× Aidez la recherche contre le COVID-19 avec votre ordi ! Rejoignez l'équipe PC Astuces Folding@home
 > Tous les forums > Forum Sécurité
 Alerte VIRUS sur mon PC ?Sujet résolu
Ajouter un message à la discussion
Pages : [1] 2 3 ... Fin
Page 1 sur 3 [Fin]
Bruno_K
  Posté le 03/07/2011 @ 15:20 
Aller en bas de la page 
Astucien

Bonjour tout le monde,

Depuis quelques temps, je constate un decalage de caracteres entre ce que je tape et ce qui apparait sur les forums : ma machine serait-elle atteinte de virus ?

Merci.

Publicité
Bruno_K
 Posté le 03/07/2011 à 15:33 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

Voici, je vous prie, le rapport RSIT :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Manager at 2011-07-03 15:27:28
Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (10%) free of 25 GB
Total RAM: 1015 MB (30% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:28:32 PM, on 7/3/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\AOL\1263316154\ee\AOLSoftware.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\RAM Idle LE\RAM_XP.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\facemoods.com\facemoods\1.4.17.6\facemoodssrv.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\1-Click Answers\answers.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Datacolor\Spyder3Express\Utility\Spyder3Utility.exe
C:\Documents and Settings\Manager\Desktop\RSIT.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\PROGRA~1\1-CLIC~1\agtserv.exe
C:\Program Files\Common Files\aol\1263316154\ee\aolsoftware.exe
C:\Program Files\trend micro\Manager.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ironto&s={searchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://java.com/download
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Softpedia
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Answers.com Toolbar - {6341761b-babe-406d-b0d6-8d99b81c2ee5} - C:\Program Files\Answers.com\prxtbAns0.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: (no name) - {416ae1cb-7257-484a-b912-aebc7fdad4ce} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Answers.com - {6341761b-babe-406d-b0d6-8d99b81c2ee5} - C:\Program Files\Answers.com\prxtbAns0.dll
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.6\bh\facemoods.dll
O2 - BHO: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZon1.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar: Answers.com Toolbar - {6341761b-babe-406d-b0d6-8d99b81c2ee5} - C:\Program Files\Answers.com\prxtbAns0.dll
O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing)
O3 - Toolbar: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZon1.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: Show Xmlbar Toolbar - {6B896ADB-4A82-46e2-858C-13134782CE34} - C:\Program Files\Xmlbar\Video Joiner\IEBar\xbietb.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.6\facemoodsTlbr.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1263316154\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\RAM Idle LE\RAM_XP.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: 1-Click Answers.lnk = C:\Program Files\1-Click Answers\answers.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Spyder3Utility.lnk = C:\Program Files\Datacolor\Spyder3Express\Utility\Spyder3Utility.exe
O8 - Extra context menu item: Answers... - file://C:\Program Files\1-Click Answers\Html\atiemenu.htm
O8 - Extra context menu item: SYSTRAN Lookup - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/lookup.js
O8 - Extra context menu item: SYSTRAN Translate - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/translate.js
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Video Joiner - {C7883BD1-C06B-4f9e-BA96-0D8C5DE373D9} - C:\Program Files\Xmlbar\Video Joiner\FlvJoiner(xmlbar).exe
O9 - Extra 'Tools' menuitem: Video Joiner - {C7883BD1-C06B-4f9e-BA96-0D8C5DE373D9} - C:\Program Files\Xmlbar\Video Joiner\FlvJoiner(xmlbar).exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ("Ma-Config.com control) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_4_0_1_3.cab
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 16494 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{416ae1cb-7257-484a-b912-aebc7fdad4ce}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6341761b-babe-406d-b0d6-8d99b81c2ee5}]
Answers.com Toolbar - C:\Program Files\Answers.com\prxtbAns0.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}]
CescrtHlpr Object - C:\Program Files\facemoods.com\facemoods\1.4.17.6\bh\facemoods.dll [2010-10-26 262144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
ZoneAlarm Toolbar - C:\Program Files\ZoneAlarm\tbZon1.dll [2010-08-17 2734688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]
ZoneAlarm Security Engine Registrar - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2010-05-26 591336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}]
Babylon IE plugin - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll [2010-08-10 253368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-05-04 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2010-05-26 591336]
Locked
{6341761b-babe-406d-b0d6-8d99b81c2ee5} - Answers.com Toolbar - C:\Program Files\Answers.com\prxtbAns0.dll [2011-01-17 175912]
{95daa571-4def-4a6d-97d8-98a346672a24} - SYSTRAN Toolbar - C:\WINDOWS\system32\mscoree.dll [2008-07-25 282112]
{66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - ZoneAlarm Toolbar - C:\Program Files\ZoneAlarm\tbZon1.dll [2010-08-17 2734688]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]
{6B896ADB-4A82-46e2-858C-13134782CE34} - Show Xmlbar Toolbar - C:\Program Files\Xmlbar\Video Joiner\IEBar\xbietb.dll [2009-12-15 413696]
{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - facemoods Toolbar - C:\Program Files\facemoods.com\facemoods\1.4.17.6\facemoodsTlbr.dll [2010-10-26 217088]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-09-24 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-09-24 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-09-24 137752]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-01-05 872448]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-15 488752]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2010-01-10 1945600]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-01-18 1028096]
"Cpqset"=C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe [2007-09-20 61440]
"PTHOSTTR"=C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [2007-01-09 145184]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-06-03 177456]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2009-09-12 5048488]
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2009-09-12 357384]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-11-06 570664]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-12-02 2221352]
"BootSkin Startup Jobs"=C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe [2004-04-26 270336]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]
""= []
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"HostManager"=C:\Program Files\Common Files\AOL\1263316154\ee\AOLSoftware.exe [2009-07-20 41264]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-03-20 213936]
"RAM Idle Professional"=C:\Program Files\RAM Idle LE\RAM_XP.exe [2006-01-17 135168]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-08-17 281768]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2010-06-23 1043968]
"ISW"=C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [2010-05-26 730600]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-08-10 421888]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-09-01 1164584]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2010-07-04 17408]
"Babylon Client"=C:\Program Files\Babylon\Babylon-Pro\Babylon.exe [2010-08-10 3824056]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-10-18 455968]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-12-12 1840424]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
1-Click Answers.lnk - C:\Program Files\1-Click Answers\answers.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Spyder3Utility.lnk - C:\Program Files\Datacolor\Spyder3Express\Utility\Spyder3Utility.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-09-18 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Common Files\aol\acs\AOLDial.exe"="C:\Program Files\Common Files\aol\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer"
"C:\Program Files\Common Files\aol\acs\AOLacsd.exe"="C:\Program Files\Common Files\aol\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Service"
"C:\Program Files\Common Files\aol\1263316154\ee\aolsoftware.exe"="C:\Program Files\Common Files\aol\1263316154\ee\aolsoftware.exe:*:Enabled:AOL Shared Components"
"C:\Program Files\AOL 9.5\waol.exe"="C:\Program Files\AOL 9.5\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe"="C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"C:\Program Files\Common Files\aol\Loader\aolload.exe"="C:\Program Files\Common Files\aol\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\aol\System Information\sinf.exe"="C:\Program Files\Common Files\aol\System Information\sinf.exe:*:Enabled:AOL System Information"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe"="C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon"
"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"D:\Téléchargements\3gp_converter_setup.exe"="D:\Téléchargements\3gp_converter_setup.exe:*:Enabled:3GP Converter"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\Downloads\utorrent.exe"="D:\Downloads\utorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2011-07-03 15:26:34 ----D---- C:\Documents and Settings\Manager\Application Data\facemoods.com
2011-06-28 01:02:14 ----D---- C:\Program Files\Lame For Audacity
2011-06-28 00:38:06 ----D---- C:\Program Files\facemoods.com
2011-06-28 00:37:56 ----D---- C:\Program Files\FoxTabMP3Converter
2011-06-28 00:11:21 ----D---- C:\Program Files\GoldWave
2011-06-27 23:45:00 ----D---- C:\Program Files\Audacity 1.3 Beta (Unicode)
2011-06-19 16:01:00 ----D---- C:\Program Files\Mozilla Firefox
2011-06-15 12:31:44 ----D---- C:\Program Files\Common Files\Java
2011-06-15 12:30:53 ----A---- C:\WINDOWS\system32\javaws.exe
2011-06-15 12:30:53 ----A---- C:\WINDOWS\system32\javaw.exe
2011-06-15 12:30:53 ----A---- C:\WINDOWS\system32\java.exe
2011-06-10 13:51:06 ----D---- C:\Program Files\Xmlbar

======List of files/folders modified in the last 1 months======

2011-07-03 15:28:07 ----D---- C:\WINDOWS\Prefetch
2011-07-03 15:28:07 ----D---- C:\WINDOWS\Internet Logs
2011-07-03 15:28:01 ----D---- C:\Program Files\trend micro
2011-07-03 15:26:38 ----D---- C:\Documents and Settings\All Users\Application Data\Babylon
2011-07-03 15:26:29 ----D---- C:\WINDOWS\Temp
2011-07-03 12:46:28 ----A---- C:\WINDOWS\win.ini
2011-07-03 12:40:49 ----SD---- C:\WINDOWS\Tasks
2011-07-03 12:40:45 ----D---- C:\WINDOWS
2011-07-03 12:40:26 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-03 12:33:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-03 12:19:49 ----D---- C:\WINDOWS\system32\NtmsData
2011-07-03 12:04:02 ----D---- C:\WINDOWS\Registration
2011-07-02 10:57:01 ----A---- C:\WINDOWS\NeroDigital.ini
2011-06-29 13:12:17 ----D---- C:\WINDOWS\system32\drivers
2011-06-28 01:02:14 ----RD---- C:\Program Files
2011-06-26 13:11:45 ----SHD---- C:\System Volume Information
2011-06-25 19:03:28 ----D---- C:\WINDOWS\system32
2011-06-19 16:47:09 ----D---- C:\WINDOWS\system32\Restore
2011-06-19 15:49:52 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2011-06-19 15:21:02 ----D---- C:\Temp
2011-06-15 12:31:47 ----SHD---- C:\WINDOWS\Installer
2011-06-15 12:31:44 ----D---- C:\Program Files\Common Files
2011-06-15 12:30:41 ----D---- C:\Program Files\Java
2011-06-10 13:53:48 ----D---- C:\Program Files\Answers.com
2011-06-10 13:53:26 ----D---- C:\Program Files\ConduitEngine
2011-06-10 13:53:23 ----A---- C:\WINDOWS\system32\ConduitEngine.tmp
2011-06-06 13:27:09 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2011-04-02 137656]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-02-27 3840]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R1 truecrypt;truecrypt; C:\WINDOWS\System32\drivers\truecrypt.sys [2010-01-16 223440]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2010-05-13 532224]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-12-22 61960]
R2 ISWKL;ZoneAlarm Toolbar ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2008-02-05 281600]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-07-13 94976]
R3 afcdp;afcdp; C:\WINDOWS\system32\DRIVERS\afcdp.sys [2010-01-11 159168]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2008-03-21 1203776]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2010-01-10 1391104]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-02-14 868298]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-02-14 67960]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-04-12 250776]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2008-04-28 9344]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-09-18 5779296]
R3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys []
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-01-18 220640]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
S3 RkHit;RkHit; \??\C:\WINDOWS\system32\drivers\RKHit.sys []
S3 Spyder3;Datacolor Spyder3; C:\WINDOWS\system32\DRIVERS\Spyder3.sys [2008-09-08 12288]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2009-09-12 660520]
R2 afcdpsrv;Acronis Nonstop Backup service; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2010-01-11 2326920]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2008-03-18 13312]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2011-04-02 269480]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-02-06 266295]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-09-30 96341]
R2 IswSvc;ZoneAlarm Toolbar IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [2010-05-26 493032]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-05-04 153376]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2011-06-28 2151640]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-10-18 79136]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-12-02 877864]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2010-06-23 2435592]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2010-01-10 24576]
R3 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2009-04-30 229944]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-12-12 537896]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-01-12 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2010-08-13 259440]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Evasion60
 Posté le 03/07/2011 à 19:06 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

Bonsoir

... Tu es infecté, dont un très méchant " RootKit "
Attention, plus de place sur ton disque dur !!! ===>

Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (10%) free of 25 GB

... Je préfère travailler avec ZHPDiag + MalwareBytes

Pour une meilleure réponse, clique dans ma signature " Aide au diag d'un PC infecté "

Reviens dans ta réponse avec les deux rapports demandés =>
- MBAM
- ZHPDiag

A te lire



Modifié par Evasion60 le 03/07/2011 19:12
Bruno_K
 Posté le 03/07/2011 à 20:47 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

Merci Evasion60 ! Je me mets au boulot !

Bruno_K
 Posté le 03/07/2011 à 21:07 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

Fichier joint : ZHPDiag.txt

Bruno_K
 Posté le 03/07/2011 à 21:28 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7012

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/3/2011 9:27:09 PM
mbam-log-2011-07-03 (21-27-08).txt

Scan type: Quick scan
Objects scanned: 192422
Time elapsed: 14 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Evasion60
 Posté le 04/07/2011 à 13:15 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

Bonjour

Bien confirmé, belles infections

  • Télécharge Ad Remover d'El Desaparecido , C_XX & Chimay8 sur ton Bureau. Autre lien de téléchargement possible.
  • Double-clique sur l'outil pour l'exécuter (Sous Vista ou windows 7, il faut faire un clic droit et l'exécuter en tant qu'administrateur),
  • Lance la recherche et édite le rapport généré par l'outil dans ta prochaine réponse.

  • Double-clique sur Ad Remover pour exécuter l'outil (ou clic droit>Exécuter en tant qu'administrateur sous Vista et windows 7),
  • Lance le nettoyage et édite le rapport généré par l'outil dans ta prochaine réponse.

Reviens dans ta réponse avec les deux rapports demandés

Bruno_K
 Posté le 04/07/2011 à 21:14 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

Merci beaucoup Evasion60 : je viens juste d'arriver à la maison. Je vais me changer et revenir dire quelque chose qui parait inquiétante constatée sur le site web que j'administre. @+ {#}

Bruno_K
 Posté le 04/07/2011 à 22:12 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

Voici ce que j'ai constaté depuis quelques jours, pour le moment à deux reprises, la première fois : il y a une semaine ; puis ce soir à mon arrivée.

Tout d'abord, il faut savoir que j'administre depuis un an un compte Facebook regroupant environ 400 diplômés de mon établissement.

Depuis plusieurs mois, je gère ce compte à partir de deux ordinateurs portables

- un à clavier azerty

- un à clavier qwerty : c'est celui qui est infecté

Qu'observe-je ?

Deux messages ont été postés sur le mur de ce compte comme si c'est l'administrateur du compte qui l'a fait: un premier avec un lien vers un site porno, celui de ce soir avec un lien vers un article de journal à sonorité politique qui n'a rien à voir avec l'objet de notre groupe qui est strictement apolitique pour maintenir la cohésion et l'esprit de camaraderie.

Le lien pornographique peut gêner des membres de la communauté, surtout si ceux-ci pensent que ce sont les administrateurs qui s'amusent avec ce genre de blagues douteuses. Les administrateurs peuvent être montés du doigt si cela recommence et on peut redouter que des gens quittent la communauté.

Chercherait-on à déstabiliser le groupe ?

Pour le moment, ne dramatisons pas.

Mais l'idée que notre compte soit sous contrôle par des gens malveillants m'inquiètent au plus haut point.

D'autant plus que l'existence d'une infection importante fait pencher la balance vers une intention de nuire.

J'espère que je me suis exprimé assez clairement

Que dois-je faire ?

Merci beaucoup.



Modifié par Bruno_K le 04/07/2011 23:12
Publicité
Bruno_K
 Posté le 04/07/2011 à 23:09 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

Premier rapport Ad Remover

======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

Updated by TeamXscript on 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
website:
http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Launched at 22:57:19 on 04/07/2011, Normal boot

Microsoft Windows XP Professional Service Pack 3 (X86)
Manager@PANDA ( )

============== SEARCH ==============


File found: C:\WINDOWS\system32\ConduitEngine.tmp
Folder found: C:\Documents and Settings\Manager\Local Settings\Application Data\Conduit
Folder found: C:\Program Files\Conduit
Folder found: C:\Documents and Settings\Manager\Local Settings\Application Data\ConduitEngine
Folder found: C:\Program Files\ConduitEngine
Folder found: C:\Documents and Settings\Photo\Application Data\freeTVRadio
Folder found: C:\Program Files\freeTVRadio
Folder found: C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder found: C:\Program Files\Viewpoint

Key found: HKLM\Software\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key found: HKLM\Software\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key found: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key found: HKLM\Software\Classes\CLSID\{5A508BDE-B0CB-4C33-9399-9F898771EED8}
Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5A508BDE-B0CB-4C33-9399-9F898771EED8}
Key found: HKLM\Software\Classes\CLSID\{601ac3dc-786a-4eb0-bf40-ee3521e70bfb}
Key found: HKLM\Software\Classes\CLSID\{72b3882f-453a-4633-aac9-8c3dced62aff}
Key found: HKLM\Software\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Key found: HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Key found: HKLM\Software\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key found: HKLM\Software\Classes\AxMetaStream.MetaStreamCtl
Key found: HKLM\Software\Classes\AxMetaStream.MetaStreamCtl.1
Key found: HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary
Key found: HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key found: HKLM\Software\Classes\Conduit.Engine
Key found: HKLM\Software\Classes\Toolbar.CT1401021
Key found: HKLM\Software\Classes\Toolbar.CT2611275
Key found: HKLM\Software\Conduit
Key found: HKLM\Software\conduitEngine
Key found: HKLM\Software\MetaStream
Key found: HKLM\Software\Viewpoint
Key found: HKCU\Software\Conduit
Key found: HKCU\Software\conduitEngine
Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key found: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3584B20C-62C0-4FB6-9396-78020B5B7D9B}
Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key found: HKLM\Software\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key found: HKLM\Software\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key found: HKLM\Software\MozillaPlugins\@viewpoint.com/VMP

Value found: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}


============== ADDITIONNAL SCAN ==============

**** Mozilla Firefox Version [5.0 (fr)] ****

HKLM_MozillaPlugins\@checkpoint.com/FFApi (x)
HKLM_MozillaPlugins\@pages.tvunetworks.com/WebPlayer (x)
HKLM_MozillaPlugins\@viewpoint.com/VMP (x)
Components\browsercomps.dll (Mozilla Foundation)

-- C:\Documents and Settings\Photo\Application Data\Mozilla\FireFox\Profiles\tf3frknf.default --
Prefs.js - browser.download.lastDir, D:\\Téléchargements
Prefs.js - browser.search.defaultenginename, Facemoods Search
Prefs.js - browser.search.selectedEngine, Facemoods Search
Prefs.js - browser.startup.homepage, hxxp://www.google.com/
Prefs.js - browser.startup.homepage_override.buildID, 20110615151330
Prefs.js - browser.startup.homepage_override.mstone, rv:5.0

========================================

**** Internet Explorer Version [8.0.6001.18702] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKLM_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
AboutUrls|Tabs - hxxp://start.facemoods.com/?a=ironto&f=2
HKCU_URLSearchHooks|{6341761b-babe-406d-b0d6-8d99b81c2ee5} - "Answers.com Toolbar" (C:\Program Files\Answers.com\prxtbAns0.dll)
HKCU_SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - "Search the web (Babylon)" (hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15627)
HKCU_SearchScopes\{2D2697B7-C3DF-4A29-9F94-1D328A5820D9} - "Softpedia Scripts" (hxxp://webscripts.softpedia.com/dyn-search.php?search_term={searchTerms})
HKCU_SearchScopes\{4B113050-1FB0-4858-9D26-AB962747EF4C} - "Softpedia" (hxxp://www.softpedia.com/dyn-search.php?search_term={searchTerms})
HKCU_SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} - "Answers.com Customized Web Search" (hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT...)
HKCU_SearchScopes\{CCDF30FA-12A5-4909-816D-1C7B90A29F79} - "Softpedia Games" (hxxp://games.softpedia.com/dyn-search.php?search_term={searchTerms})
HKCU_SearchScopes\{D85318CA-1D82-464B-8237-5B442E5B322F} - "Softpedia Drivers" (hxxp://drivers.softpedia.com/dyn-search.php?search_term={searchTerms})
HKCU_SearchScopes\{FB06C153-1999-4120-981E-DC6C405F84DA} - "Softpedia News" (hxxp://news.softpedia.com/dyn-search.php?search_term={searchTerms})
HKCU_Toolbar\WebBrowser|{6341761B-BABE-406D-B0D6-8D99B81C2EE5} (C:\Program Files\Answers.com\prxtbAns0.dll)
HKCU_Toolbar\WebBrowser|{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} (C:\Program Files\ZoneAlarm\tbZon1.dll)
HKLM_Toolbar|{6341761b-babe-406d-b0d6-8d99b81c2ee5} (C:\Program Files\Answers.com\prxtbAns0.dll)
HKLM_Toolbar|{95daa571-4def-4a6d-97d8-98a346672a24} (mscoree.dll) (x)
HKLM_Toolbar|{66f2e20d-0da8-4c11-a9c8-dd8477b88acd} (C:\Program Files\ZoneAlarm\tbZon1.dll)
HKLM_Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D} (C:\Program Files\ConduitEngine\prxConduitEngine.dll)
HKLM_Toolbar|{6B896ADB-4A82-46e2-858C-13134782CE34} (C:\Program Files\Xmlbar\Video Joiner\IEBar\xbietb.dll)
HKLM_Toolbar|{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} (C:\Program Files\facemoods.com\facemoods\1.4.17.6\facemoodsTlbr.dll)
HKLM_ElevationPolicy\${ELV_GUID} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarsrv.exe (x)
HKLM_ElevationPolicy\1335b25e-d30f-4051-9262-80eedadf7402 - C:\Program Files\Answers.com\Answers.comToolbarHelper.exe (?)
HKLM_ElevationPolicy\33d7dc3b-2ffa-4bf6-94e5-a296b6e39835 - C:\Program Files\Answers.com\Answers.comToolbarHelper.exe (?)
HKLM_ElevationPolicy\42afff86-b1f8-4f35-a843-4a0748bc0bbd - C:\Program Files\Answers.com\Answers.comToolbarHelper.exe (?)
HKLM_ElevationPolicy\737ea483-032c-4b75-bb4f-6e35e2d22405 - C:\Program Files\Answers.com\Answers.comToolbarHelper.exe (?)
HKLM_ElevationPolicy\aecac859-dc3e-4751-a17d-db1efb197e54 - C:\Program Files\Answers.com\Answers.comToolbarHelper.exe (?)
HKLM_ElevationPolicy\bdf07c5c-a917-4e7e-941d-a6a00f854fec - C:\Program Files\ZoneAlarm\ZoneAlarmToolbarHelper.exe (?)
HKLM_ElevationPolicy\{3584B20C-62C0-4FB6-9396-78020B5B7D9B} - C:\Program Files\ConduitEngine\ConduitEngineHelper.exe (?)
HKLM_ElevationPolicy\{7227D034-D236-4D33-AA20-007A39ADF4D6} - C:\Documents and Settings\Photo\Local Settings\Application Data\Conduit\CT1401021\Answers.comAutoUpdaterHelper.exe (?)
HKLM_ElevationPolicy\{ac9c0f03-79be-4d91-a151-4126b6743a38} - c:\program files\systran\6\SystranTranslationProjectManager.exe (?)
HKLM_ElevationPolicy\{ae97b170-166e-4c51-92c8-5553bdc0fc84} - c:\program files\systran\6\SystranToolbar.exe (SYSTRAN)
HKLM_ElevationPolicy\{C676939D-C86E-4f8f-B1EB-4641F9ACD474} - C:\Program Files\Xmlbar\Video Joiner\FlvJoiner(xmlbar).exe (?)
HKLM_ElevationPolicy\{F9EA8322-EC48-44E9-8A6F-4581F655705E} - C:\Program Files\Answers.com\Answers.comToolbarHelper1.exe (?)
HKLM_ElevationPolicy\{FFDF9EF3-3C3A-4f05-9A6E-5D3B778EC567} - C:\Program Files\facemoods.com\facemoods\1.4.17.6\facemoodssrv.exe (x)
HKLM_Extensions\{C7883BD1-C06B-4f9e-BA96-0D8C5DE373D9} - "Video Joiner" (C:\Program Files\Xmlbar\Video Joiner\FlvJoiner(xmlbar).exe,128)
HKLM_Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - "?" (?)
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
HKLM_Extensions\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - "Translate this web page with Babylon" (C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll,202)
BHO\{30F9B915-B755-4826-820B-08FBA6BD249D} - "Conduit Engine " (C:\Program Files\ConduitEngine\prxConduitEngine.dll)
BHO\{416ae1cb-7257-484a-b912-aebc7fdad4ce} (?)
BHO\{6341761b-babe-406d-b0d6-8d99b81c2ee5} - "Answers.com Toolbar" (C:\Program Files\Answers.com\prxtbAns0.dll)
BHO\{64182481-4F71-486b-A045-B233BD0DA8FC} - "CescrtHlpr Object" (C:\Program Files\facemoods.com\facemoods\1.4.17.6\bh\facemoods.dll)
BHO\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - "ZoneAlarm Toolbar" (C:\Program Files\ZoneAlarm\tbZon1.dll)
BHO\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - "Babylon IE plugin" (C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll)

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 File(s)
C:\Program Files\Ad-Remover\Backup: 1 File(s)

C:\Ad-Report-SCAN[1].txt - 04/07/2011 22:58:06 (9168 Byte(s))

End at: 22:59:24, 04/07/2011

============== E.O.F ==============

Bruno_K
 Posté le 04/07/2011 à 23:41 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

2e rapport

======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

Updated by TeamXscript on 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
website: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 23:11:49 on 04/07/2011, Normal boot

Microsoft Windows XP Professional Service Pack 3 (X86)
Manager@PANDA ( )

============== ACTION(S) ==============


File deleted: C:\WINDOWS\system32\ConduitEngine.tmp
Folder deleted: C:\Documents and Settings\Manager\Local Settings\Application Data\Conduit
Folder deleted: C:\Program Files\Conduit
Folder deleted: C:\Documents and Settings\Manager\Local Settings\Application Data\ConduitEngine
Folder deleted: C:\Program Files\ConduitEngine
Folder deleted: C:\Documents and Settings\Photo\Application Data\freeTVRadio
Folder deleted: C:\Program Files\freeTVRadio
Folder deleted: C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder deleted: C:\Program Files\Viewpoint

(!) -- Temporary files deleted.


Key deleted: HKLM\Software\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key deleted: HKLM\Software\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key deleted: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key deleted: HKLM\Software\Classes\CLSID\{5A508BDE-B0CB-4C33-9399-9F898771EED8}
Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5A508BDE-B0CB-4C33-9399-9F898771EED8}
Key deleted: HKLM\Software\Classes\CLSID\{601ac3dc-786a-4eb0-bf40-ee3521e70bfb}
Key deleted: HKLM\Software\Classes\CLSID\{72b3882f-453a-4633-aac9-8c3dced62aff}
Key deleted: HKLM\Software\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Key deleted: HKLM\Software\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Key deleted: HKLM\Software\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key deleted: HKLM\Software\Classes\AxMetaStream.MetaStreamCtl
Key deleted: HKLM\Software\Classes\AxMetaStream.MetaStreamCtl.1
Key deleted: HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary
Key deleted: HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key deleted: HKLM\Software\Classes\Conduit.Engine
Key deleted: HKLM\Software\Classes\Toolbar.CT1401021
Key deleted: HKLM\Software\Classes\Toolbar.CT2611275
Key deleted: HKLM\Software\Conduit
Key deleted: HKLM\Software\conduitEngine
Key deleted: HKLM\Software\MetaStream
Key deleted: HKLM\Software\Viewpoint
Key deleted: HKCU\Software\Conduit
Key deleted: HKCU\Software\conduitEngine
Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3584B20C-62C0-4FB6-9396-78020B5B7D9B}
Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key deleted: HKLM\Software\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key deleted: HKLM\Software\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key deleted: HKLM\Software\MozillaPlugins\@viewpoint.com/VMP

Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}


============== ADDITIONNAL SCAN ==============

**** Mozilla Firefox Version [5.0 (fr)] ****

HKLM_MozillaPlugins\@checkpoint.com/FFApi (x)
HKLM_MozillaPlugins\@pages.tvunetworks.com/WebPlayer (x)
Components\browsercomps.dll (Mozilla Foundation)

-- C:\Documents and Settings\Photo\Application Data\Mozilla\FireFox\Profiles\tf3frknf.default --
Prefs.js - browser.download.lastDir, D:\\Téléchargements
Prefs.js - browser.search.defaultenginename, Facemoods Search
Prefs.js - browser.search.selectedEngine, Facemoods Search
Prefs.js - browser.startup.homepage, hxxp://www.google.com/
Prefs.js - browser.startup.homepage_override.buildID, 20110615151330
Prefs.js - browser.startup.homepage_override.mstone, rv:5.0

========================================

**** Internet Explorer Version [8.0.6001.18702] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_URLSearchHooks|{6341761b-babe-406d-b0d6-8d99b81c2ee5} - "Answers.com Toolbar" (C:\Program Files\Answers.com\prxtbAns0.dll)
HKCU_SearchScopes\{2D2697B7-C3DF-4A29-9F94-1D328A5820D9} - "Softpedia Scripts" (hxxp://webscripts.softpedia.com/dyn-search.php?search_term={searchTerms})
HKCU_SearchScopes\{4B113050-1FB0-4858-9D26-AB962747EF4C} - "Softpedia" (hxxp://www.softpedia.com/dyn-search.php?search_term={searchTerms})
HKCU_SearchScopes\{CCDF30FA-12A5-4909-816D-1C7B90A29F79} - "Softpedia Games" (hxxp://games.softpedia.com/dyn-search.php?search_term={searchTerms})
HKCU_SearchScopes\{D85318CA-1D82-464B-8237-5B442E5B322F} - "Softpedia Drivers" (hxxp://drivers.softpedia.com/dyn-search.php?search_term={searchTerms})
HKCU_SearchScopes\{FB06C153-1999-4120-981E-DC6C405F84DA} - "Softpedia News" (hxxp://news.softpedia.com/dyn-search.php?search_term={searchTerms})
HKCU_Toolbar\WebBrowser|{6341761B-BABE-406D-B0D6-8D99B81C2EE5} (C:\Program Files\Answers.com\prxtbAns0.dll)
HKCU_Toolbar\WebBrowser|{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} (C:\Program Files\ZoneAlarm\tbZon1.dll)
HKLM_Toolbar|{6341761b-babe-406d-b0d6-8d99b81c2ee5} (C:\Program Files\Answers.com\prxtbAns0.dll)
HKLM_Toolbar|{95daa571-4def-4a6d-97d8-98a346672a24} (mscoree.dll) (x)
HKLM_Toolbar|{66f2e20d-0da8-4c11-a9c8-dd8477b88acd} (C:\Program Files\ZoneAlarm\tbZon1.dll)
HKLM_Toolbar|{6B896ADB-4A82-46e2-858C-13134782CE34} (C:\Program Files\Xmlbar\Video Joiner\IEBar\xbietb.dll)
HKLM_Toolbar|{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} (C:\Program Files\facemoods.com\facemoods\1.4.17.6\facemoodsTlbr.dll)
HKLM_ElevationPolicy\${ELV_GUID} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarsrv.exe (x)
HKLM_ElevationPolicy\1335b25e-d30f-4051-9262-80eedadf7402 - C:\Program Files\Answers.com\Answers.comToolbarHelper.exe (?)
HKLM_ElevationPolicy\33d7dc3b-2ffa-4bf6-94e5-a296b6e39835 - C:\Program Files\Answers.com\Answers.comToolbarHelper.exe (?)
HKLM_ElevationPolicy\42afff86-b1f8-4f35-a843-4a0748bc0bbd - C:\Program Files\Answers.com\Answers.comToolbarHelper.exe (?)
HKLM_ElevationPolicy\737ea483-032c-4b75-bb4f-6e35e2d22405 - C:\Program Files\Answers.com\Answers.comToolbarHelper.exe (?)
HKLM_ElevationPolicy\aecac859-dc3e-4751-a17d-db1efb197e54 - C:\Program Files\Answers.com\Answers.comToolbarHelper.exe (?)
HKLM_ElevationPolicy\bdf07c5c-a917-4e7e-941d-a6a00f854fec - C:\Program Files\ZoneAlarm\ZoneAlarmToolbarHelper.exe (?)
HKLM_ElevationPolicy\{7227D034-D236-4D33-AA20-007A39ADF4D6} - C:\Documents and Settings\Photo\Local Settings\Application Data\Conduit\CT1401021\Answers.comAutoUpdaterHelper.exe (?)
HKLM_ElevationPolicy\{ac9c0f03-79be-4d91-a151-4126b6743a38} - c:\program files\systran\6\SystranTranslationProjectManager.exe (?)
HKLM_ElevationPolicy\{ae97b170-166e-4c51-92c8-5553bdc0fc84} - c:\program files\systran\6\SystranToolbar.exe (SYSTRAN)
HKLM_ElevationPolicy\{C676939D-C86E-4f8f-B1EB-4641F9ACD474} - C:\Program Files\Xmlbar\Video Joiner\FlvJoiner(xmlbar).exe (?)
HKLM_ElevationPolicy\{F9EA8322-EC48-44E9-8A6F-4581F655705E} - C:\Program Files\Answers.com\Answers.comToolbarHelper1.exe (?)
HKLM_ElevationPolicy\{FFDF9EF3-3C3A-4f05-9A6E-5D3B778EC567} - C:\Program Files\facemoods.com\facemoods\1.4.17.6\facemoodssrv.exe (x)
HKLM_Extensions\{C7883BD1-C06B-4f9e-BA96-0D8C5DE373D9} - "Video Joiner" (C:\Program Files\Xmlbar\Video Joiner\FlvJoiner(xmlbar).exe,128)
HKLM_Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - "?" (?)
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
HKLM_Extensions\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - "Translate this web page with Babylon" (C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll,202)
BHO\{416ae1cb-7257-484a-b912-aebc7fdad4ce} (?)
BHO\{6341761b-babe-406d-b0d6-8d99b81c2ee5} - "Answers.com Toolbar" (C:\Program Files\Answers.com\prxtbAns0.dll)
BHO\{64182481-4F71-486b-A045-B233BD0DA8FC} - "CescrtHlpr Object" (C:\Program Files\facemoods.com\facemoods\1.4.17.6\bh\facemoods.dll)
BHO\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - "ZoneAlarm Toolbar" (C:\Program Files\ZoneAlarm\tbZon1.dll)
BHO\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - "Babylon IE plugin" (C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll)

========================================

C:\Program Files\Ad-Remover\Quarantine: 70 File(s)
C:\Program Files\Ad-Remover\Backup: 14 File(s)

C:\Ad-Report-CLEAN[1].txt - 04/07/2011 23:12:02 (7962 Byte(s))
C:\Ad-Report-SCAN[1].txt - 04/07/2011 22:58:06 (10665 Byte(s))

End at: 23:13:29, 04/07/2011

============== E.O.F ==============

Evasion60
 Posté le 04/07/2011 à 23:51 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

Re

Pour le moment, ne dramatisons pas.
Mais l'idée que notre compte soit sous contrôle par des gens malveillants m'inquiètent au plus haut point.
D'autant plus que l'existence d'une infection importante fait pencher la balance vers une intention de nuire.
J'espère que je me suis exprimé assez clairement
Que dois-je faire ? ===> Aucune idée avec les Réseaux Sociaux, c'est la jungle !!! Un des 400 membres suffit, pour " publier ", sur votre " Mur de FaceBook ", des liens divers

Tu reprends AD-Remover dans le " nettoyage ", et tu publies son rapport / STP

A te lire demain //

Edité => Ns ns sommes croisés

Relance ZHPDiag, et héberge son rapport



Modifié par Evasion60 le 04/07/2011 23:53
Bruno_K
 Posté le 04/07/2011 à 23:56 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien
Evasion60 a écrit :

Re

.... Un des 400 membres suffit, pour " publier ", sur votre " Mur de FaceBook ", des liens divers

Ce qui m'inquiète, ce n'est pas le fait que des membres publient sur le mur (tant mieux pour le dynamisme de la communaute), c'est l'usurpation d'identité : que quelqu'un (pas sûr que ce soit un inscrit), ait publié sur le mur des bêtises avec notre identité (identite des administrateurs).

Merci encore Evasion60

A demain

et Bonne Nuit



Modifié par Bruno_K le 05/07/2011 07:43
Bruno_K
 Posté le 05/07/2011 à 07:42 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

Bonjour Evasion60

Fichier joint : ZHPDiag.txt



Modifié par Bruno_K le 05/07/2011 07:42
Evasion60
 Posté le 05/07/2011 à 13:03 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

Bonjour

... Bien nous allons essayer en premier de sauter le RootKit

  • Télécharger TDSSkiller de Kaspersky,
  • Extraire de l'archive téléchargée le fichier TDSSKiller.exe et le placer sur le Bureau,
  • Faire un double clic sur TDSSKiller.exe pour le lancer.

  • Cliquer sur Start scan pour lancer l'analyse,
  • Lorsque l'outil a terminé son travail d'inspection, si des nuisibles Image IPB ("Malicious objects") ont été trouvés, vérifier que l'option Image IPB (Cure) est sélectionnée,
  • Si des objects suspects ("Suspicious objects") ont été détectés, sur l'écran de demande de confirmation, modifier l'action à entreprendre et indiquer Quarantine (au lieu de Skip),
  • Puis cliquer sur le bouton Image IPB (Continue),
  • Attendre l'affichage du fichier rapport.
  • Si l'outil a besoin d'un redémarrage pour finaliser le nettoyage, cliquer sur le bouton Image IPB (Reboot computer).
  • Envoyer en réponse : le rapport de TDSSKiller (contenu du fichier SystemDrive\TDSSKiller.Version_Date_Heure_log.txt)
    [SystemDrive représente la partition sur laquelle est installé le système, généralement C:]


Info : http://support.kaspersky.com/fr/faq/?qid=208280685

A te lire



Modifié par Evasion60 le 05/07/2011 13:05
Bruno_K
 Posté le 05/07/2011 à 14:13 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

Rapport :

2011/07/05 14:02:41.0328 6124 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21
2011/07/05 14:02:43.0328 6124 ================================================================================
2011/07/05 14:02:43.0328 6124 SystemInfo:
2011/07/05 14:02:43.0328 6124
2011/07/05 14:02:43.0328 6124 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/05 14:02:43.0328 6124 Product type: Workstation
2011/07/05 14:02:43.0328 6124 ComputerName: PANDA
2011/07/05 14:02:43.0328 6124 UserName: Manager
2011/07/05 14:02:43.0328 6124 Windows directory: C:\WINDOWS
2011/07/05 14:02:43.0328 6124 System windows directory: C:\WINDOWS
2011/07/05 14:02:43.0328 6124 Processor architecture: Intel x86
2011/07/05 14:02:43.0328 6124 Number of processors: 2
2011/07/05 14:02:43.0328 6124 Page size: 0x1000
2011/07/05 14:02:43.0328 6124 Boot type: Normal boot
2011/07/05 14:02:43.0328 6124 ================================================================================
2011/07/05 14:02:46.0281 6124 Initialize success
2011/07/05 14:02:55.0562 1656 ================================================================================
2011/07/05 14:02:55.0562 1656 Scan started
2011/07/05 14:02:55.0562 1656 Mode: Manual;
2011/07/05 14:02:55.0562 1656 ================================================================================
2011/07/05 14:02:57.0281 1656 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/05 14:02:57.0359 1656 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/07/05 14:02:57.0406 1656 ADIHdAudAddService (4e12c97cbfe99be15d7680918f9899ec) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2011/07/05 14:02:57.0468 1656 AEAudio (fff87a9b1ab36ee4b7bec98a4cb01b79) C:\WINDOWS\system32\drivers\AEAudio.sys
2011/07/05 14:02:57.0515 1656 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/07/05 14:02:57.0562 1656 afcdp (f132d0bfde7c5ea1ab42325c5694a969) C:\WINDOWS\system32\DRIVERS\afcdp.sys
2011/07/05 14:02:57.0609 1656 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
2011/07/05 14:02:57.0687 1656 AgereSoftModem (1cfeba39fc613e45b49d3eddfbcda289) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/07/05 14:02:58.0109 1656 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/05 14:02:58.0187 1656 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/05 14:02:58.0281 1656 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/05 14:02:58.0312 1656 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/05 14:02:58.0375 1656 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/07/05 14:02:58.0406 1656 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/07/05 14:02:58.0437 1656 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/07/05 14:02:58.0515 1656 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
2011/07/05 14:02:58.0609 1656 BCM43XX (37f385a93c620cbe0f89c17e45f697a1) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/07/05 14:02:58.0750 1656 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/05 14:02:58.0812 1656 BootScreen (dcf90c70933881f3e9dee7744b4e5b77) C:\WINDOWS\System32\drivers\vidstub.sys
2011/07/05 14:02:58.0921 1656 BTKRNL (ba57f31eab93dc597d772f6f5b9ed54f) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2011/07/05 14:02:59.0015 1656 BTWUSB (57e91e9925976bbc98984eebaaf1d84c) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/07/05 14:02:59.0078 1656 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/05 14:02:59.0187 1656 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/05 14:02:59.0250 1656 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/05 14:02:59.0296 1656 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/05 14:02:59.0609 1656 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/07/05 14:02:59.0718 1656 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/07/05 14:02:59.0875 1656 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/05 14:02:59.0968 1656 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/05 14:03:00.0093 1656 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/05 14:03:00.0125 1656 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/05 14:03:00.0203 1656 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/05 14:03:00.0578 1656 driverhardwarev2 (a694d8db6d360a3bbb0bd1517f1c1aee) C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
2011/07/05 14:03:00.0859 1656 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/05 14:03:00.0921 1656 e1express (ed91f1042071a36f54e7c430e130e4cd) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2011/07/05 14:03:00.0968 1656 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/05 14:03:01.0015 1656 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/07/05 14:03:01.0031 1656 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/05 14:03:01.0062 1656 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/07/05 14:03:01.0125 1656 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/07/05 14:03:01.0156 1656 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/05 14:03:01.0234 1656 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/05 14:03:01.0296 1656 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/05 14:03:01.0359 1656 HBtnKey (407e41ddb2bfece109132aec296e0d98) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
2011/07/05 14:03:01.0390 1656 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/07/05 14:03:01.0437 1656 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/07/05 14:03:01.0546 1656 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
2011/07/05 14:03:01.0609 1656 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/05 14:03:01.0687 1656 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/05 14:03:02.0234 1656 ialm (42caa789a21014aa809a8ff59b3ccfd9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/07/05 14:03:02.0562 1656 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/05 14:03:02.0687 1656 intelppm (b10739a343fc754d0c34eaa7c5843893) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/07/05 14:03:02.0687 1656 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\intelppm.sys. Real md5: b10739a343fc754d0c34eaa7c5843893, Fake md5: 8c953733d8f36eb2133f5bb58808b66b
2011/07/05 14:03:02.0687 1656 intelppm - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/07/05 14:03:02.0734 1656 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/07/05 14:03:02.0796 1656 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/07/05 14:03:02.0843 1656 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/05 14:03:02.0906 1656 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/05 14:03:02.0968 1656 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/05 14:03:03.0000 1656 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/05 14:03:03.0046 1656 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/05 14:03:03.0093 1656 ISWKL (2e41433579de4381f1b0f7b30b013ddc) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
2011/07/05 14:03:03.0250 1656 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/05 14:03:03.0296 1656 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/07/05 14:03:03.0359 1656 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/05 14:03:03.0406 1656 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/05 14:03:03.0531 1656 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2011/07/05 14:03:03.0656 1656 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2011/07/05 14:03:03.0796 1656 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/05 14:03:03.0859 1656 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/05 14:03:03.0890 1656 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/05 14:03:03.0937 1656 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/07/05 14:03:03.0984 1656 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/05 14:03:04.0031 1656 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/05 14:03:04.0062 1656 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/05 14:03:04.0140 1656 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/05 14:03:04.0171 1656 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/05 14:03:04.0281 1656 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/05 14:03:04.0468 1656 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/05 14:03:04.0578 1656 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/05 14:03:04.0718 1656 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/05 14:03:04.0765 1656 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/05 14:03:04.0781 1656 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/05 14:03:04.0796 1656 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/05 14:03:04.0828 1656 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/05 14:03:04.0859 1656 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/05 14:03:04.0890 1656 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/05 14:03:04.0921 1656 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/05 14:03:04.0953 1656 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/05 14:03:05.0015 1656 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/05 14:03:05.0109 1656 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/05 14:03:05.0187 1656 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/05 14:03:05.0234 1656 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/05 14:03:05.0328 1656 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/07/05 14:03:05.0375 1656 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/05 14:03:05.0421 1656 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/05 14:03:05.0468 1656 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/05 14:03:05.0562 1656 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/07/05 14:03:05.0625 1656 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/07/05 14:03:05.0937 1656 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/05 14:03:05.0968 1656 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/05 14:03:06.0000 1656 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/05 14:03:06.0046 1656 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/07/05 14:03:06.0140 1656 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/05 14:03:06.0187 1656 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/05 14:03:06.0218 1656 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/05 14:03:06.0234 1656 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/05 14:03:06.0265 1656 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/05 14:03:06.0296 1656 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/05 14:03:06.0359 1656 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/07/05 14:03:06.0390 1656 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/05 14:03:06.0453 1656 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/05 14:03:06.0562 1656 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/05 14:03:06.0625 1656 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/07/05 14:03:06.0687 1656 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/07/05 14:03:06.0937 1656 snapman (ffd9b64db2cd7b74b766c3a8452a5816) C:\WINDOWS\system32\DRIVERS\snapman.sys
2011/07/05 14:03:07.0046 1656 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/05 14:03:07.0109 1656 Spyder3 (1c63fe706ab797bc3c24813ff969b4de) C:\WINDOWS\system32\DRIVERS\Spyder3.sys
2011/07/05 14:03:07.0140 1656 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/05 14:03:07.0203 1656 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/05 14:03:07.0328 1656 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/07/05 14:03:07.0406 1656 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/05 14:03:07.0453 1656 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/05 14:03:07.0718 1656 SynTP (13e0d1974ce03e88c265a68325cb16de) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/07/05 14:03:07.0781 1656 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/05 14:03:07.0843 1656 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/05 14:03:07.0906 1656 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/05 14:03:08.0000 1656 tdrpman251 (3630f5b8181554deecfe2e4252bc4c4c) C:\WINDOWS\system32\DRIVERS\tdrpm251.sys
2011/07/05 14:03:08.0062 1656 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/05 14:03:08.0125 1656 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/05 14:03:08.0203 1656 timounter (c820bfc70feb25ec877c49e81cd477c1) C:\WINDOWS\system32\DRIVERS\timntr.sys
2011/07/05 14:03:08.0296 1656 truecrypt (aceb4f4f83b895e15c8c1a2f55009783) C:\WINDOWS\system32\drivers\truecrypt.sys
2011/07/05 14:03:08.0359 1656 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/05 14:03:08.0468 1656 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys
2011/07/05 14:03:08.0734 1656 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/05 14:03:08.0812 1656 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/05 14:03:08.0843 1656 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/05 14:03:08.0906 1656 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/07/05 14:03:09.0078 1656 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/05 14:03:09.0265 1656 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/07/05 14:03:09.0359 1656 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/07/05 14:03:09.0390 1656 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/05 14:03:09.0468 1656 vsdatant (050c38ebb22512122e54b47dc278bccd) C:\WINDOWS\system32\vsdatant.sys
2011/07/05 14:03:09.0609 1656 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/05 14:03:09.0765 1656 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/07/05 14:03:09.0906 1656 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/07/05 14:03:10.0187 1656 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/05 14:03:10.0687 1656 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/07/05 14:03:10.0812 1656 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/07/05 14:03:11.0171 1656 Boot (0x1200) (e0d30c9c8d297c837ea0d3a9002c1e4f) \Device\Harddisk0\DR0\Partition0
2011/07/05 14:03:11.0203 1656 Boot (0x1200) (15dca291e1522fd76f02a3d4bf79bf7c) \Device\Harddisk0\DR0\Partition1
2011/07/05 14:03:11.0203 1656 ================================================================================
2011/07/05 14:03:11.0203 1656 Scan finished
2011/07/05 14:03:11.0203 1656 ================================================================================
2011/07/05 14:03:11.0218 2528 Detected object count: 1
2011/07/05 14:03:11.0218 2528 Actual detected object count: 1
2011/07/05 14:04:04.0875 2528 intelppm (b10739a343fc754d0c34eaa7c5843893) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/07/05 14:04:04.0875 2528 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\intelppm.sys. Real md5: b10739a343fc754d0c34eaa7c5843893, Fake md5: 8c953733d8f36eb2133f5bb58808b66b
2011/07/05 14:04:07.0843 2528 Backup copy found, using it..
2011/07/05 14:04:08.0062 2528 C:\WINDOWS\system32\DRIVERS\intelppm.sys - will be cured after reboot
2011/07/05 14:04:08.0062 2528 Rootkit.Win32.TDSS.tdl3(intelppm) - User select action: Cure
2011/07/05 14:04:51.0968 4588 Deinitialize success

Evasion60
 Posté le 05/07/2011 à 14:50 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

Re

... Bien joué avec TDSSKiller
La machine a bien rebootée ?

Relance ZHPDiag, pour voir si je l'ai bien mangé ce TDL3 , et le reste à traiter, car c'est pas terminé !
Héberge son rapport / STP

A te lire

Publicité
Bruno_K
 Posté le 05/07/2011 à 15:18 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

Oui la machine a bien reboote

Bruno_K
 Posté le 05/07/2011 à 15:20 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

Fichier joint : ZHPDiag1.txt

Evasion60
 Posté le 05/07/2011 à 19:03 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

Bonsoir

Applique ce correctif =>

Procédure permettant d'établir un correctif :

  • Ouvre le bloc-note (Démarrer>programmes>Accessoires>Bloc-notes),
  • Sélectionne et copie ces lignes. Pour les copier, tu cliques sur CTRL+C après les avoir sélectionnées. Elles sont présentées entre quotes comme ceci :

R3 - URLSearchHook: Answers.com Toolbar - {6341761b-babe-406d-b0d6-8d99b81c2ee5} . (.Conduit Ltd. - Conduit Toolbar.) (6.3.2.0) -- C:\Program Files\Answers.com\prxtbAns0.dll
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 => Internet Explorer Allows Proxy Settings Remotely
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0 => Internet Explorer Proxy GET HTTP1.1 Disabled
O2 - BHO: (no name) - {416ae1cb-7257-484a-b912-aebc7fdad4ce} Orphean Key => Orphean Key not necessary
O2 - BHO: Answers.com - {6341761b-babe-406d-b0d6-8d99b81c2ee5} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Answers.com\prxtbAns0.dll
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} . (.facemoods.com BHO - No comment.) -- C:\Program Files\facemoods.com\facemoods\1.4.17.6\bh\facemoods.dll
O2 - BHO: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\ZoneAlarm\tbZon1.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} . (.Babylon Ltd. - Babylon Internet Explorer Addin.) -- C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll => Infection BT
O3 - Toolbar: Answers.com Toolbar - {6341761b-babe-406d-b0d6-8d99b81c2ee5} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Answers.com\prxtbAns0.dll
O3 - Toolbar: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\ZoneAlarm\tbZon1.dll
O3 - Toolbar: Show Xmlbar Toolbar - {6B896ADB-4A82-46e2-858C-13134782CE34} . (.Xmlbar.com - Xmlbar Toolbar Module.) -- C:\Program Files\Xmlbar\Video Joiner\IEBar\xbietb.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} . (.facemoods.com - No comment.) -- C:\Program Files\facemoods.com\facemoods\1.4.17.6\facemoodsTlbr.dll
O4 - HKLM\..\Run: [TrueImageMonitor.exe] . (.Acronis - Acronis True Image Monitor.) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe => Acronis®True Image
O4 - HKLM\..\Run: [Babylon Client] . (.Babylon Ltd. - Babylon Information Tool.) -- C:\Program Files\Babylon\Babylon-Pro\Babylon.exe => Infection BT
O4 - HKCU\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe => Safer Net Working®Spybot S&D
O4 - HKUS\S-1-5-21-507921405-725345543-839522115-1003\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe => Safer Net Working®Spybot S&D
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\Babylon.lnk . (.Babylon Ltd..) -- C:\Program Files\Babylon\Babylon-Pro\Babylon.exe => Infection BT
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\Moyea Software Gallery.lnk - Orphean Key => Orphean Key not necessary
O8 - Extra context menu item: Answers... - (.not file.) - file:\\C:\Program Files\1-Click Answers\Html\atiemenu.htm => Fichier absent
O8 - Extra context menu item: Translate this web page with Babylon . (.Babylon Ltd. - Babylon Internet Explorer Addin.) -- C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll => Infection BT
O8 - Extra context menu item: Translate with Babylon . (.Babylon Ltd. - Babylon Internet Explorer Addin.) -- C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll => Infection BT
O9 - Extra button: Video Joiner - {C7883BD1-C06B-4f9e-BA96-0D8C5DE373D9} . (.Unknown owner - YouTubeDownload Module.) -- C:\Program Files\Xmlbar\Video Joiner\FlvJoiner(xmlbar).exe
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} . (.Babylon Ltd. - Babylon Internet Explorer Addin.) -- C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll => Infection BT
O42 - Logiciel: Babylon - (.Babylon.) [HKLM] -- Babylon => Infection BT
O42 - Logiciel: Facemoods Toolbar - (.Unknown owner.) [HKLM] -- facemoods => Toolbar.Facemoods
O42 - Logiciel: Spybot - Search & Destroy - (.Safer Networking Limited.) [HKLM] -- {B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 => Safer Networking Limited Spybot - S&D
[HKCU\Software\Babylon] => Infection BT
[HKLM\Software\facemoods.com] => Toolbar.Facemoods
O43 - CFD: 10/27/2010 - 10:59:52 AM - [47663336] ----D- C:\Program Files\Babylon => Infection BT
O43 - CFD: 6/28/2011 - 12:38:08 AM - [1474498] ----D- C:\Program Files\facemoods.com => Toolbar.Facemoods
O43 - CFD: 1/12/2010 - 10:24:28 PM - [70129265] ----D- C:\Program Files\Spybot - Search & Destroy => Spybot - Search & Destroy
O43 - CFD: 3/10/2011 - 12:03:46 AM - [986710] ----D- C:\Documents and Settings\Manager\Application Data\Babylon => Infection BT
O43 - CFD: 12/19/2010 - 12:58:08 PM - [7291] ----D- C:\Documents and Settings\Manager\Local Settings\Application Data\Babylon => Infection BT
O43 - CFD: 12/19/2010 - 12:58:08 PM - [7291] ----D- C:\Documents and Settings\Manager\Local Settings\Application Data\Babylon => Infection BT
O44 - LFC:[MD5.5251CA229DF4C3714529FAAB4A54F93C] - 7/4/2011 - 10:13:30 PM ---A- . (...) -- C:\Ad-Report-CLEAN[1].txt [10093]
O44 - LFC:[MD5.FF94158A7E01B24F340BA5C35970798C] - 7/4/2011 - 9:59:24 PM ---A- . (...) -- C:\Ad-Report-SCAN[1].txt [10665]
O47 - AAKE:Key Export SP - "C:\Program Files\Bonjour\mDNSResponder.exe" [Enabled] .(.Apple Computer, Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe
O47 - AAKE:Key Export SP - "D:\Téléchargements\3gp_converter_setup.exe" [Enabled] .(...) -- D:\Téléchargements\3gp_converter_setup.exe (.not file.) => Fichier absent
O47 - AAKE:Key Export SP - "D:\Downloads\utorrent.exe" [Enabled] .(.BitTorrent, Inc. - µTorrent.) -- D:\Downloads\utorrent.exe
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\59936265.sys . (...) -- C:\WINDOWS\System32\Drivers\59936265.sys (.not file.) => Fichier absent
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\59936265.sys . (...) -- C:\WINDOWS\System32\Drivers\59936265.sys (.not file.) => Fichier absent
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
[HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine] => Toolbar.Conduit
[HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer] => Infection PUP (Adware.MetaStream))
[HKLM\Software\Classes\esrv.escrtSrvc] => Toolbar.Facemood
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4a99-B4B6-146BF802613B}] => Infection BT (Toolbar.Babylon)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4a99-B4B6-146BF802613B}] => Infection BT (Toolbar.Babylon)
[HKLM\Software\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}] => Toolbar.Facemoods
[HKLM\Software\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}] => Toolbar.Facemoods
[HKLM\Software\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}] => Toolbar.Facemoods
[HKLM\Software\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}] => Toolbar.Facemoods
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}] => Toolbar.Facemoods
[HKLM\Software\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}] => Toolbar.Facemoods
[HKLM\Software\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}] => Toolbar.Facemoods
[HKLM\Software\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}] => Toolbar.Facemoods
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49dd-99D7-DC866BE87DBC}] => Infection BT (Toolbar.Babylon)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49dd-99D7-DC866BE87DBC}] => Infection BT (Toolbar.Babylon)
[HKLM\Software\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}] => Toolbar.Facemoods
[HKLM\Software\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}] => Toolbar.Facemoods
[HKLM\Software\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}] => Toolbar.Facemoods
[HKLM\Software\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}] => Toolbar.Facemoods
[HKLM\Software\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}] => Toolbar.Facemoods
[HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF] => Infection BT (Adware.AskSBar)
[HKLM\Software\facemoods.com] => Toolbar.Facemoods
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]:Babylon Client => Infection BT (Toolbar.Babylon)
C:\Program Files\Babylon => Infection BT
C:\Documents and Settings\Manager\Application Data\Babylon => Infection BT
C:\Documents and Settings\Manager\Local Settings\Application Data\Babylon => Infection BT
C:\Documents and Settings\Manager\Local Settings\Application Data\Babylon => Infection BT

  • Enregistre le fichier dans le dossier C:\Program Files\ZHPDiag en choisisissant Fichiers>Enregistrer sous.... En nom de fichier, tu indiques ZHPDiag.txt. Une demande de confirmation est demandée car tu vas écraser l'ancien rapport. Tu acceptes.
  • Lance ZHPFix de Nicolas Coolman qui se trouve lui aussi dans le dossier ZHPDiag. Pour XP, double-clique sur ZHPFix ; pour Vista, fais un clic droit sur l'icône et exécute en tant qu'administrateur.
  • Le logiciel s'ouvre. Il doit contenir dans la fenêtre de rapport uniquement les lignes que tu as sélectionnées au-dessus. Si ça ne correspond pas, tu interromps la procédure et tu me préviens.
  • Clique sur OK comme indiqué ci-dessous :

  • Les lignes du rapport apparaissent alors avec des cases à cocher.
  • Clique sur le bouton "Tous" après avoir vérifié une dernière fois que ces lignes sont conformes à celles sélectionnées au-dessus puis clique sur "Nettoyer" comme ceci :

  • Ceci va avoir pour effet de réaliser un correctif.
  • Dans la fenêtre du programme, celui-ci t'indique que le script a été effectué.
  • Si un redémarrage est demandé, effectue-le.
  • Copie-colle le contenu du rapport situé dans le dossier ZHPDiag et qui se nomme ZHPFixreport.txt

Bruno_K
 Posté le 05/07/2011 à 19:49 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

A l'étape : "Le logiciel s'ouvre. Il doit contenir dans la fenêtre de rapport uniquement les lignes que tu as sélectionnées au-dessus. Si ça ne correspond pas, tu interromps la procédure et tu me préviens."

Quand le logiciel s'ouvre, je ne vois rien dans la fenetre de rapport : vide.



Modifié par Bruno_K le 05/07/2011 22:18
Evasion60
 Posté le 06/07/2011 à 11:19 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

Bonjour

Colle mon script proposé, dans la grande fenêtre de ZHPFix
Continu avec le tutp d'aide

@+

Bruno_K
 Posté le 06/07/2011 à 11:41 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

Evasion60,

Par prudence, face à l'étrange situation, j'ai arrêté toute opération. J'attends tes instructions.

Merci {#}

PS On s'est croisés



Modifié par Bruno_K le 06/07/2011 11:41
Bruno_K
 Posté le 06/07/2011 à 12:42 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

{#} Rapport de ZHPFix

Rapport de ZHPFix 1.12.3333 par Nicolas Coolman, Update du 02/07/2011
Fichier d'export Registre :
Run by Manager at 7/6/2011 12:21:21 PM
Windows XP Professional Service Pack 3 (Build 2600)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html

========== Software ==========
NOT FOUND Uninstall Process: c:\program files\babylon\babylon-pro\utils\uninstbb.exe
NOT FOUND Uninstall Process: c:\program files\facemoods.com\facemoods\1.4.17.6\uninstall.exe
NOT FOUND Uninstall Process: c:\program files\spybot - search & destroy\unins000.exe

========== Registry Key ==========
DELETED [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Babylon]
DELETED [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods]
DELETED [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1]
DELETED Key: CLSID BHO: {416ae1cb-7257-484a-b912-aebc7fdad4ce}
DELETED Key: CLSID BHO: {6341761b-babe-406d-b0d6-8d99b81c2ee5}
DELETED Key: CLSID BHO: {64182481-4F71-486b-A045-B233BD0DA8FC}
DELETED Key: CLSID BHO: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd}
DELETED Key: CLSID BHO: {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
DELETED Key: Menu Contextuel: Answers...
NOT FOUND Key: Menu Contextuel: Translate this web page with Babylon . (.Babylon Ltd.
NOT FOUND Key: Menu Contextuel: Translate with Babylon . (.Babylon Ltd.
DELETED Key: CLSID Extra Buttons: {C7883BD1-C06B-4f9e-BA96-0D8C5DE373D9}
DELETED Key: CLSID Extra Buttons: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}
DELETED Key: HKCU\Software\Babylon
DELETED Key: HKLM\Software\facemoods.com
DELETED O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\59936265.sys . (...) -- C:\WINDOWS\System32\Drivers\59936265.sys (.not file.)
DELETED O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\59936265.sys . (...) -- C:\WINDOWS\System32\Drivers\59936265.sys (.not file.)
DELETED Key: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
DELETED Key: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
DELETED Key: HKLM\Software\Classes\esrv.escrtSrvc
DELETED Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4a99-B4B6-146BF802613B}
DELETED Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4a99-B4B6-146BF802613B}
DELETED Key: HKLM\Software\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
DELETED Key: HKLM\Software\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
DELETED Key: HKLM\Software\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
DELETED Key: HKLM\Software\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}
NOT FOUND Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}
DELETED Key: HKLM\Software\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
DELETED Key: HKLM\Software\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
DELETED Key: HKLM\Software\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
DELETED Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49dd-99D7-DC866BE87DBC}
DELETED Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49dd-99D7-DC866BE87DBC}
DELETED Key: HKLM\Software\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
DELETED Key: HKLM\Software\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
DELETED Key: HKLM\Software\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}
DELETED Key: HKLM\Software\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
DELETED Key: HKLM\Software\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
DELETED Key: HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
NOT FOUND Key: HKLM\Software\facemoods.com

========== Registry Value ==========
DELETED URLSearchHook: {6341761b-babe-406d-b0d6-8d99b81c2ee5}
DELETED Toolbar: {6341761b-babe-406d-b0d6-8d99b81c2ee5}
DELETED Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd}
DELETED Toolbar: {6B896ADB-4A82-46e2-858C-13134782CE34}
DELETED Toolbar: {DB4E9724-F518-4dfd-9C7C-78B52103CAB9}
DELETED RunValue: TrueImageMonitor.exe
DELETED RunValue: Babylon Client
DELETED RunValue: SpybotSD TeaTimer
NOT FOUND RunValue: SpybotSD TeaTimer
DELETED AAKE KeyValue: C:\Program Files\Bonjour\mDNSResponder.exe
DELETED AAKE KeyValue: D:\Téléchargements\3gp_converter_setup.exe
DELETED AAKE KeyValue: D:\Downloads\utorrent.exe
NOT FOUND [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]:Babylon Client

========== Registry Data Items ==========
REMOVED R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy
REMOVED R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1

========== Repertory ==========
DELETE on Reboot Folder**: C:\Program Files\Babylon
NOT FOUND C:\Program Files\facemoods.com
DELETE on Reboot Folder**: C:\Program Files\Spybot - Search & Destroy
DELETE on Reboot Folder**: C:\Documents and Settings\Manager\Application Data\Babylon
DELETED Folder*: C:\Documents and Settings\Manager\Local Settings\Application Data\Babylon
NOT FOUND C:\Documents and Settings\Manager\Local Settings\Application Data\Babylon

========== File ==========
DELETED c:\program files\answers.com
NOT FOUND File: c:\program files\answers.com
DELETED c:\program files\facemoods.com
DELETED c:\program files\zonealarm\tbzon1.dll
DELETED c:\program files\babylon\babylon-pro\utils\babyloniepi.dll
NOT FOUND File: c:\program files\zonealarm\tbzon1.dll
DELETED c:\program files\xmlbar\video joiner\iebar\xbietb.dll
NOT FOUND File: c:\program files\facemoods.com
DELETE on Reboot c:\program files\acronis\trueimagehome\trueimagemonitor.exe
DELETED c:\program files\babylon\babylon-pro\babylon.exe
DELETED c:\program files\spybot - search & destroy\teatimer.exe
NOT FOUND File: c:\program files\spybot - search & destroy\teatimer.exe
DELETED c:\documents and settings\all users\desktop\babylon.lnk
NOT FOUND File: c:\program files\babylon\babylon-pro\babylon.exe
DELETED c:\documents and settings\all users\desktop\moyea software gallery.lnk
NOT FOUND File: e:\\c:\program files\1-click answers\html\atiemenu.htm
NOT FOUND File: c:\program files\babylon\babylon-pro\utils\babyloniepi.dll
DELETED c:\program files\xmlbar\video joiner\flvjoiner(xmlbar).exe
DELETED c:\ad-report-clean[1].txt
DELETED c:\ad-report-scan[1].txt
DELETED c:\program files\bonjour\mdnsresponder.exe
NOT FOUND File: d:\téléchargements\3gp_converter_setup.exe
DELETED d:\downloads\utorrent.exe
NOT FOUND File: c:\windows\system32\drivers\59936265.sys
NOT FOUND Folder/File: c:\documents and settings\manager\local settings\application data\babylon


========== Summary ==========
39 : Registry Key
13 : Registry Value
2 : Registry Data Items
6 : Repertory
25 : File
3 : Software


========== Report File ==========
C:\Program Files\ZHPDiag\ZHPFixReport.txt



End of the scan in 23mn AMs

Evasion60
 Posté le 06/07/2011 à 16:10 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

Re

1/
Comment se comporte ta machine?

2/
Et votre page Web, sur FaceBook ?
Ce qui n'a rien à voir avec l'infection => RootKit + Babylone

3/
Passe moi ce scanner en ligne =>
https://forum.pcastuces.com/eset_online_scanner___tutoriel-f31s56.htm

Poste moi son rapport / STP

4/
Il faut aussi faire de la place sur ton disque dur hyper saturé !

A te lire

Bruno_K
 Posté le 06/07/2011 à 16:28 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

Hello Evasion60,

Voici la situation

1/
Comment se comporte ta machine?

Depuis la fin de la dernière opération, la machine fonctionne très bien. Avant le lancement de la dernière opération, un écran bleu est survenu il y a quelques heures. Mais c'était avant le lancement de ZHPFixi.

2/
Et votre page Web, sur FaceBook ?
Ce qui n'a rien à voir avec l'infection => RootKit + Babylone

Pas d'usurpation d'identité depuis la dernière constatation le 4 juillet. Ce qui ne signifie pas que la machine ne soit pas sous sontrôle de hackers... d'autant plus qu'il sert à gérer une communauté (on peut les atteindre via ma machine)

Question : c'est quoi Babylone s'il te plaît ?

3/
Passe moi ce scanner en ligne =>
https://forum.pcastuces.com/eset_online_scanner___tutoriel-f31s56.htm

Poste moi son rapport / STP

Je vais le lancer

4/
Il faut aussi faire de la place sur ton disque dur hyper saturé !

Je suis en train de chercher un DD portable pour faire de la place.

Merci beaucoup



Modifié par Bruno_K le 06/07/2011 16:44
Publicité
Pages : [1] 2 3 ... Fin
Page 1 sur 3 [Fin]

Vous devez être connecté pour poster des messages. Cliquez ici pour vous identifier.

Vous n'avez pas de compte ? Créez-en un gratuitement !


Les bons plans du moment PC Astuces

Tous les Bons Plans
104,84 €Disque dur externe portable Seagate Backup Plus 5 To USB 3.0 + 2 mois Adobe CC à 104,84 € livré
Valable jusqu'au 14 Juillet

Amazon Allemagne propose actuellement le disque dur externe portable 2.5 pouces Seagate 5 To Backup Plus USB 3.0 à 99,84 €. Comptez 5 € pour la livraison en France soit un total de 104,84 € livré. On le trouve habituellement à partir de 150 €. Grâce à la connectique USB 3.0 (compatible USB 2.0), ce disque dur vous offrira d'excellents débits pour vos transferts et vos sauvegardes. Notez que le disque à l'intérieur n'est pas soudé (vous pouvez le récupérer pour le mettre dans un portable) et qu'il est compatible PS4. De plus, retouchez, gérez et partagez des photos avec un abonnement gratuit d'un an à Mylio Create et un abonnement de deux mois à Adobe Creative Cloud pour la photo (Lightroom, Photoshop, ...).

Vous pouvez utiliser votre compte Amazon France sur Amazon Allemagne et il n'y a pas de douane. Si vous êtes perdu en allemand, vous pouvez traduire le site en anglais.


> Voir l'offre
6,99 €Adaptateur Bluetooth 4.0 USB Mpow à 6,99 € (via coupon)
Valable jusqu'au 14 Juillet

Amazon fait une double promotion (vente flash + coupon) sur l'adaptateur Bluetooth USB Mpow qui passe à 6,99 €. Cet adaptateur à brancher sur un port USB va vous permettre d'ajouter le bluetooth à votre ordinateur et d'utiliser ensuite sans fil vos périphériques bluetooth : souris, clavier, casque, manette, téléphone, ... Pour profiter de l'offre, cochez la case Utiliser le coupon de 1 €. Le prix passera à 6,99 € sur la page de confirmation de commande.


> Voir l'offre
114,99 €Disque dur externe USB 3.0 Seagate 6 To à 114,99 €
Valable jusqu'au 14 Juillet

Amazon propose actuellement le disque dur Seagate Expansion Desktop Drive 6 To à 114,99 € livré gratuitement alors qu'on le trouve ailleurs à partir de 135 €. Le disque est non soudé et vous pourrez le récupérer pour l'utiliser dans un ordinateur, un NAS, etc. 


> Voir l'offre

Sujets relatifs
Alerte virus Attention au vidéos coquines, voici la nouveauté
alerte rapide virus
alerte avast sur virus DprotectSvc.exe
ANDROID : Alerte virus. Le soft WIFI MOUSE virusé
ALERTE VIRUS !!
Message d'erreur disque dur... Alerte Virus ?
alerte virus passé en belgique
Alerte virus Morto
Avira antivir personal free alerte virus
Alerte Virus!!!
Plus de sujets relatifs à Alerte VIRUS sur mon PC ?
 > Tous les forums > Forum Sécurité