intel x86
2011/03/14 22:38:30.0421 5108 Number of processors: 1
2011/03/14 22:38:30.0421 5108 Page size: 0x1000
2011/03/14 22:38:30.0421 5108 Boot type: Normal boot
2011/03/14 22:38:30.0421 5108 ================================================================================
2011/03/14 22:38:30.0873 5108 Initialize success
2011/03/14 22:38:34.0508 5720 ================================================================================
2011/03/14 22:38:34.0508 5720 Scan started
2011/03/14 22:38:34.0508 5720 Mode: Manual;
2011/03/14 22:38:34.0508 5720 ================================================================================
2011/03/14 22:38:35.0194 5720 Accelerometer (a9b917777841b76f299e2ea946e03adf) C:\windows\system32\DRIVERS\Accelerometer.sys
2011/03/14 22:38:35.0303 5720 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\windows\system32\drivers\acpi.sys
2011/03/14 22:38:35.0397 5720 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\windows\system32\drivers\adfs.sys
2011/03/14 22:38:35.0491 5720 ADIHdAudAddService (364a903711e84eb1386fa04106681b7a) C:\windows\system32\drivers\ADIHdAud.sys
2011/03/14 22:38:35.0569 5720 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\windows\system32\drivers\adp94xx.sys
2011/03/14 22:38:35.0631 5720 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\windows\system32\drivers\adpahci.sys
2011/03/14 22:38:35.0709 5720 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\windows\system32\drivers\adpu160m.sys
2011/03/14 22:38:35.0756 5720 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\windows\system32\drivers\adpu320.sys
2011/03/14 22:38:35.0865 5720 AFD (a201207363aa900abf1a388468688570) C:\windows\system32\drivers\afd.sys
2011/03/14 22:38:36.0005 5720 AgereSoftModem (38325c6aa8eae011897d61ce48ec6435) C:\windows\system32\DRIVERS\AGRSM.sys
2011/03/14 22:38:36.0115 5720 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\windows\system32\drivers\agp440.sys
2011/03/14 22:38:36.0177 5720 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\windows\system32\drivers\djsvs.sys
2011/03/14 22:38:36.0255 5720 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\windows\system32\drivers\aliide.sys
2011/03/14 22:38:36.0317 5720 amdagp (c47344bc706e5f0b9dce369516661578) C:\windows\system32\drivers\amdagp.sys
2011/03/14 22:38:36.0380 5720 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\windows\system32\drivers\amdide.sys
2011/03/14 22:38:36.0458 5720 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\windows\system32\drivers\amdk7.sys
2011/03/14 22:38:36.0536 5720 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\windows\system32\DRIVERS\amdk8.sys
2011/03/14 22:38:36.0692 5720 arc (5d2888182fb46632511acee92fdad522) C:\windows\system32\drivers\arc.sys
2011/03/14 22:38:36.0754 5720 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\windows\system32\drivers\arcsas.sys
2011/03/14 22:38:36.0910 5720 aswFsBlk (b4079a98f294a3e262872cb76f4849f0) C:\windows\system32\DRIVERS\aswFsBlk.sys
2011/03/14 22:38:37.0019 5720 aswMonFlt (e2851cb7dbb831888eaea46c55c05e44) C:\windows\system32\DRIVERS\aswMonFlt.sys
2011/03/14 22:38:37.0097 5720 aswRdr (8080d683489c99cbace813f6fa4069cc) C:\windows\system32\drivers\aswRdr.sys
2011/03/14 22:38:37.0175 5720 aswSP (2e5a2ad5004b55df39b7606130a88142) C:\windows\system32\drivers\aswSP.sys
2011/03/14 22:38:37.0269 5720 aswTdi (d4c83a37efadfa2c398362e0776e3773) C:\windows\system32\drivers\aswTdi.sys
2011/03/14 22:38:37.0331 5720 AsyncMac (53b202abee6455406254444303e87be1) C:\windows\system32\DRIVERS\asyncmac.sys
2011/03/14 22:38:37.0409 5720 atapi (2d9c903dc76a66813d350a562de40ed9) C:\windows\system32\drivers\atapi.sys
2011/03/14 22:38:37.0581 5720 b57nd60x (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\windows\system32\DRIVERS\b57nd60x.sys
2011/03/14 22:38:37.0721 5720 BCM43XX (3f5e7621cdf6867d3d8417d13a098277) C:\windows\system32\DRIVERS\bcmwl6.sys
2011/03/14 22:38:37.0846 5720 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\windows\system32\drivers\Beep.sys
2011/03/14 22:38:37.0955 5720 blbdrive (d4df28447741fd3d953526e33a617397) C:\windows\system32\drivers\blbdrive.sys
2011/03/14 22:38:38.0080 5720 bowser (74b442b2be1260b7588c136177ceac66) C:\windows\system32\DRIVERS\bowser.sys
2011/03/14 22:38:38.0158 5720 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\drivers\brfiltlo.sys
2011/03/14 22:38:38.0252 5720 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\drivers\brfiltup.sys
2011/03/14 22:38:38.0345 5720 Brserid (b304e75cff293029eddf094246747113) C:\windows\system32\drivers\brserid.sys
2011/03/14 22:38:38.0423 5720 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\system32\drivers\brserwdm.sys
2011/03/14 22:38:38.0517 5720 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\system32\drivers\brusbmdm.sys
2011/03/14 22:38:38.0595 5720 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\system32\drivers\brusbser.sys
2011/03/14 22:38:38.0689 5720 BthEnum (6d39c954799b63ba866910234cf7d726) C:\windows\system32\DRIVERS\BthEnum.sys
2011/03/14 22:38:38.0767 5720 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\windows\system32\drivers\bthmodem.sys
2011/03/14 22:38:38.0876 5720 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\windows\system32\DRIVERS\bthpan.sys
2011/03/14 22:38:38.0985 5720 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\windows\system32\Drivers\BTHport.sys
2011/03/14 22:38:39.0141 5720 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\windows\system32\Drivers\BTHUSB.sys
2011/03/14 22:38:39.0281 5720 btwaudio (99aeea7cefdfc6e4151a8f620d682088) C:\windows\system32\drivers\btwaudio.sys
2011/03/14 22:38:39.0359 5720 btwavdt (195872e48a7fb01f8bc9b800f70f4054) C:\windows\system32\drivers\btwavdt.sys
2011/03/14 22:38:39.0453 5720 btwrchid (0724e7d6c9b6a289eddda33fa8176e80) C:\windows\system32\DRIVERS\btwrchid.sys
2011/03/14 22:38:39.0640 5720 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\windows\system32\DRIVERS\cdfs.sys
2011/03/14 22:38:39.0734 5720 cdrom (6b4bffb9becd728097024276430db314) C:\windows\system32\DRIVERS\cdrom.sys
2011/03/14 22:38:39.0812 5720 circlass (e5d4133f37219dbcfe102bc61072589d) C:\windows\system32\drivers\circlass.sys
2011/03/14 22:38:39.0890 5720 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\windows\system32\CLFS.sys
2011/03/14 22:38:39.0999 5720 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\windows\system32\DRIVERS\CmBatt.sys
2011/03/14 22:38:40.0077 5720 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\windows\system32\drivers\cmdide.sys
2011/03/14 22:38:40.0155 5720 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\windows\system32\DRIVERS\compbatt.sys
2011/03/14 22:38:40.0217 5720 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\windows\system32\drivers\crcdisk.sys
2011/03/14 22:38:40.0280 5720 Crusoe (1f07becdca750766a96cda811ba86410) C:\windows\system32\drivers\crusoe.sys
2011/03/14 22:38:40.0420 5720 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\windows\system32\drivers\csc.sys
2011/03/14 22:38:40.0545 5720 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\windows\system32\Drivers\dfsc.sys
2011/03/14 22:38:40.0654 5720 disk (5d4aefc3386920236a548271f8f1af6a) C:\windows\system32\drivers\disk.sys
2011/03/14 22:38:40.0810 5720 drmkaud (97fef831ab90bee128c9af390e243f80) C:\windows\system32\drivers\drmkaud.sys
2011/03/14 22:38:40.0904 5720 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\windows\System32\drivers\dxgkrnl.sys
2011/03/14 22:38:41.0013 5720 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\windows\system32\DRIVERS\E1G60I32.sys
2011/03/14 22:38:41.0122 5720 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\windows\system32\drivers\ecache.sys
2011/03/14 22:38:41.0247 5720 elxstor (23b62471681a124889978f6295b3f4c6) C:\windows\system32\drivers\elxstor.sys
2011/03/14 22:38:41.0341 5720 ErrDev (3db974f3935483555d7148663f726c61) C:\windows\system32\drivers\errdev.sys
2011/03/14 22:38:41.0465 5720 exfat (22b408651f9123527bcee54b4f6c5cae) C:\windows\system32\drivers\exfat.sys
2011/03/14 22:38:41.0543 5720 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\windows\system32\drivers\fastfat.sys
2011/03/14 22:38:41.0668 5720 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\windows\system32\DRIVERS\fdc.sys
2011/03/14 22:38:41.0762 5720 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\windows\system32\drivers\fileinfo.sys
2011/03/14 22:38:41.0824 5720 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\windows\system32\drivers\filetrace.sys
2011/03/14 22:38:41.0902 5720 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\windows\system32\DRIVERS\flpydisk.sys
2011/03/14 22:38:41.0965 5720 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\windows\system32\drivers\fltmgr.sys
2011/03/14 22:38:42.0058 5720 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\windows\system32\drivers\Fs_Rec.sys
2011/03/14 22:38:42.0136 5720 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\windows\system32\drivers\gagp30kx.sys
2011/03/14 22:38:42.0230 5720 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
2011/03/14 22:38:42.0386 5720 HBtnKey (88a78635b41ed4b261365fadeb28fe81) C:\windows\system32\DRIVERS\cpqbttn.sys
2011/03/14 22:38:42.0495 5720 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\windows\system32\drivers\HdAudio.sys
2011/03/14 22:38:42.0604 5720 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\windows\system32\DRIVERS\HDAudBus.sys
2011/03/14 22:38:42.0713 5720 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\windows\system32\drivers\hidbth.sys
2011/03/14 22:38:42.0760 5720 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\windows\system32\drivers\hidir.sys
2011/03/14 22:38:42.0869 5720 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\windows\system32\DRIVERS\hidusb.sys
2011/03/14 22:38:42.0963 5720 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\windows\system32\drivers\hpcisss.sys
2011/03/14 22:38:43.0057 5720 hpdskflt (3520a74fca88a5aefbbe7b937bea75f7) C:\windows\system32\DRIVERS\hpdskflt.sys
2011/03/14 22:38:43.0181 5720 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\windows\system32\DRIVERS\HpqKbFiltr.sys
2011/03/14 22:38:43.0291 5720 HTTP (f870aa3e254628ebeafe754108d664de) C:\windows\system32\drivers\HTTP.sys
2011/03/14 22:38:43.0384 5720 i2omp (c6b032d69650985468160fc9937cf5b4) C:\windows\system32\drivers\i2omp.sys
2011/03/14 22:38:43.0462 5720 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\windows\system32\DRIVERS\i8042prt.sys
2011/03/14 22:38:43.0571 5720 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\windows\system32\drivers\iastor.sys
2011/03/14 22:38:43.0634 5720 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\windows\system32\drivers\iastorv.sys
2011/03/14 22:38:43.0821 5720 igfx (d97e70e4e243c9660f91c1112e36c73b) C:\windows\system32\DRIVERS\igdkmd32.sys
2011/03/14 22:38:43.0961 5720 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\windows\system32\drivers\iirsp.sys
2011/03/14 22:38:44.0055 5720 intelide (83aa759f3189e6370c30de5dc5590718) C:\windows\system32\drivers\intelide.sys
2011/03/14 22:38:44.0102 5720 intelppm (224191001e78c89dfa78924c3ea595ff) C:\windows\system32\DRIVERS\intelppm.sys
2011/03/14 22:38:44.0164 5720 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/03/14 22:38:44.0305 5720 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\windows\system32\drivers\ipmidrv.sys
2011/03/14 22:38:44.0398 5720 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\windows\system32\DRIVERS\ipnat.sys
2011/03/14 22:38:44.0507 5720 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\windows\system32\drivers\irenum.sys
2011/03/14 22:38:44.0570 5720 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\windows\system32\drivers\isapnp.sys
2011/03/14 22:38:44.0648 5720 iScsiPrt (232fa340531d940aac623b121a595034) C:\windows\system32\DRIVERS\msiscsi.sys
2011/03/14 22:38:44.0757 5720 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\windows\system32\drivers\iteatapi.sys
2011/03/14 22:38:44.0819 5720 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\windows\system32\drivers\iteraid.sys
2011/03/14 22:38:44.0882 5720 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\windows\system32\DRIVERS\kbdclass.sys
2011/03/14 22:38:44.0975 5720 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\windows\system32\DRIVERS\kbdhid.sys
2011/03/14 22:38:45.0053 5720 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\windows\system32\Drivers\ksecdd.sys
2011/03/14 22:38:45.0225 5720 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\windows\system32\DRIVERS\lltdio.sys
2011/03/14 22:38:45.0334 5720 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\windows\system32\drivers\lsi_fc.sys
2011/03/14 22:38:45.0397 5720 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\windows\system32\drivers\lsi_sas.sys
2011/03/14 22:38:45.0443 5720 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\windows\system32\drivers\lsi_scsi.sys
2011/03/14 22:38:45.0490 5720 luafv (8f5c7426567798e62a3b3614965d62cc) C:\windows\system32\drivers\luafv.sys
2011/03/14 22:38:45.0599 5720 megasas (0001ce609d66632fa17b84705f658879) C:\windows\system32\drivers\megasas.sys
2011/03/14 22:38:45.0662 5720 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\windows\system32\drivers\megasr.sys
2011/03/14 22:38:45.0740 5720 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\windows\system32\drivers\modem.sys
2011/03/14 22:38:45.0802 5720 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\windows\system32\DRIVERS\monitor.sys
2011/03/14 22:38:45.0896 5720 mouclass (5bf6a1326a335c5298477754a506d263) C:\windows\system32\DRIVERS\mouclass.sys
2011/03/14 22:38:45.0974 5720 mouhid (93b8d4869e12cfbe663915502900876f) C:\windows\system32\DRIVERS\mouhid.sys
2011/03/14 22:38:46.0036 5720 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\windows\system32\drivers\mountmgr.sys
2011/03/14 22:38:46.0114 5720 mpio (511d011289755dd9f9a7579fb0b064e6) C:\windows\system32\drivers\mpio.sys
2011/03/14 22:38:46.0177 5720 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\windows\system32\drivers\mpsdrv.sys
2011/03/14 22:38:46.0270 5720 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\windows\system32\drivers\mraid35x.sys
2011/03/14 22:38:46.0364 5720 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\windows\system32\drivers\mrxdav.sys
2011/03/14 22:38:46.0442 5720 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/03/14 22:38:46.0520 5720 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/03/14 22:38:46.0598 5720 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/03/14 22:38:46.0660 5720 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\windows\system32\drivers\msahci.sys
2011/03/14 22:38:46.0723 5720 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\windows\system32\drivers\msdsm.sys
2011/03/14 22:38:46.0832 5720 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\windows\system32\drivers\Msfs.sys
2011/03/14 22:38:46.0894 5720 msisadrv (0f400e306f385c56317357d6dea56f62) C:\windows\system32\drivers\msisadrv.sys
2011/03/14 22:38:47.0003 5720 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\windows\system32\drivers\MSKSSRV.sys
2011/03/14 22:38:47.0066 5720 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\windows\system32\drivers\MSPCLOCK.sys
2011/03/14 22:38:47.0128 5720 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\windows\system32\drivers\MSPQM.sys
2011/03/14 22:38:47.0206 5720 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\windows\system32\drivers\MsRPC.sys
2011/03/14 22:38:47.0300 5720 mssmbios (e384487cb84be41d09711c30ca79646c) C:\windows\system32\DRIVERS\mssmbios.sys
2011/03/14 22:38:47.0393 5720 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\windows\system32\drivers\MSTEE.sys
2011/03/14 22:38:47.0471 5720 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\windows\system32\Drivers\mup.sys
2011/03/14 22:38:47.0534 5720 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\windows\system32\DRIVERS\nwifi.sys
2011/03/14 22:38:47.0627 5720 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\windows\system32\drivers\ndis.sys
2011/03/14 22:38:47.0752 5720 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\windows\system32\DRIVERS\ndistapi.sys
2011/03/14 22:38:47.0815 5720 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\windows\system32\DRIVERS\ndisuio.sys
2011/03/14 22:38:47.0893 5720 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\windows\system32\DRIVERS\ndiswan.sys
2011/03/14 22:38:47.0955 5720 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\windows\system32\drivers\NDProxy.sys
2011/03/14 22:38:48.0080 5720 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\windows\system32\DRIVERS\netbios.sys
2011/03/14 22:38:48.0158 5720 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\windows\system32\DRIVERS\netbt.sys
2011/03/14 22:38:48.0267 5720 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\windows\system32\drivers\nfrd960.sys
2011/03/14 22:38:48.0361 5720 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\windows\system32\drivers\Npfs.sys
2011/03/14 22:38:48.0454 5720 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\windows\system32\drivers\nsiproxy.sys
2011/03/14 22:38:48.0532 5720 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\windows\system32\drivers\Ntfs.sys
2011/03/14 22:38:48.0626 5720 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\windows\system32\drivers\ntrigdigi.sys
2011/03/14 22:38:48.0688 5720 Null (c5dbbcda07d780bda9b685df333bb41e) C:\windows\system32\drivers\Null.sys
2011/03/14 22:38:48.0735 5720 nvraid (2edf9e7751554b42cbb60116de727101) C:\windows\system32\drivers\nvraid.sys
2011/03/14 22:38:48.0891 5720 nvstor (abed0c09758d1d97db0042dbb2688177) C:\windows\system32\drivers\nvstor.sys
2011/03/14 22:38:48.0969 5720 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\windows\system32\drivers\nv_agp.sys
2011/03/14 22:38:49.0406 5720 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\windows\system32\drivers\ohci1394.sys
2011/03/14 22:38:49.0515 5720 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\windows\system32\drivers\parport.sys
2011/03/14 22:38:49.0577 5720 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\windows\system32\drivers\partmgr.sys
2011/03/14 22:38:49.0655 5720 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\windows\system32\drivers\parvdm.sys
2011/03/14 22:38:49.0796 5720 pci (941dc1d19e7e8620f40bbc206981efdb) C:\windows\system32\drivers\pci.sys
2011/03/14 22:38:49.0889 5720 pciide (fc175f5ddab666d7f4d17449a547626f) C:\windows\system32\drivers\pciide.sys
2011/03/14 22:38:49.0983 5720 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\windows\system32\DRIVERS\pcmcia.sys
2011/03/14 22:38:50.0092 5720 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\windows\system32\drivers\peauth.sys
2011/03/14 22:38:50.0279 5720 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\windows\system32\DRIVERS\raspptp.sys
2011/03/14 22:38:50.0357 5720 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\windows\system32\drivers\processr.sys
2011/03/14 22:38:50.0482 5720 PSched (99514faa8df93d34b5589187db3aa0ba) C:\windows\system32\DRIVERS\pacer.sys
2011/03/14 22:38:50.0576 5720 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\windows\system32\Drivers\PxHelp20.sys
2011/03/14 22:38:50.0669 5720 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\windows\system32\drivers\ql2300.sys
2011/03/14 22:38:50.0794 5720 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\windows\system32\drivers\ql40xx.sys
2011/03/14 22:38:50.0872 5720 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\windows\system32\drivers\qwavedrv.sys
2011/03/14 22:38:50.0935 5720 RasAcd (147d7f9c556d259924351feb0de606c3) C:\windows\system32\DRIVERS\rasacd.sys
2011/03/14 22:38:50.0997 5720 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/03/14 22:38:51.0059 5720 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\windows\system32\DRIVERS\raspppoe.sys
2011/03/14 22:38:51.0153 5720 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\windows\system32\DRIVERS\rassstp.sys
2011/03/14 22:38:51.0231 5720 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\windows\system32\DRIVERS\rdbss.sys
2011/03/14 22:38:51.0293 5720 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/03/14 22:38:51.0403 5720 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\windows\system32\DRIVERS\rdpdr.sys
2011/03/14 22:38:51.0465 5720 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\windows\system32\drivers\rdpencdd.sys
2011/03/14 22:38:51.0559 5720 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\windows\system32\drivers\RDPWD.sys
2011/03/14 22:38:51.0683 5720 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\windows\system32\DRIVERS\rfcomm.sys
2011/03/14 22:38:51.0824 5720 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\windows\system32\DRIVERS\rspndr.sys
2011/03/14 22:38:51.0886 5720 RsvLock (3beefe509c414f3a6e55e5c7c4024581) C:\windows\system32\drivers\RsvLock.sys
2011/03/14 22:38:51.0964 5720 SafeBoot (2a5eedcb22a5d6bb0231e38a38e7a7d9) C:\windows\system32\drivers\SafeBoot.sys
2011/03/14 22:38:51.0964 5720 Suspicious file (NoAccess): C:\windows\system32\drivers\SafeBoot.sys. md5: 2a5eedcb22a5d6bb0231e38a38e7a7d9
2011/03/14 22:38:51.0980 5720 SafeBoot - detected Locked file (1)
2011/03/14 22:38:52.0058 5720 SbAlg (52dcde2d1787217e15ffdca1cbf8cce9) C:\windows\system32\drivers\SbAlg.sys
2011/03/14 22:38:52.0105 5720 SbFsLock (69a5af9ce49a0982e7ae7c7d62bdb2b1) C:\windows\system32\drivers\SbFsLock.sys
2011/03/14 22:38:52.0183 5720 sbp2port (3ce8f073a557e172b330109436984e30) C:\windows\system32\drivers\sbp2port.sys
2011/03/14 22:38:52.0292 5720 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
2011/03/14 22:38:52.0385 5720 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\windows\system32\drivers\serenum.sys
2011/03/14 22:38:52.0448 5720 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\windows\system32\drivers\serial.sys
2011/03/14 22:38:52.0541 5720 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\windows\system32\drivers\sermouse.sys
2011/03/14 22:38:52.0635 5720 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\windows\system32\drivers\sffdisk.sys
2011/03/14 22:38:52.0697 5720 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\windows\system32\drivers\sffp_mmc.sys
2011/03/14 22:38:52.0791 5720 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\windows\system32\drivers\sffp_sd.sys
2011/03/14 22:38:52.0822 5720 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\windows\system32\drivers\sfloppy.sys
2011/03/14 22:38:52.0916 5720 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\windows\system32\drivers\sisagp.sys
2011/03/14 22:38:52.0978 5720 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\windows\system32\drivers\sisraid2.sys
2011/03/14 22:38:53.0056 5720 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\windows\system32\drivers\sisraid4.sys
2011/03/14 22:38:53.0165 5720 Smb (7b75299a4d201d6a6533603d6914ab04) C:\windows\system32\DRIVERS\smb.sys
2011/03/14 22:38:53.0321 5720 SNP2UVC (cf9cde12fbc19dba8de528b7511a2f4f) C:\windows\system32\DRIVERS\snp2uvc.sys
2011/03/14 22:38:53.0431 5720 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\windows\system32\drivers\spldr.sys
2011/03/14 22:38:53.0555 5720 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\windows\system32\DRIVERS\srv.sys
2011/03/14 22:38:53.0649 5720 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\windows\system32\DRIVERS\srv2.sys
2011/03/14 22:38:53.0696 5720 srvnet (faa0d553a49e85008c6bb3781987c574) C:\windows\system32\DRIVERS\srvnet.sys
2011/03/14 22:38:53.0789 5720 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\windows\system32\DRIVERS\swenum.sys
2011/03/14 22:38:53.0899 5720 Symc8xx (192aa3ac01df071b541094f251deed10) C:\windows\system32\drivers\symc8xx.sys
2011/03/14 22:38:53.0977 5720 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\windows\system32\drivers\sym_hi.sys
2011/03/14 22:38:54.0023 5720 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\windows\system32\drivers\sym_u3.sys
2011/03/14 22:38:54.0101 5720 SynTP (f5d926807bd9bc0af68f9376144de425) C:\windows\system32\DRIVERS\SynTP.sys
2011/03/14 22:38:54.0257 5720 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\windows\system32\drivers\tcpip.sys
2011/03/14 22:38:54.0382 5720 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\windows\system32\DRIVERS\tcpip.sys
2011/03/14 22:38:54.0460 5720 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\windows\system32\drivers\tcpipreg.sys
2011/03/14 22:38:54.0538 5720 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\windows\system32\drivers\tdpipe.sys
2011/03/14 22:38:54.0632 5720 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\windows\system32\drivers\tdtcp.sys
2011/03/14 22:38:54.0710 5720 tdx (76b06eb8a01fc8624d699e7045303e54) C:\windows\system32\DRIVERS\tdx.sys
2011/03/14 22:38:54.0788 5720 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\windows\system32\DRIVERS\termdd.sys
2011/03/14 22:38:55.0474 5720 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\windows\system32\DRIVERS\tssecsrv.sys
2011/03/14 22:38:55.0708 5720 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\windows\system32\DRIVERS\tunmp.sys
2011/03/14 22:38:55.0880 5720 tunnel (300db877ac094feab0be7688c3454a9c) C:\windows\system32\DRIVERS\tunnel.sys
2011/03/14 22:38:56.0348 5720 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\windows\system32\drivers\uagp35.sys
2011/03/14 22:38:56.0629 5720 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\windows\system32\DRIVERS\udfs.sys
2011/03/14 22:38:56.0863 5720 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\windows\system32\drivers\uliagpkx.sys
2011/03/14 22:38:57.0159 5720 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\windows\system32\drivers\uliahci.sys
2011/03/14 22:38:57.0892 5720 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\windows\system32\drivers\ulsata.sys
2011/03/14 22:38:58.0126 5720 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\windows\system32\drivers\ulsata2.sys
2011/03/14 22:38:58.0750 5720 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\windows\system32\DRIVERS\umbus.sys
2011/03/14 22:38:58.0859 5720 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\windows\system32\Drivers\usbaapl.sys
2011/03/14 22:38:59.0015 5720 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\windows\system32\DRIVERS\usbccgp.sys
2011/03/14 22:38:59.0093 5720 usbcir (e9476e6c486e76bc4898074768fb7131) C:\windows\system32\drivers\usbcir.sys
2011/03/14 22:38:59.0218 5720 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\windows\system32\DRIVERS\usbehci.sys
2011/03/14 22:38:59.0421 5720 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\windows\system32\DRIVERS\usbhub.sys
2011/03/14 22:38:59.0499 5720 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\windows\system32\DRIVERS\usbohci.sys
2011/03/14 22:38:59.0593 5720 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\windows\system32\DRIVERS\usbprint.sys
2011/03/14 22:38:59.0733 5720 usbscan (a508c9bd8724980512136b039bba65e9) C:\windows\system32\DRIVERS\usbscan.sys
2011/03/14 22:38:59.0827 5720 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\windows\system32\DRIVERS\USBSTOR.SYS
2011/03/14 22:38:59.0983 5720 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\windows\system32\DRIVERS\usbuhci.sys
2011/03/14 22:39:00.0201 5720 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\windows\system32\Drivers\usbvideo.sys
2011/03/14 22:39:00.0341 5720 vga (87b06e1f30b749a114f74622d013f8d4) C:\windows\system32\DRIVERS\vgapnp.sys
2011/03/14 22:39:00.0466 5720 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\windows\System32\drivers\vga.sys
2011/03/14 22:39:00.0607 5720 viaagp (5d7159def58a800d5781ba3a879627bc) C:\windows\system32\drivers\viaagp.sys
2011/03/14 22:39:00.0716 5720 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\windows\system32\drivers\viac7.sys
2011/03/14 22:39:00.0794 5720 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\windows\system32\drivers\viaide.sys
2011/03/14 22:39:00.0934 5720 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\windows\system32\drivers\volmgr.sys
2011/03/14 22:39:01.0215 5720 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\windows\system32\drivers\volmgrx.sys
2011/03/14 22:39:01.0387 5720 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\windows\system32\drivers\volsnap.sys
2011/03/14 22:39:01.0496 5720 vsmraid (587253e09325e6bf226b299774b728a9) C:\windows\system32\drivers\vsmraid.sys
2011/03/14 22:39:01.0605 5720 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\windows\system32\drivers\wacompen.sys
2011/03/14 22:39:01.0667 5720 Wanarp (55201897378cca7af8b5efd874374a26) C:\windows\system32\DRIVERS\wanarp.sys
2011/03/14 22:39:01.0699 5720 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\windows\system32\DRIVERS\wanarp.sys
2011/03/14 22:39:01.0870 5720 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\windows\system32\drivers\wd.sys
2011/03/14 22:39:01.0964 5720 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\windows\system32\drivers\Wdf01000.sys
2011/03/14 22:39:02.0323 5720 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\windows\system32\DRIVERS\wmiacpi.sys
2011/03/14 22:39:02.0572 5720 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\windows\system32\DRIVERS\wpdusb.sys
2011/03/14 22:39:02.0666 5720 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\windows\system32\drivers\ws2ifsl.sys
2011/03/14 22:39:02.0822 5720 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\windows\system32\DRIVERS\WUDFRd.sys
2011/03/14 22:39:03.0274 5720 yukonwlh (f72d4bffa37e857d195048c498afc61b) C:\windows\system32\DRIVERS\yk60x86.sys
2011/03/14 22:39:03.0399 5720 ================================================================================
2011/03/14 22:39:03.0399 5720 Scan finished
2011/03/14 22:39:03.0399 5720 ================================================================================
2011/03/14 22:39:03.0430 2820 Detected object count: 1
2011/03/14 22:39:16.0706 2820 HKLM\SYSTEM\ControlSet001\services\SafeBoot - will be deleted after reboot
2011/03/14 22:39:16.0737 2820 HKLM\SYSTEM\ControlSet005\services\SafeBoot - will be deleted after reboot
2011/03/14 22:39:16.0768 2820 C:\windows\system32\drivers\SafeBoot.sys - will be deleted after reboot
2011/03/14 22:39:16.0768 2820 Locked file(SafeBoot) - User select action: Delete
2011/03/14 22:38:26.0068 5108 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20
2011/03/14 22:38:30.0405 5108 ================================================================================
2011/03/14 22:38:30.0405 5108 SystemInfo:
2011/03/14 22:38:30.0405 5108
2011/03/14 22:38:30.0405 5108 OS Version: 6.0.6002 ServicePack: 2.0
2011/03/14 22:38:30.0405 5108 Product type: Workstation
2011/03/14 22:38:30.0405 5108 ComputerName: PC-DE-LOLO
2011/03/14 22:38:30.0421 5108 UserName: Lolo
2011/03/14 22:38:30.0421 5108 Windows directory: C:\windows
2011/03/14 22:38:30.0421 5108 System windows directory: C:\windows
2011/03/14 22:38:30.0421 5108 Processor architecture: Intel x86
2011/03/14 22:38:30.0421 5108 Number of processors: 1
2011/03/14 22:38:30.0421 5108 Page size: 0x1000
2011/03/14 22:38:30.0421 5108 Boot type: Normal boot
2011/03/14 22:38:30.0421 5108 ================================================================================
2011/03/14 22:38:30.0873 5108 Initialize success
2011/03/14 22:38:34.0508 5720 ================================================================================
2011/03/14 22:38:34.0508 5720 Scan started
2011/03/14 22:38:34.0508 5720 Mode: Manual;
2011/03/14 22:38:34.0508 5720 ================================================================================
2011/03/14 22:38:35.0194 5720 Accelerometer (a9b917777841b76f299e2ea946e03adf) C:\windows\system32\DRIVERS\Accelerometer.sys
2011/03/14 22:38:35.0303 5720 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\windows\system32\drivers\acpi.sys
2011/03/14 22:38:35.0397 5720 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\windows\system32\drivers\adfs.sys
2011/03/14 22:38:35.0491 5720 ADIHdAudAddService (364a903711e84eb1386fa04106681b7a) C:\windows\system32\drivers\ADIHdAud.sys
2011/03/14 22:38:35.0569 5720 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\windows\system32\drivers\adp94xx.sys
2011/03/14 22:38:35.0631 5720 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\windows\system32\drivers\adpahci.sys
2011/03/14 22:38:35.0709 5720 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\windows\system32\drivers\adpu160m.sys
2011/03/14 22:38:35.0756 5720 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\windows\system32\drivers\adpu320.sys
2011/03/14 22:38:35.0865 5720 AFD (a201207363aa900abf1a388468688570) C:\windows\system32\drivers\afd.sys
2011/03/14 22:38:36.0005 5720 AgereSoftModem (38325c6aa8eae011897d61ce48ec6435) C:\windows\system32\DRIVERS\AGRSM.sys
2011/03/14 22:38:36.0115 5720 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\windows\system32\drivers\agp440.sys
2011/03/14 22:38:36.0177 5720 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\windows\system32\drivers\djsvs.sys
2011/03/14 22:38:36.0255 5720 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\windows\system32\drivers\aliide.sys
2011/03/14 22:38:36.0317 5720 amdagp (c47344bc706e5f0b9dce369516661578) C:\windows\system32\drivers\amdagp.sys
2011/03/14 22:38:36.0380 5720 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\windows\system32\drivers\amdide.sys
2011/03/14 22:38:36.0458 5720 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\windows\system32\drivers\amdk7.sys
2011/03/14 22:38:36.0536 5720 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\windows\system32\DRIVERS\amdk8.sys
2011/03/14 22:38:36.0692 5720 arc (5d2888182fb46632511acee92fdad522) C:\windows\system32\drivers\arc.sys
2011/03/14 22:38:36.0754 5720 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\windows\system32\drivers\arcsas.sys
2011/03/14 22:38:36.0910 5720 aswFsBlk (b4079a98f294a3e262872cb76f4849f0) C:\windows\system32\DRIVERS\aswFsBlk.sys
2011/03/14 22:38:37.0019 5720 aswMonFlt (e2851cb7dbb831888eaea46c55c05e44) C:\windows\system32\DRIVERS\aswMonFlt.sys
2011/03/14 22:38:37.0097 5720 aswRdr (8080d683489c99cbace813f6fa4069cc) C:\windows\system32\drivers\aswRdr.sys
2011/03/14 22:38:37.0175 5720 aswSP (2e5a2ad5004b55df39b7606130a88142) C:\windows\system32\drivers\aswSP.sys
2011/03/14 22:38:37.0269 5720 aswTdi (d4c83a37efadfa2c398362e0776e3773) C:\windows\system32\drivers\aswTdi.sys
2011/03/14 22:38:37.0331 5720 AsyncMac (53b202abee6455406254444303e87be1) C:\windows\system32\DRIVERS\asyncmac.sys
2011/03/14 22:38:37.0409 5720 atapi (2d9c903dc76a66813d350a562de40ed9) C:\windows\system32\drivers\atapi.sys
2011/03/14 22:38:37.0581 5720 b57nd60x (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\windows\system32\DRIVERS\b57nd60x.sys
2011/03/14 22:38:37.0721 5720 BCM43XX (3f5e7621cdf6867d3d8417d13a098277) C:\windows\system32\DRIVERS\bcmwl6.sys
2011/03/14 22:38:37.0846 5720 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\windows\system32\drivers\Beep.sys
2011/03/14 22:38:37.0955 5720 blbdrive (d4df28447741fd3d953526e33a617397) C:\windows\system32\drivers\blbdrive.sys
2011/03/14 22:38:38.0080 5720 bowser (74b442b2be1260b7588c136177ceac66) C:\windows\system32\DRIVERS\bowser.sys
2011/03/14 22:38:38.0158 5720 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\drivers\brfiltlo.sys
2011/03/14 22:38:38.0252 5720 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\drivers\brfiltup.sys
2011/03/14 22:38:38.0345 5720 Brserid (b304e75cff293029eddf094246747113) C:\windows\system32\drivers\brserid.sys
2011/03/14 22:38:38.0423 5720 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\system32\drivers\brserwdm.sys
2011/03/14 22:38:38.0517 5720 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\system32\drivers\brusbmdm.sys
2011/03/14 22:38:38.0595 5720 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\system32\drivers\brusbser.sys
2011/03/14 22:38:38.0689 5720 BthEnum (6d39c954799b63ba866910234cf7d726) C:\windows\system32\DRIVERS\BthEnum.sys
2011/03/14 22:38:38.0767 5720 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\windows\system32\drivers\bthmodem.sys
2011/03/14 22:38:38.0876 5720 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\windows\system32\DRIVERS\bthpan.sys
2011/03/14 22:38:38.0985 5720 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\windows\system32\Drivers\BTHport.sys
2011/03/14 22:38:39.0141 5720 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\windows\system32\Drivers\BTHUSB.sys
2011/03/14 22:38:39.0281 5720 btwaudio (99aeea7cefdfc6e4151a8f620d682088) C:\windows\system32\drivers\btwaudio.sys
2011/03/14 22:38:39.0359 5720 btwavdt (195872e48a7fb01f8bc9b800f70f4054) C:\windows\system32\drivers\btwavdt.sys
2011/03/14 22:38:39.0453 5720 btwrchid (0724e7d6c9b6a289eddda33fa8176e80) C:\windows\system32\DRIVERS\btwrchid.sys
2011/03/14 22:38:39.0640 5720 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\windows\system32\DRIVERS\cdfs.sys
2011/03/14 22:38:39.0734 5720 cdrom (6b4bffb9becd728097024276430db314) C:\windows\system32\DRIVERS\cdrom.sys
2011/03/14 22:38:39.0812 5720 circlass (e5d4133f37219dbcfe102bc61072589d) C:\windows\system32\drivers\circlass.sys
2011/03/14 22:38:39.0890 5720 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\windows\system32\CLFS.sys
2011/03/14 22:38:39.0999 5720 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\windows\system32\DRIVERS\CmBatt.sys
2011/03/14 22:38:40.0077 5720 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\windows\system32\drivers\cmdide.sys
2011/03/14 22:38:40.0155 5720 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\windows\system32\DRIVERS\compbatt.sys
2011/03/14 22:38:40.0217 5720 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\windows\system32\drivers\crcdisk.sys
2011/03/14 22:38:40.0280 5720 Crusoe (1f07becdca750766a96cda811ba86410) C:\windows\system32\drivers\crusoe.sys
2011/03/14 22:38:40.0420 5720 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\windows\system32\drivers\csc.sys
2011/03/14 22:38:40.0545 5720 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\windows\system32\Drivers\dfsc.sys
2011/03/14 22:38:40.0654 5720 disk (5d4aefc3386920236a548271f8f1af6a) C:\windows\system32\drivers\disk.sys
2011/03/14 22:38:40.0810 5720 drmkaud (97fef831ab90bee128c9af390e243f80) C:\windows\system32\drivers\drmkaud.sys
2011/03/14 22:38:40.0904 5720 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\windows\System32\drivers\dxgkrnl.sys
2011/03/14 22:38:41.0013 5720 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\windows\system32\DRIVERS\E1G60I32.sys
2011/03/14 22:38:41.0122 5720 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\windows\system32\drivers\ecache.sys
2011/03/14 22:38:41.0247 5720 elxstor (23b62471681a124889978f6295b3f4c6) C:\windows\system32\drivers\elxstor.sys
2011/03/14 22:38:41.0341 5720 ErrDev (3db974f3935483555d7148663f726c61) C:\windows\system32\drivers\errdev.sys
2011/03/14 22:38:41.0465 5720 exfat (22b408651f9123527bcee54b4f6c5cae) C:\windows\system32\drivers\exfat.sys
2011/03/14 22:38:41.0543 5720 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\windows\system32\drivers\fastfat.sys
2011/03/14 22:38:41.0668 5720 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\windows\system32\DRIVERS\fdc.sys
2011/03/14 22:38:41.0762 5720 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\windows\system32\drivers\fileinfo.sys
2011/03/14 22:38:41.0824 5720 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\windows\system32\drivers\filetrace.sys
2011/03/14 22:38:41.0902 5720 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\windows\system32\DRIVERS\flpydisk.sys
2011/03/14 22:38:41.0965 5720 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\windows\system32\drivers\fltmgr.sys
2011/03/14 22:38:42.0058 5720 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\windows\system32\drivers\Fs_Rec.sys
2011/03/14 22:38:42.0136 5720 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\windows\system32\drivers\gagp30kx.sys
2011/03/14 22:38:42.0230 5720 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
2011/03/14 22:38:42.0386 5720 HBtnKey (88a78635b41ed4b261365fadeb28fe81) C:\windows\system32\DRIVERS\cpqbttn.sys
2011/03/14 22:38:42.0495 5720 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\windows\system32\drivers\HdAudio.sys
2011/03/14 22:38:42.0604 5720 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\windows\system32\DRIVERS\HDAudBus.sys
2011/03/14 22:38:42.0713 5720 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\windows\system32\drivers\hidbth.sys
2011/03/14 22:38:42.0760 5720 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\windows\system32\drivers\hidir.sys
2011/03/14 22:38:42.0869 5720 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\windows\system32\DRIVERS\hidusb.sys
2011/03/14 22:38:42.0963 5720 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\windows\system32\drivers\hpcisss.sys
2011/03/14 22:38:43.0057 5720 hpdskflt (3520a74fca88a5aefbbe7b937bea75f7) C:\windows\system32\DRIVERS\hpdskflt.sys
2011/03/14 22:38:43.0181 5720 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\windows\system32\DRIVERS\HpqKbFiltr.sys
2011/03/14 22:38:43.0291 5720 HTTP (f870aa3e254628ebeafe754108d664de) C:\windows\system32\drivers\HTTP.sys
2011/03/14 22:38:43.0384 5720 i2omp (c6b032d69650985468160fc9937cf5b4) C:\windows\system32\drivers\i2omp.sys
2011/03/14 22:38:43.0462 5720 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\windows\system32\DRIVERS\i8042prt.sys
2011/03/14 22:38:43.0571 5720 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\windows\system32\drivers\iastor.sys
2011/03/14 22:38:43.0634 5720 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\windows\system32\drivers\iastorv.sys
2011/03/14 22:38:43.0821 5720 igfx (d97e70e4e243c9660f91c1112e36c73b) C:\windows\system32\DRIVERS\igdkmd32.sys
2011/03/14 22:38:43.0961 5720 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\windows\system32\drivers\iirsp.sys
2011/03/14 22:38:44.0055 5720 intelide (83aa759f3189e6370c30de5dc5590718) C:\windows\system32\drivers\intelide.sys
2011/03/14 22:38:44.0102 5720 intelppm (224191001e78c89dfa78924c3ea595ff) C:\windows\system32\DRIVERS\intelppm.sys
2011/03/14 22:38:44.0164 5720 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/03/14 22:38:44.0305 5720 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\windows\system32\drivers\ipmidrv.sys
2011/03/14 22:38:44.0398 5720 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\windows\system32\DRIVERS\ipnat.sys
2011/03/14 22:38:44.0507 5720 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\windows\system32\drivers\irenum.sys
2011/03/14 22:38:44.0570 5720 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\windows\system32\drivers\isapnp.sys
2011/03/14 22:38:44.0648 5720 iScsiPrt (232fa340531d940aac623b121a595034) C:\windows\system32\DRIVERS\msiscsi.sys
2011/03/14 22:38:44.0757 5720 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\windows\system32\drivers\iteatapi.sys
2011/03/14 22:38:44.0819 5720 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\windows\system32\drivers\iteraid.sys
2011/03/14 22:38:44.0882 5720 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\windows\system32\DRIVERS\kbdclass.sys
2011/03/14 22:38:44.0975 5720 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\windows\system32\DRIVERS\kbdhid.sys
2011/03/14 22:38:45.0053 5720 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\windows\system32\Drivers\ksecdd.sys
2011/03/14 22:38:45.0225 5720 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\windows\system32\DRIVERS\lltdio.sys
2011/03/14 22:38:45.0334 5720 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\windows\system32\drivers\lsi_fc.sys
2011/03/14 22:38:45.0397 5720 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\windows\system32\drivers\lsi_sas.sys
2011/03/14 22:38:45.0443 5720 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\windows\system32\drivers\lsi_scsi.sys
2011/03/14 22:38:45.0490 5720 luafv (8f5c7426567798e62a3b3614965d62cc) C:\windows\system32\drivers\luafv.sys
2011/03/14 22:38:45.0599 5720 megasas (0001ce609d66632fa17b84705f658879) C:\windows\system32\drivers\megasas.sys
2011/03/14 22:38:45.0662 5720 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\windows\system32\drivers\megasr.sys
2011/03/14 22:38:45.0740 5720 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\windows\system32\drivers\modem.sys
2011/03/14 22:38:45.0802 5720 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\windows\system32\DRIVERS\monitor.sys
2011/03/14 22:38:45.0896 5720 mouclass (5bf6a1326a335c5298477754a506d263) C:\windows\system32\DRIVERS\mouclass.sys
2011/03/14 22:38:45.0974 5720 mouhid (93b8d4869e12cfbe663915502900876f) C:\windows\system32\DRIVERS\mouhid.sys
2011/03/14 22:38:46.0036 5720 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\windows\system32\drivers\mountmgr.sys
2011/03/14 22:38:46.0114 5720 mpio (511d011289755dd9f9a7579fb0b064e6) C:\windows\system32\drivers\mpio.sys
2011/03/14 22:38:46.0177 5720 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\windows\system32\drivers\mpsdrv.sys
2011/03/14 22:38:46.0270 5720 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\windows\system32\drivers\mraid35x.sys
2011/03/14 22:38:46.0364 5720 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\windows\system32\drivers\mrxdav.sys
2011/03/14 22:38:46.0442 5720 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/03/14 22:38:46.0520 5720 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/03/14 22:38:46.0598 5720 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/03/14 22:38:46.0660 5720 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\windows\system32\drivers\msahci.sys
2011/03/14 22:38:46.0723 5720 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\windows\system32\drivers\msdsm.sys
2011/03/14 22:38:46.0832 5720 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\windows\system32\drivers\Msfs.sys
2011/03/14 22:38:46.0894 5720 msisadrv (0f400e306f385c56317357d6dea56f62) C:\windows\system32\drivers\msisadrv.sys
2011/03/14 22:38:47.0003 5720 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\windows\system32\drivers\MSKSSRV.sys
2011/03/14 22:38:47.0066 5720 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\windows\system32\drivers\MSPCLOCK.sys
2011/03/14 22:38:47.0128 5720 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\windows\system32\drivers\MSPQM.sys
2011/03/14 22:38:47.0206 5720 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\windows\system32\drivers\MsRPC.sys
2011/03/14 22:38:47.0300 5720 mssmbios (e384487cb84be41d09711c30ca79646c) C:\windows\system32\DRIVERS\mssmbios.sys
2011/03/14 22:38:47.0393 5720 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\windows\system32\drivers\MSTEE.sys
2011/03/14 22:38:47.0471 5720 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\windows\system32\Drivers\mup.sys
2011/03/14 22:38:47.0534 5720 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\windows\system32\DRIVERS\nwifi.sys
2011/03/14 22:38:47.0627 5720 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\windows\system32\drivers\ndis.sys
2011/03/14 22:38:47.0752 5720 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\windows\system32\DRIVERS\ndistapi.sys
2011/03/14 22:38:47.0815 5720 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\windows\system32\DRIVERS\ndisuio.sys
2011/03/14 22:38:47.0893 5720 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\windows\system32\DRIVERS\ndiswan.sys
2011/03/14 22:38:47.0955 5720 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\windows\system32\drivers\NDProxy.sys
2011/03/14 22:38:48.0080 5720 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\windows\system32\DRIVERS\netbios.sys
2011/03/14 22:38:48.0158 5720 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\windows\system32\DRIVERS\netbt.sys
2011/03/14 22:38:48.0267 5720 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\windows\system32\drivers\nfrd960.sys
2011/03/14 22:38:48.0361 5720 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\windows\system32\drivers\Npfs.sys
2011/03/14 22:38:48.0454 5720 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\windows\system32\drivers\nsiproxy.sys
2011/03/14 22:38:48.0532 5720 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\windows\system32\drivers\Ntfs.sys
2011/03/14 22:38:48.0626 5720 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\windows\system32\drivers\ntrigdigi.sys
2011/03/14 22:38:48.0688 5720 Null (c5dbbcda07d780bda9b685df333bb41e) C:\windows\system32\drivers\Null.sys
2011/03/14 22:38:48.0735 5720 nvraid (2edf9e7751554b42cbb60116de727101) C:\windows\system32\drivers\nvraid.sys
2011/03/14 22:38:48.0891 5720 nvstor (abed0c09758d1d97db0042dbb2688177) C:\windows\system32\drivers\nvstor.sys
2011/03/14 22:38:48.0969 5720 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\windows\system32\drivers\nv_agp.sys
2011/03/14 22:38:49.0406 5720 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\windows\system32\drivers\ohci1394.sys
2011/03/14 22:38:49.0515 5720 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\windows\system32\drivers\parport.sys
2011/03/14 22:38:49.0577 5720 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\windows\system32\drivers\partmgr.sys
2011/03/14 22:38:49.0655 5720 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\windows\system32\drivers\parvdm.sys
2011/03/14 22:38:49.0796 5720 pci (941dc1d19e7e8620f40bbc206981efdb) C:\windows\system32\drivers\pci.sys
2011/03/14 22:38:49.0889 5720 pciide (fc175f5ddab666d7f4d17449a547626f) C:\windows\system32\drivers\pciide.sys
2011/03/14 22:38:49.0983 5720 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\windows\system32\DRIVERS\pcmcia.sys
2011/03/14 22:38:50.0092 5720 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\windows\system32\drivers\peauth.sys
2011/03/14 22:38:50.0279 5720 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\windows\system32\DRIVERS\raspptp.sys
2011/03/14 22:38:50.0357 5720 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\windows\system32\drivers\processr.sys
2011/03/14 22:38:50.0482 5720 PSched (99514faa8df93d34b5589187db3aa0ba) C:\windows\system32\DRIVERS\pacer.sys
2011/03/14 22:38:50.0576 5720 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\windows\system32\Drivers\PxHelp20.sys
2011/03/14 22:38:50.0669 5720 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\windows\system32\drivers\ql2300.sys
2011/03/14 22:38:50.0794 5720 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\windows\system32\drivers\ql40xx.sys
2011/03/14 22:38:50.0872 5720 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\windows\system32\drivers\qwavedrv.sys
2011/03/14 22:38:50.0935 5720 RasAcd (147d7f9c556d259924351feb0de606c3) C:\windows\system32\DRIVERS\rasacd.sys
2011/03/14 22:38:50.0997 5720 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/03/14 22:38:51.0059 5720 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\windows\system32\DRIVERS\raspppoe.sys
2011/03/14 22:38:51.0153 5720 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\windows\system32\DRIVERS\rassstp.sys
2011/03/14 22:38:51.0231 5720 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\windows\system32\DRIVERS\rdbss.sys
2011/03/14 22:38:51.0293 5720 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/03/14 22:38:51.0403 5720 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\windows\system32\DRIVERS\rdpdr.sys
2011/03/14 22:38:51.0465 5720 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\windows\system32\drivers\rdpencdd.sys
2011/03/14 22:38:51.0559 5720 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\windows\system32\drivers\RDPWD.sys
2011/03/14 22:38:51.0683 5720 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\windows\system32\DRIVERS\rfcomm.sys
2011/03/14 22:38:51.0824 5720 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\windows\system32\DRIVERS\rspndr.sys
2011/03/14 22:38:51.0886 5720 RsvLock (3beefe509c414f3a6e55e5c7c4024581) C:\windows\system32\drivers\RsvLock.sys
2011/03/14 22:38:51.0964 5720 SafeBoot (2a5eedcb22a5d6bb0231e38a38e7a7d9) C:\windows\system32\drivers\SafeBoot.sys
2011/03/14 22:38:51.0964 5720 Suspicious file (NoAccess): C:\windows\system32\drivers\SafeBoot.sys. md5: 2a5eedcb22a5d6bb0231e38a38e7a7d9
2011/03/14 22:38:51.0980 5720 SafeBoot - detected Locked file (1)
2011/03/14 22:38:52.0058 5720 SbAlg (52dcde2d1787217e15ffdca1cbf8cce9) C:\windows\system32\drivers\SbAlg.sys
2011/03/14 22:38:52.0105 5720 SbFsLock (69a5af9ce49a0982e7ae7c7d62bdb2b1) C:\windows\system32\drivers\SbFsLock.sys
2011/03/14 22:38:52.0183 5720 sbp2port (3ce8f073a557e172b330109436984e30) C:\windows\system32\drivers\sbp2port.sys
2011/03/14 22:38:52.0292 5720 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
2011/03/14 22:38:52.0385 5720 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\windows\system32\drivers\serenum.sys
2011/03/14 22:38:52.0448 5720 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\windows\system32\drivers\serial.sys
2011/03/14 22:38:52.0541 5720 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\windows\system32\drivers\sermouse.sys
2011/03/14 22:38:52.0635 5720 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\windows\system32\drivers\sffdisk.sys
2011/03/14 22:38:52.0697 5720 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\windows\system32\drivers\sffp_mmc.sys
2011/03/14 22:38:52.0791 5720 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\windows\system32\drivers\sffp_sd.sys
2011/03/14 22:38:52.0822 5720 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\windows\system32\drivers\sfloppy.sys
2011/03/14 22:38:52.0916 5720 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\windows\system32\drivers\sisagp.sys
2011/03/14 22:38:52.0978 5720 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\windows\system32\drivers\sisraid2.sys
2011/03/14 22:38:53.0056 5720 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\windows\system32\drivers\sisraid4.sys
2011/03/14 22:38:53.0165 5720 Smb (7b75299a4d201d6a6533603d6914ab04) C:\windows\system32\DRIVERS\smb.sys
2011/03/14 22:38:53.0321 5720 SNP2UVC (cf9cde12fbc19dba8de528b7511a2f4f) C:\windows\system32\DRIVERS\snp2uvc.sys
2011/03/14 22:38:53.0431 5720 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\windows\system32\drivers\spldr.sys
2011/03/14 22:38:53.0555 5720 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\windows\system32\DRIVERS\srv.sys
2011/03/14 22:38:53.0649 5720 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\windows\system32\DRIVERS\srv2.sys
2011/03/14 22:38:53.0696 5720 srvnet (faa0d553a49e85008c6bb3781987c574) C:\windows\system32\DRIVERS\srvnet.sys
2011/03/14 22:38:53.0789 5720 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\windows\system32\DRIVERS\swenum.sys
2011/03/14 22:38:53.0899 5720 Symc8xx (192aa3ac01df071b541094f251deed10) C:\windows\system32\drivers\symc8xx.sys
2011/03/14 22:38:53.0977 5720 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\windows\system32\drivers\sym_hi.sys
2011/03/14 22:38:54.0023 5720 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\windows\system32\drivers\sym_u3.sys
2011/03/14 22:38:54.0101 5720 SynTP (f5d926807bd9bc0af68f9376144de425) C:\windows\system32\DRIVERS\SynTP.sys
2011/03/14 22:38:54.0257 5720 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\windows\system32\drivers\tcpip.sys
2011/03/14 22:38:54.0382 5720 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\windows\system32\DRIVERS\tcpip.sys
2011/03/14 22:38:54.0460 5720 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\windows\system32\drivers\tcpipreg.sys
2011/03/14 22:38:54.0538 5720 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\windows\system32\drivers\tdpipe.sys
2011/03/14 22:38:54.0632 5720 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\windows\system32\drivers\tdtcp.sys
2011/03/14 22:38:54.0710 5720 tdx (76b06eb8a01fc8624d699e7045303e54) C:\windows\system32\DRIVERS\tdx.sys
2011/03/14 22:38:54.0788 5720 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\windows\system32\DRIVERS\termdd.sys
2011/03/14 22:38:55.0474 5720 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\windows\system32\DRIVERS\tssecsrv.sys
2011/03/14 22:38:55.0708 5720 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\windows\system32\DRIVERS\tunmp.sys
2011/03/14 22:38:55.0880 5720 tunnel (300db877ac094feab0be7688c3454a9c) C:\windows\system32\DRIVERS\tunnel.sys
2011/03/14 22:38:56.0348 5720 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\windows\system32\drivers\uagp35.sys
2011/03/14 22:38:56.0629 5720 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\windows\system32\DRIVERS\udfs.sys
2011/03/14 22:38:56.0863 5720 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\windows\system32\drivers\uliagpkx.sys
2011/03/14 22:38:57.0159 5720 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\windows\system32\drivers\uliahci.sys
2011/03/14 22:38:57.0892 5720 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\windows\system32\drivers\ulsata.sys
2011/03/14 22:38:58.0126 5720 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\windows\system32\drivers\ulsata2.sys
2011/03/14 22:38:58.0750 5720 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\windows\system32\DRIVERS\umbus.sys
2011/03/14 22:38:58.0859 5720 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\windows\system32\Drivers\usbaapl.sys
2011/03/14 22:38:59.0015 5720 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\windows\system32\DRIVERS\usbccgp.sys
2011/03/14 22:38:59.0093 5720 usbcir (e9476e6c486e76bc4898074768fb7131) C:\windows\system32\drivers\usbcir.sys
2011/03/14 22:38:59.0218 5720 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\windows\system32\DRIVERS\usbehci.sys
2011/03/14 22:38:59.0421 5720 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\windows\system32\DRIVERS\usbhub.sys
2011/03/14 22:38:59.0499 5720 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\windows\system32\DRIVERS\usbohci.sys
2011/03/14 22:38:59.0593 5720 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\windows\system32\DRIVERS\usbprint.sys
2011/03/14 22:38:59.0733 5720 usbscan (a508c9bd8724980512136b039bba65e9) C:\windows\system32\DRIVERS\usbscan.sys
2011/03/14 22:38:59.0827 5720 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\windows\system32\DRIVERS\USBSTOR.SYS
2011/03/14 22:38:59.0983 5720 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\windows\system32\DRIVERS\usbuhci.sys
2011/03/14 22:39:00.0201 5720 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\windows\system32\Drivers\usbvideo.sys
2011/03/14 22:39:00.0341 5720 vga (87b06e1f30b749a114f74622d013f8d4) C:\windows\system32\DRIVERS\vgapnp.sys
2011/03/14 22:39:00.0466 5720 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\windows\System32\drivers\vga.sys
2011/03/14 22:39:00.0607 5720 viaagp (5d7159def58a800d5781ba3a879627bc) C:\windows\system32\drivers\viaagp.sys
2011/03/14 22:39:00.0716 5720 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\windows\system32\drivers\viac7.sys
2011/03/14 22:39:00.0794 5720 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\windows\system32\drivers\viaide.sys
2011/03/14 22:39:00.0934 5720 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\windows\system32\drivers\volmgr.sys
2011/03/14 22:39:01.0215 5720 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\windows\system32\drivers\volmgrx.sys
2011/03/14 22:39:01.0387 5720 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\windows\system32\drivers\volsnap.sys
2011/03/14 22:39:01.0496 5720 vsmraid (587253e09325e6bf226b299774b728a9) C:\windows\system32\drivers\vsmraid.sys
2011/03/14 22:39:01.0605 5720 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\windows\system32\drivers\wacompen.sys
2011/03/14 22:39:01.0667 5720 Wanarp (55201897378cca7af8b5efd874374a26) C:\windows\system32\DRIVERS\wanarp.sys
2011/03/14 22:39:01.0699 5720 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\windows\system32\DRIVERS\wanarp.sys
2011/03/14 22:39:01.0870 5720 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\windows\system32\drivers\wd.sys
2011/03/14 22:39:01.0964 5720 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\windows\system32\drivers\Wdf01000.sys
2011/03/14 22:39:02.0323 5720 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\windows\system32\DRIVERS\wmiacpi.sys
2011/03/14 22:39:02.0572 5720 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\windows\system32\DRIVERS\wpdusb.sys
2011/03/14 22:39:02.0666 5720 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\windows\system32\drivers\ws2ifsl.sys
2011/03/14 22:39:02.0822 5720 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\windows\system32\DRIVERS\WUDFRd.sys
2011/03/14 22:39:03.0274 5720 yukonwlh (f72d4bffa37e857d195048c498afc61b) C:\windows\system32\DRIVERS\yk60x86.sys
2011/03/14 22:39:03.0399 5720 ================================================================================
2011/03/14 22:39:03.0399 5720 Scan finished
2011/03/14 22:39:03.0399 5720 ================================================================================
2011/03/14 22:39:03.0430 2820 Detected object count: 1
2011/03/14 22:39:16.0706 2820 HKLM\SYSTEM\ControlSet001\services\SafeBoot - will be deleted after reboot
2011/03/14 22:39:16.0737 2820 HKLM\SYSTEM\ControlSet005\services\SafeBoot - will be deleted after reboot
2011/03/14 22:39:16.0768 2820 C:\windows\system32\drivers\SafeBoot.sys - will be deleted after reboot
2011/03/14 22:39:16.0768 2820 Locked file(SafeBoot) - User select action: Delete
Utilisateur anonyme
14 mars 2011 à 22:48
14 mars 2011 à 22:48
__________________________________________________
=>/!\Le script qui suit a été écrit spécialement cet ordinateur/!\ <=
=>il est fort déconseillé de le transposer sur un autre ordinateur !<=
----------------------------------------------------------------------------
Toujours avec toutes les protections désactivées, fais ceci :
▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
▶ Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :
----------------------------------------------------------
KillAll::
TDL::
C:\windows\system32\drivers\SafeBoot.sys
------------------------------------------------------------------
▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
▶ Quitte le Bloc Notes
▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier combofix
▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt
darkovnus
Messages postés
35
Date d'inscription
jeudi 8 janvier 2009
Statut
Membre
Dernière intervention
26 septembre 2011
14 mars 2011 à 23:39
14 mars 2011 à 23:39
je fait sa tout de suite merci
darkovnus
Messages postés
35
Date d'inscription
jeudi 8 janvier 2009
Statut
Membre
Dernière intervention
26 septembre 2011
16 mars 2011 à 13:07
16 mars 2011 à 13:07
J'ai beau essayer une fois que combofix commence a lancer son analyse l'ordianteur beug et ne repond plus. Il finit par s'eteindre tout seul et quand je veux le rallumer il m'envoyer dans le systeme de réparation de demarrage windows.
Utilisateur anonyme
16 mars 2011 à 13:10
16 mars 2011 à 13:10
ok essaie en mode sans echec
darkovnus
Messages postés
35
Date d'inscription
jeudi 8 janvier 2009
Statut
Membre
Dernière intervention
26 septembre 2011
16 mars 2011 à 13:29
16 mars 2011 à 13:29
c'est a dire ???
Utilisateur anonyme
16 mars 2011 à 14:58
16 mars 2011 à 14:58
Comment aller en Mode sans échec :
▶ Redémarres ton ordi
▶ Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
▶ Tu verras un écran avec options de démarrage apparaître
▶ Choisis la première option : Sans Échec, et valide avec "Entrée"
▶ Redémarres ton ordi
▶ Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
▶ Tu verras un écran avec options de démarrage apparaître
▶ Choisis la première option : Sans Échec, et valide avec "Entrée"
darkovnus
Messages postés
35
Date d'inscription
jeudi 8 janvier 2009
Statut
Membre
Dernière intervention
26 septembre 2011
16 mars 2011 à 21:45
16 mars 2011 à 21:45
voici le rapport de combofix
ComboFix 11-03-12.01 - Lolo 16/03/2011 21:03:31.4.1 - x86
Microsoft® Windows Vista(TM) Professionnel 6.0.6002.2.1252.33.1036.18.1976.952 [GMT 1:00]
Lancé depuis: c:\users\Lolo\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Lolo\Desktop\CFScript.txt
AV: avast! antivirus *Disabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! antivirus *Disabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-02-16 au 2011-03-16 ))))))))))))))))))))))))))))))))))))
.
.
2011-03-16 20:14 . 2011-03-16 20:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-16 08:31 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{43808BAA-C8E8-4CCE-AD7D-5B523136CE0C}\mpengine.dll
2011-03-13 08:42 . 2011-03-16 20:23 -------- d-----w- c:\users\Lolo\AppData\Local\temp
2011-03-10 18:51 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-10 18:51 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-10 18:51 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-10 18:51 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-10 18:51 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-10 18:51 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-02-27 11:26 . 2011-02-27 11:26 -------- d-----w- c:\program files\iPod
2011-02-27 11:26 . 2011-02-27 11:27 -------- d-----w- c:\program files\iTunes
2011-02-27 11:20 . 2011-02-27 11:20 -------- d-----w- c:\program files\Bonjour
2011-02-19 02:05 . 2011-02-19 02:05 23040 ----a-w- c:\windows\system32\bddel.exe
2011-02-18 22:33 . 2011-02-18 22:33 -------- d-----w- c:\users\Lolo\AppData\Roaming\QuickScan
2011-02-18 22:31 . 2011-03-13 08:44 -------- d-----w- c:\program files\Common Files\BitDefender
2011-02-18 22:29 . 2011-03-13 08:24 512599 ----a-w- c:\programdata\bdinstall.bin
2011-02-17 19:03 . 2011-02-17 19:03 -------- d-----w- c:\windows\fr
2011-02-17 18:57 . 2009-09-04 16:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-02-17 18:57 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-02-17 18:57 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-02-17 18:54 . 2011-02-17 18:54 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\2a9c98e31cbced407\DSETUP.dll
2011-02-17 18:54 . 2011-02-17 18:54 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\2a9c98e31cbced407\DXSETUP.exe
2011-02-17 18:54 . 2011-02-17 18:54 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\2a9c98e31cbced407\dsetup32.dll
2011-02-17 18:54 . 2011-02-17 18:54 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\29f397431cbced406\DSETUP.dll
2011-02-17 18:54 . 2011-02-17 18:54 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\29f397431cbced406\DXSETUP.exe
2011-02-17 18:54 . 2011-02-17 18:54 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\29f397431cbced406\dsetup32.dll
2011-02-17 18:53 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2011-02-16 22:35 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe
2011-02-16 22:34 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll
2011-02-16 22:34 . 2011-01-08 08:47 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-16 22:34 . 2011-01-08 06:28 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-02-16 22:34 . 2010-06-16 15:30 72704 ----a-w- c:\windows\system32\fontsub.dll
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-10 18:41 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-02 16:11 . 2009-10-03 07:56 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-18 2289664]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-06 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2008-05-08 238984]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-05-21 24848]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-05-12 318488]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1045800]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2008-05-02 10244096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-14 177456]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2008-04-21 197904]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-10 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-10 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-10 145944]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1314816]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
.
c:\users\Lolo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-2-19 503808]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-1-16 727592]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-6-18 197904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 135664]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-08 1112560]
R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 aswSP;avast! Self Protection; [x]
S1 RsvLock;RsvLock; [x]
S2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2007-05-15 182576]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2008-05-14 34184]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2008-05-14 256512]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [2008-05-02 77824]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-04-07 24936]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2008-05-12 576024]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-18 00:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'
.
2011-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 17:08]
.
2011-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 17:08]
.
2011-03-16 c:\windows\Tasks\Norton Security Scan for Lolo.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-10-23 07:48]
.
2011-03-13 c:\windows\Tasks\User_Feed_Synchronization-{AF1FD668-6C39-4ACD-B4AA-8512F55AB2A9}.job
- c:\windows\system32\msfeedssync.exe [2011-02-16 04:47]
.
.
------- Examen supplémentaire -------
.
uStart Page = about:blank
mStart Page = about:blank
mSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Lolo\AppData\Roaming\Mozilla\Firefox\Profiles\4m9vyvqd.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'Explorer.exe'(2308)
c:\windows\System32\APSHook.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItClient.dll
c:\program files\Hewlett-Packard\File Sanitizer\HPPMDesktopIcon.dll
c:\windows\system32\btncopy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\AEADISRV.EXE
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe
c:\windows\system32\conime.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Heure de fin: 2011-03-16 21:27:58 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-03-16 20:27
ComboFix2.txt 2011-03-13 20:33
ComboFix3.txt 2011-03-13 13:45
ComboFix4.txt 2011-03-13 08:54
.
Avant-CF: 134 559 424 512 octets libres
Après-CF: 134 401 044 480 octets libres
.
- - End Of File - - 49F05B4F9F125AB4E5CAA8DD9EE784BF
ComboFix 11-03-12.01 - Lolo 16/03/2011 21:03:31.4.1 - x86
Microsoft® Windows Vista(TM) Professionnel 6.0.6002.2.1252.33.1036.18.1976.952 [GMT 1:00]
Lancé depuis: c:\users\Lolo\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Lolo\Desktop\CFScript.txt
AV: avast! antivirus *Disabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! antivirus *Disabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-02-16 au 2011-03-16 ))))))))))))))))))))))))))))))))))))
.
.
2011-03-16 20:14 . 2011-03-16 20:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-16 08:31 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{43808BAA-C8E8-4CCE-AD7D-5B523136CE0C}\mpengine.dll
2011-03-13 08:42 . 2011-03-16 20:23 -------- d-----w- c:\users\Lolo\AppData\Local\temp
2011-03-10 18:51 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-10 18:51 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-10 18:51 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-10 18:51 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-10 18:51 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-10 18:51 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-02-27 11:26 . 2011-02-27 11:26 -------- d-----w- c:\program files\iPod
2011-02-27 11:26 . 2011-02-27 11:27 -------- d-----w- c:\program files\iTunes
2011-02-27 11:20 . 2011-02-27 11:20 -------- d-----w- c:\program files\Bonjour
2011-02-19 02:05 . 2011-02-19 02:05 23040 ----a-w- c:\windows\system32\bddel.exe
2011-02-18 22:33 . 2011-02-18 22:33 -------- d-----w- c:\users\Lolo\AppData\Roaming\QuickScan
2011-02-18 22:31 . 2011-03-13 08:44 -------- d-----w- c:\program files\Common Files\BitDefender
2011-02-18 22:29 . 2011-03-13 08:24 512599 ----a-w- c:\programdata\bdinstall.bin
2011-02-17 19:03 . 2011-02-17 19:03 -------- d-----w- c:\windows\fr
2011-02-17 18:57 . 2009-09-04 16:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-02-17 18:57 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-02-17 18:57 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-02-17 18:54 . 2011-02-17 18:54 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\2a9c98e31cbced407\DSETUP.dll
2011-02-17 18:54 . 2011-02-17 18:54 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\2a9c98e31cbced407\DXSETUP.exe
2011-02-17 18:54 . 2011-02-17 18:54 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\2a9c98e31cbced407\dsetup32.dll
2011-02-17 18:54 . 2011-02-17 18:54 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\29f397431cbced406\DSETUP.dll
2011-02-17 18:54 . 2011-02-17 18:54 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\29f397431cbced406\DXSETUP.exe
2011-02-17 18:54 . 2011-02-17 18:54 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\29f397431cbced406\dsetup32.dll
2011-02-17 18:53 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2011-02-16 22:35 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe
2011-02-16 22:34 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll
2011-02-16 22:34 . 2011-01-08 08:47 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-16 22:34 . 2011-01-08 06:28 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-02-16 22:34 . 2010-06-16 15:30 72704 ----a-w- c:\windows\system32\fontsub.dll
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-10 18:41 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-02 16:11 . 2009-10-03 07:56 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-18 2289664]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-06 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2008-05-08 238984]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-05-21 24848]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-05-12 318488]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1045800]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2008-05-02 10244096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-14 177456]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2008-04-21 197904]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-10 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-10 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-10 145944]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1314816]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
.
c:\users\Lolo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-2-19 503808]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-1-16 727592]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-6-18 197904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 135664]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-08 1112560]
R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 aswSP;avast! Self Protection; [x]
S1 RsvLock;RsvLock; [x]
S2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2007-05-15 182576]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2008-05-14 34184]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2008-05-14 256512]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [2008-05-02 77824]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-04-07 24936]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2008-05-12 576024]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-18 00:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'
.
2011-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 17:08]
.
2011-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 17:08]
.
2011-03-16 c:\windows\Tasks\Norton Security Scan for Lolo.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-10-23 07:48]
.
2011-03-13 c:\windows\Tasks\User_Feed_Synchronization-{AF1FD668-6C39-4ACD-B4AA-8512F55AB2A9}.job
- c:\windows\system32\msfeedssync.exe [2011-02-16 04:47]
.
.
------- Examen supplémentaire -------
.
uStart Page = about:blank
mStart Page = about:blank
mSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Lolo\AppData\Roaming\Mozilla\Firefox\Profiles\4m9vyvqd.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'Explorer.exe'(2308)
c:\windows\System32\APSHook.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItClient.dll
c:\program files\Hewlett-Packard\File Sanitizer\HPPMDesktopIcon.dll
c:\windows\system32\btncopy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\AEADISRV.EXE
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe
c:\windows\system32\conime.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Heure de fin: 2011-03-16 21:27:58 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-03-16 20:27
ComboFix2.txt 2011-03-13 20:33
ComboFix3.txt 2011-03-13 13:45
ComboFix4.txt 2011-03-13 08:54
.
Avant-CF: 134 559 424 512 octets libres
Après-CF: 134 401 044 480 octets libres
.
- - End Of File - - 49F05B4F9F125AB4E5CAA8DD9EE784BF
Utilisateur anonyme
16 mars 2011 à 22:00
16 mars 2011 à 22:00
refais un scan tdsskiller ?
darkovnus
Messages postés
35
Date d'inscription
jeudi 8 janvier 2009
Statut
Membre
Dernière intervention
26 septembre 2011
16 mars 2011 à 22:09
16 mars 2011 à 22:09
ok