Virus adzgalore
Volivolou
Messages postés
284
Statut
Membre
-
chimay8 -
chimay8 -
Bonjour,
A chaque fois que je démarre firefox avast me met un message avast comme quoi un cheval de Troie a été trouvé et je vois le nom adzgalore ce même nom apparait dans des fenêtres de pub s qui s'ouvre dans firefox (ce qui est inhabituelle pour moi). Sur ce 1er message avast je clique sur abandonner la connexion mais un 2eme message avast s'ouvre et me dit qu'un cheval de Troie a été trouvé et il me propose différents choix autre qu'abandonner la connexion et je fait donc supprimer. Mais en vain le message avast apparait à chaque fois.
1er message : [URL=http://imageshack.com/f/03erreur1pj8p][IMG]http://img3.imageshack.us/img3/8527/erreur1pj8.th.png[/IMG][/URL]
2eme message : [URL=https://imageshack.com/][IMG]http://img16.imageshack.us/img16/2432/erreur2ek2.th.png[/IMG][/URL]
voilà, quelqu'un pourrait m'aider à éliminer ce problème, merci d'avance.
A chaque fois que je démarre firefox avast me met un message avast comme quoi un cheval de Troie a été trouvé et je vois le nom adzgalore ce même nom apparait dans des fenêtres de pub s qui s'ouvre dans firefox (ce qui est inhabituelle pour moi). Sur ce 1er message avast je clique sur abandonner la connexion mais un 2eme message avast s'ouvre et me dit qu'un cheval de Troie a été trouvé et il me propose différents choix autre qu'abandonner la connexion et je fait donc supprimer. Mais en vain le message avast apparait à chaque fois.
1er message : [URL=http://imageshack.com/f/03erreur1pj8p][IMG]http://img3.imageshack.us/img3/8527/erreur1pj8.th.png[/IMG][/URL]
2eme message : [URL=https://imageshack.com/][IMG]http://img16.imageshack.us/img16/2432/erreur2ek2.th.png[/IMG][/URL]
voilà, quelqu'un pourrait m'aider à éliminer ce problème, merci d'avance.
Configuration: Windows XP Firefox 3.0.6
25 réponses
- 1
- 2
Suivant
-
Hello
● Télécharge DDS.scr de sUBs sur le bureau.
(!) L'outil ne nécessite pas d'installation.
Lances-le en cliquant sur l'icône dds.scr.
Cette fenêtre DOS va apparaitre : https://i75.servimg.com/u/f75/11/05/93/83/ddsdos10.jpg
● Le scan ne doit pas dépasser trois minutes.
● Un premier rapport va s'ouvrir que tu enregistreras sous DDS.txt par défaut sur le bureau.
● Il te sera demandé si tu veux faire le scan optionnel.
Accepte par Oui
● Un nouveau rapport s'ouvre que tu enregistres sous Attach.txt sur le bureau.
Tu ne le fourniras que si nécessaire.
Poste moi le rapport DDS.txt.
++ -
Salut,
merci de ta réponse rapide . Voila le rapport demandé :
DDS (Ver_09-02-01.01) - NTFSx86
Run by Luis at 19:47:03,93 on 19/02/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.446.26 [GMT 1:00]
AV: Bitdefender Antivirus *On-access scanning disabled* (Updated)
AV: avast! antivirus 4.8.1335 [VPS 090218-0] *On-access scanning enabled* (Updated)
FW: Bitdefender Firewall *disabled*
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lexmark 6200 Series\lxbumon.exe
C:\Program Files\Lexmark 6200 Series\ezprint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\lxbucoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Luis\Bureau\dds.scr
============== Pseudo HJT Report ===============
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Aide pour le lien d'Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelper.dll
BHO: adzgalore: {10116804-28fb-26b2-4e73-b9001bdec477} - c:\windows\system32\nsy33.dll
BHO: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - No File
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.2.8.7.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\fichiers communs\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ISUSPM Startup] c:\progra~1\fichie~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\fichiers communs\installshield\updateservice\issch.exe" -start
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [lxbumon.exe] "c:\program files\lexmark 6200 series\lxbumon.exe"
mRun: [EzPrint] "c:\program files\lexmark 6200 series\ezprint.exe"
mRun: [LXBUCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXBUtime.dll,_RunDLLEntry@16
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album edition découverte\3.0\apps\apdproxy.exe"
StartupFolder: c:\docume~1\luis\menudm~1\progra~1\dmarra~1\adobeg~1.lnk - c:\program files\fichiers communs\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\luis\menudm~1\progra~1\dmarra~1\pin.lnk - c:\hp\bin\CLOAKER.EXE
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.2.8.7.dll/206
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
Trusted Zone: canalplay.com
Trusted Zone: canalplay.com
Trusted Zone: canalplusactive.com
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://webscanner.kaspersky.fr/kavwebscan_unicode.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} - hxxp://musicmix.messenger.msn.com/Medialogic.CAB
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://lewebdeluis.spaces.live.com//PhotoUpload/MsnPUpld.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182437815265
DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - hxxp://www.inoculer.com/antivirus/Msie/bitdefender.cab
DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://ma-config.com/activex/hardwaredetection_3_1_1_0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: {3DCD8BE7-7B06-4F7E-8D8D-9413D21A7180} = 80.10.246.130 81.253.149.10
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LMIinit - LMIinit.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - c:\progra~1\fichie~1\stardock\MCPCore.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\luis\applic~1\mozilla\firefox\profiles\ca315kh0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www3.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - prefs.js: keyword.URL - hxxp://www3.yoog.com/search.php?q=
FF - component: c:\program files\mozilla firefox\components\d15d4f46-2ea2-4c8e-bb2c-5220ce6073e2.dll
FF - component: c:\program files\mozilla firefox\components\nsadzgalore.dll
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\fichiers communs\mpdrm\NPMPDRM.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMPDRM.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppsynth.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\photosynth\nppsynth.dll
---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www3.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www3.yoog.com/search.php?q=
============= SERVICES / DRIVERS ===============
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-2-15 28544]
R0 Ramdisk;Ramdisk Driver;c:\windows\system32\drivers\RamDsk.sys [2004-9-28 26240]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-26 114768]
R2 ADSLAutoconnect;ADSLAutoconnect;c:\program files\adsl autoconnect\ADSL Autoconnect.exe [2007-2-27 446464]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-10-26 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-10-26 138680]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-8-3 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-4-9 47640]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-10-26 254040]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [2008-1-12 7168]
S2 gupdate1c98636a24acf5c;Google Update Service (gupdate1c98636a24acf5c);c:\program files\google\update\GoogleUpdate.exe [2009-2-3 133104]
S3 aaudstum;aaudstum;\??\c:\docume~1\luis\locals~1\temp\aaudstum.sys --> c:\docume~1\luis\locals~1\temp\aaudstum.sys [?]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-10-26 352920]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2007-5-29 20608]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-10-19 10664]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-1-24 216232]
S3 se57bus;Sony Ericsson Device 087 driver (WDM);c:\windows\system32\drivers\se57bus.sys [2008-4-18 61536]
S3 se57mdfl;Sony Ericsson Device 087 USB WMC Modem Filter;c:\windows\system32\drivers\se57mdfl.sys [2008-4-18 9360]
S3 se57mdm;Sony Ericsson Device 087 USB WMC Modem Driver;c:\windows\system32\drivers\se57mdm.sys [2008-4-18 97088]
S3 se57mgmt;Sony Ericsson Device 087 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\se57mgmt.sys [2008-4-18 88624]
S3 se57nd5;Sony Ericsson Device 087 USB Ethernet Emulation SEMC57 (NDIS);c:\windows\system32\drivers\se57nd5.sys [2008-4-18 18704]
S3 se57obex;Sony Ericsson Device 087 USB WMC OBEX Interface;c:\windows\system32\drivers\se57obex.sys [2008-4-18 86432]
S3 se57unic;Sony Ericsson Device 087 USB Ethernet Emulation SEMC57 (WDM);c:\windows\system32\drivers\se57unic.sys [2008-4-18 90800]
S3 Service CANALPLAY;Service CANALPLAY;c:\program files\lecteur canalplay\CanalPlayService.exe [2008-11-7 436096]
S4 Boonty Games;Boonty Games;"c:\program files\fichiers communs\boonty shared\service\boonty.exe" --> c:\program files\fichiers communs\boonty shared\service\Boonty.exe [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
============== File Associations ===============
regfile=regedit.exe "%1" %*
scrfile="%1" %*
=============== Created Last 30 ================
2009-02-15 19:21 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-02-15 19:21 <DIR> --d----- c:\program files\Panda Security
2009-02-09 18:24 35 a------- c:\windows\A6W.INI
2009-02-09 18:24 <DIR> --d----- c:\windows\A6W_DATA
2009-02-06 17:11 <DIR> --d----- c:\program files\fichiers communs\Yahoo!
2009-02-04 19:35 <DIR> --d----- c:\program files\VirtualDub
2009-02-02 05:15 107,632 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-02-01 19:05 <DIR> --d----- C:\204ec9823cab4d8a0a
2009-02-01 14:18 <DIR> --d----- c:\program files\AusLogics Disk Defrag
2009-01-26 20:44 <DIR> --d----- c:\program files\JRE
2009-01-26 20:43 <DIR> --d----- c:\program files\OpenOffice.org 3
2009-01-22 21:33 <DIR> --d----- c:\program files\FMS
2009-01-21 19:53 85,662 a------- c:\windows\system32\6319f6dc-9da2-f664-0413-15fe293d40a5.exe
==================== Find3M ====================
2009-02-01 22:13 537,552 a------- c:\windows\system32\perfh00C.dat
2009-02-01 22:13 95,396 a------- c:\windows\system32\perfc00C.dat
2009-01-16 21:15 3,594,752 a------- c:\windows\system32\dllcache\mshtml.dll
2009-01-14 08:14 3,455,488 a------- c:\windows\system32\drivers\ati2mtag.sys
2009-01-14 08:14 3,455,488 a------- c:\windows\system32\dllcache\ati2mtag.sys
2009-01-14 06:46 11,591,680 a------- c:\windows\system32\atioglxx.dll
2009-01-14 05:53 286,720 a------- c:\windows\system32\atiok3x2.dll
2009-01-14 05:49 425,984 a------- c:\windows\system32\ATIDEMGX.dll
2009-01-14 05:47 323,584 a------- c:\windows\system32\ati2dvag.dll
2009-01-14 05:36 196,608 a------- c:\windows\system32\atipdlxx.dll
2009-01-14 05:36 151,552 a------- c:\windows\system32\Oemdspif.dll
2009-01-14 05:36 26,112 a------- c:\windows\system32\Ati2mdxx.exe
2009-01-14 05:35 43,520 a------- c:\windows\system32\ati2edxx.dll
2009-01-14 05:35 155,648 a------- c:\windows\system32\ati2evxx.dll
2009-01-14 05:34 598,016 a------- c:\windows\system32\ati2evxx.exe
2009-01-14 05:32 53,248 a------- c:\windows\system32\ATIDDC.DLL
2009-01-14 05:22 4,009,152 a------- c:\windows\system32\ati3duag.dll
2009-01-14 05:05 2,500,224 a------- c:\windows\system32\ativvaxx.dll
2009-01-14 04:50 48,640 a------- c:\windows\system32\amdpcom32.dll
2009-01-14 04:45 401,408 a------- c:\windows\system32\atikvmag.dll
2009-01-14 04:44 110,592 a------- c:\windows\system32\atiadlxx.dll
2009-01-14 04:44 17,408 a------- c:\windows\system32\atitvo32.dll
2009-01-14 04:43 53,248 a------- c:\windows\system32\drivers\ati2erec.dll
2009-01-14 04:37 307,200 a------- c:\windows\system32\atiiiexx.dll
2009-01-14 04:37 577,536 a------- c:\windows\system32\ati2cqag.dll
2009-01-14 03:36 45,056 a------- c:\windows\system32\amdcalrt.dll
2009-01-14 03:36 45,056 a------- c:\windows\system32\amdcalcl.dll
2009-01-14 03:34 3,227,648 a------- c:\windows\system32\Amdcaldd.dll
2009-01-13 21:05 593,920 -------- c:\windows\system32\ati2sgag.exe
2009-01-11 09:58 85,219 a------- c:\windows\system32\cont_adzgalore-remove.exe
2008-12-30 21:08 2,308 ac------ c:\docume~1\luis\applic~1\wklnhst.dat
2008-12-27 23:18 23,600 a------- c:\windows\system32\drivers\TVICHW32.SYS
2008-12-20 23:47 826,368 a------- c:\windows\system32\wininet.dll
2008-12-20 23:47 826,368 a------- c:\windows\system32\dllcache\wininet.dll
2008-12-20 23:47 1,160,192 a------- c:\windows\system32\dllcache\urlmon.dll
2008-12-20 23:47 233,472 a------- c:\windows\system32\dllcache\webcheck.dll
2008-12-20 23:47 671,232 a------- c:\windows\system32\dllcache\mstime.dll
2008-12-20 23:47 105,984 a------- c:\windows\system32\dllcache\url.dll
2008-12-20 23:47 102,912 a------- c:\windows\system32\dllcache\occache.dll
2008-12-20 23:47 44,544 a------- c:\windows\system32\dllcache\pngfilt.dll
2008-12-20 23:47 477,696 a------- c:\windows\system32\dllcache\mshtmled.dll
2008-12-20 23:47 193,024 a------- c:\windows\system32\dllcache\msrating.dll
2008-12-19 10:11 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 10:10 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 06:25 634,024 a------- c:\windows\system32\dllcache\iexplore.exe
2008-12-19 06:23 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2008-12-14 18:35 413,696 a------- c:\windows\system32\wrap_oal.dll
2008-12-14 18:35 110,592 a------- c:\windows\system32\OpenAL32.dll
2008-12-11 11:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2008-12-11 01:33 200,704 a------- c:\windows\system32\dtu100.dll
2008-12-11 01:33 86,016 a------- c:\windows\system32\dpl100.dll
2008-12-09 03:28 593,920 a------- c:\windows\system32\dpuGUI11.dll
2008-12-09 03:28 344,064 a------- c:\windows\system32\dpus11.dll
2008-12-09 03:28 294,912 a------- c:\windows\system32\dpu11.dll
2008-12-09 03:28 57,344 a------- c:\windows\system32\dpv11.dll
2008-12-08 12:53 57,344 a------- c:\windows\system32\ff_vfw.dll
2008-12-07 19:08 795,648 a------- c:\windows\system32\xvidcore.dll
2008-12-07 19:08 130,048 a------- c:\windows\system32\xvidvfw.dll
2008-12-05 00:11 308,584 a------- c:\windows\WLXPGSS.SCR
2008-12-02 22:37 49,480 a------- c:\windows\system32\sirenacm.dll
2008-04-14 19:00 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2006-10-07 21:54 390,023 ac-shr-- c:\program files\wunauclt.zip
2006-10-07 21:54 390,023 ac-shr-- c:\program files\wunauclt.tbe
2006-08-27 16:19 56,239 ac------ c:\program files\svchosts.tbe
2006-12-10 15:38 56 ---shr-- c:\windows\system32\C79846E283.sys
2006-12-10 15:38 3,350 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-06-17 11:59 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\historique\history.ie5\mshist012008061720080618\index.dat
============= FINISH: 19:49:44,14 =============== -
Re,
De rien.
Tu as 2 antivirus, Avast et Bitdefender, supprime-en un des 2 STP.
Puis en effet, il y a Adzgalore et ses potes qui squattent ton pc ..
/!\ Outils très puissant , ne pas reproduire la manip ci-dessous sur son pc sans y avoir été autorisé par une personne compétente /!\
Télécharge ComboFix ici → http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Et enregistre le sur le bureau >>> /!\ IMPORTANT /!\
Lors de son exécution, ComboFix va vérifier si la Console de récupération Microsoft Windows est installée.
Avec des infections comme celles d'aujourd'hui, il est fortement conseillé de l'avoir pré-installée sur votre PC avant toute suppression de nuisibles.
Elle vous permettra de démarrer dans un mode spécial, de récupération (réparation), qui nous permet de vous aider plus facilement si jamais votre ordinateur rencontre un problème après une tentative de nettoyage.
Suivez les invites pour permettre à ComboFix de télécharger et installer la Console de récupération Microsoft Windows, et lorsque cela vous est demandé, acceptez le Contrat de Licence Utilisateur Final pour installer la Console de récupération Microsoft Windows.
(!) Note importante: Si la Console de récupération Microsoft Windows est déjà installée, ComboFix continuera ses procédures de suppression de nuisibles.
AVANT d'utiliser ComboFix :
→ Déconnecte ton PC d'Internet et referme les fenêtres de tous les programmes en cours. /!\
→ Désactive provisoirement (et seulement le temps de l'utilisation de ComboFix), la protection en temps réel de ton Antivirus et de tes Antispywares et de TOUT tes logiciels de protection !!!, (activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil). /!\
Sur ton bureau double clic sur Combofix.exe.
Appuies sur la touche 1, pour que le programme commence à s'exécuter et suis les instructions à l'écran.
/!\ PENDANT TOUTE la durée (ça peut être assez long si le pc est très infecté) du scan de ComboFix, n'ouvres aucun programme, ne touche pas à ta souris et ne surfe pas sur le net /!\
Soit patient (même si tu penses que le PC est arrêté) ; les temps « d'arrêt apparent » sont parfois de plusieurs minutes (il y a ± 50 étapes d’analyse).
En cours de nettoyage il est possible, que tu reçoives un avertissement te disant que le pc va redémarrer, laisse le faire.
Après le redemarrage du pc, un rapport s'ouvrira dans le Bloc notes en fin d'analyse, copie et colle tout son contenu dans ton prochain message.
(Le fichier rapport Combofix.txt , est ensuite automatiquement sauvegardé dans C:\Combofix.txt)
Tutorial ( aide ):
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
++
-
Bon j'ai fait ce que tu m'as dit. Pour bitdefender je l'avais installé puis désinstallé il y a longtemps et il n'est pas dans la liste du désinstallateur windows. Voilà le rapport :
ComboFix 09-02-18.01 - Luis 2009-02-19 20:36:38.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.446.91 [GMT 1:00]
Lancé depuis: c:\documents and settings\Luis\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090218-0] *On-access scanning disabled* (Updated)
AV: Bitdefender Antivirus *On-access scanning disabled* (Updated)
FW: Bitdefender Firewall *disabled*
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Luis\Menu D‚marrer\Programmes\Adzgalore Games Collection
c:\documents and settings\Luis\Menu Démarrer\Programmes\Adzgalore Games Collection\Bob and Bill adventures - Wild Hunting.lnk
c:\documents and settings\Luis\Menu Démarrer\Programmes\Adzgalore Games Collection\Crazy Blocks.lnk
c:\documents and settings\Luis\Menu Démarrer\Programmes\Adzgalore Games Collection\Lines.lnk
c:\documents and settings\Luis\Menu Démarrer\Programmes\Adzgalore Games Collection\The Battles Of Helicopters.lnk
c:\documents and settings\Luis\Menu Démarrer\Programmes\Adzgalore Games Collection\Video Pool.lnk
c:\program files\Mozilla Firefox\components\d15d4f46-2ea2-4c8e-bb2c-5220ce6073e2.dll
c:\program files\Mozilla Firefox\components\nsadzgalore.dll
c:\windows\system32\adzgalore-remove.exe
c:\windows\system32\cont_adzgalore-remove.exe
c:\windows\system32\d3d8caps.dat
c:\windows\system32\dumphive.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
F:\install.exe
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Legacy_ONESTEP_SEARCH_SERVICE
-------\Service_Boonty Games
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-19 au 2009-02-19 ))))))))))))))))))))))))))))))))))))
.
2009-02-15 19:21 . 2009-02-15 19:21 <REP> d-------- c:\program files\Panda Security
2009-02-15 19:21 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-02-12 19:23 . 2009-02-12 19:23 <REP> d-------- c:\documents and settings\TEMP.VENTURA\WINDOWS
2009-02-12 19:23 . 2009-02-12 19:23 <REP> d-------- c:\documents and settings\TEMP.VENTURA\Voisinage r‚seau
2009-02-12 19:23 . 2009-02-12 19:23 <REP> d-------- c:\documents and settings\TEMP.VENTURA\Voisinage d'impression
2009-02-12 19:23 . 2009-02-12 19:23 <REP> d-------- c:\documents and settings\TEMP.VENTURA\ModŠles
2009-02-12 19:23 . 2009-02-12 19:23 <REP> d---s---- c:\documents and settings\TEMP.VENTURA\Mes documents
2009-02-12 19:23 . 2009-02-12 19:23 <REP> d-------- c:\documents and settings\TEMP.VENTURA\Menu D‚marrer
2009-02-12 19:23 . 2009-02-12 19:23 <REP> d---s---- c:\documents and settings\TEMP.VENTURA\Favoris
2009-02-12 19:23 . 2009-02-12 19:23 <REP> d-------- c:\documents and settings\TEMP.VENTURA\Bureau
2009-02-12 19:23 . 2009-02-12 19:23 <REP> d-------- c:\documents and settings\TEMP.VENTURA
2009-02-12 19:23 . 2009-02-12 19:23 <REP> d-------- c:\documents and settings\All Users\Application Data\ATI
2009-02-12 15:03 . 2009-02-12 15:03 1,374 --a------ c:\windows\imsins.BAK
2009-02-09 18:24 . 2009-02-09 18:24 <REP> d-------- c:\windows\A6W_DATA
2009-02-09 18:24 . 2009-02-09 18:24 35 --a------ c:\windows\A6W.INI
2009-02-06 17:11 . 2009-02-06 17:11 <REP> d-------- c:\program files\Fichiers communs\Yahoo!
2009-02-04 19:35 . 2009-02-04 19:35 <REP> d-------- c:\program files\VirtualDub
2009-02-02 05:15 . 2009-02-06 18:05 107,632 --a------ c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-02-01 19:05 . 2009-02-01 19:06 <REP> d-------- C:\204ec9823cab4d8a0a
2009-02-01 14:18 . 2009-02-01 14:19 <REP> d-------- c:\program files\AusLogics Disk Defrag
2009-01-26 21:00 . <REP> c:\documents and settings\HP_Propriétaire\Application Data\OpenOffice.org
2009-01-26 20:44 . 2009-01-26 20:44 <REP> d-------- c:\program files\JRE
2009-01-26 20:43 . 2009-01-26 20:43 <REP> d-------- c:\program files\OpenOffice.org 3
2009-01-22 21:33 . 2009-01-22 21:33 <REP> d-------- c:\program files\FMS
2009-01-21 19:53 . 2009-02-13 18:56 85,662 --a------ c:\windows\system32\6319f6dc-9da2-f664-0413-15fe293d40a5.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-19 09:04 --------- d-----w c:\program files\LogMeIn
2009-02-15 14:47 --------- d-----w c:\program files\DivX
2009-02-14 22:38 --------- d-----w c:\program files\Lx_cats
2009-02-14 22:12 --------- d-----w c:\program files\Mozilla Thunderbird
2009-02-13 18:53 --------- d-----w c:\program files\SystemRequirementsLab
2009-02-13 18:52 --------- d-----w c:\documents and settings\Luis\Application Data\SystemRequirementsLab
2009-02-13 16:11 --------- d-----w c:\program files\Google
2009-02-13 13:08 --------- d-----w c:\program files\ATI
2009-02-13 13:05 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-12 19:01 43,978 ----a-w c:\documents and settings\HP_Propriétaire\Application Data\wklnhst.dat
2009-02-12 18:25 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-12 15:57 --------- d-----w c:\program files\ATI Technologies
2009-02-12 15:46 --------- d-----w c:\program files\BitComet
2009-02-12 15:39 --------- d-----w c:\program files\ma-config.com
2009-02-12 15:39 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
2009-02-12 14:06 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-07 10:42 --------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2009-02-06 16:11 --------- d-----w c:\program files\Pinnacle
2009-01-31 09:59 --------- d-----w c:\program files\CCleaner
2009-01-23 11:15 --------- d-----w c:\program files\QuickTime
2009-01-23 10:45 --------- d-----w c:\documents and settings\Luis\Application Data\Browzar
2009-01-18 18:56 --------- d-----w c:\program files\K-Lite Codec Pack
2009-01-14 07:14 3,455,488 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2009-01-14 03:43 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2009-01-04 10:02 --------- d-----w c:\program files\CamStudio
2008-12-30 22:33 --------- d-----w c:\documents and settings\Luis\Application Data\FileZilla
2008-12-30 20:08 2,308 -c--a-w c:\documents and settings\Luis\Application Data\wklnhst.dat
2008-12-30 13:07 --------- d-----w c:\program files\Good Shot
2008-12-29 22:22 --------- d-----w c:\program files\adslTV
2008-12-29 22:18 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\vlc
2008-12-29 22:07 --------- d-----w c:\program files\PeerTV
2008-12-28 15:48 --------- d-----w c:\program files\Maxis
2008-12-27 22:18 23,600 ----a-w c:\windows\system32\drivers\TVICHW32.SYS
2008-12-27 19:06 --------- d-----w c:\program files\MyMPxPlayer.org
2008-12-27 10:32 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-27 10:32 --------- d-----w c:\program files\KCM
2008-12-22 16:06 --------- d-----w c:\program files\World of Warcraft
2008-12-22 12:01 --------- d-----w c:\program files\Java
2008-12-20 20:43 --------- d-----w c:\program files\7-Zip
2008-12-20 20:20 --------- d-----w c:\program files\iWizz
2008-12-19 17:30 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-12-19 16:12 --------- d-----w c:\documents and settings\Luis\Application Data\InstallShield
2008-12-19 16:03 --------- d-----w c:\program files\Realtek AC97
2008-12-19 09:12 --------- d-----w c:\program files\Windows Live
2008-12-19 09:09 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2008-12-04 23:11 308,584 ----a-w c:\windows\WLXPGSS.SCR
2008-04-14 18:00 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2007-09-27 15:53 0 -c--a-w c:\documents and settings\Marina et Anna\Application Data\wklnhst.dat
2006-10-07 20:54 390,023 -csha-r c:\program files\wunauclt.zip
2006-10-07 20:54 390,023 -csha-r c:\program files\wunauclt.tbe
2006-08-27 15:19 56,239 -c--a-w c:\program files\svchosts.tbe
2007-01-23 12:07 1,847,296 -c--a-w c:\program files\mozilla firefox\plugins\Seadragon.dll
2006-12-10 14:38 56 --sh--r c:\windows\system32\C79846E283.sys
2006-12-10 14:38 3,350 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-06-17 10:59 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008061720080618\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-26 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"lxbumon.exe"="c:\program files\Lexmark 6200 Series\lxbumon.exe" [2005-01-18 196608]
"EzPrint"="c:\program files\Lexmark 6200 Series\ezprint.exe" [2004-09-17 61440]
"LXBUCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll" [2004-11-02 69632]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]
c:\documents and settings\Luis\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-01-03 27136]
c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-01-03 27136]
c:\documents and settings\Anna\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-01-03 27136]
c:\documents and settings\HP_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]
PowerReg Scheduler.exe [2008-08-25 256000]
c:\documents and settings\Marina et Anna\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-01-03 27136]
c:\documents and settings\Luis\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-01-03 27136]
c:\documents and settings\Luis\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-01-03 27136]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-18 21:23 87352 c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.mjpg"= pvmjpg30.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:F *
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ZDWLan Utility.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\ZDWLan Utility.lnk
backup=c:\windows\pss\ZDWLan Utility.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Luis^Menu Démarrer^Programmes^Démarrage^Shareaza Turbo Booster.lnk]
path=c:\documents and settings\Luis\Menu Démarrer\Programmes\Démarrage\Shareaza Turbo Booster.lnk
backup=c:\windows\pss\Shareaza Turbo Booster.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Luis^Menu Démarrer^Programmes^Démarrage^Yahoo! Widget Engine.lnk]
path=c:\documents and settings\Luis\Menu Démarrer\Programmes\Démarrage\Yahoo! Widget Engine.lnk
backup=c:\windows\pss\Yahoo! Widget Engine.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-11-07 14:16 111936 c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-08-13 21:05 344064 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2008-07-21 11:05 91440 c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2007-10-25 15:33 563984 c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-10-25 15:37 2178832 c:\program files\Logitech\QuickCam\Quickcam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
--a------ 2007-08-03 14:09 63048 c:\program files\LogMeIn\x86\LogMeInSystray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mouseElf]
--a------ 2005-02-25 09:02 184320 c:\progra~1\SCROLL~1\MouseElf.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 16:18 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2006-11-24 01:06 487424 c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2008-08-29 17:11 61440 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-12-06 10:16 1410296 c:\program files\Steam\Steam.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\eMulec\\emule.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre1.5.0_05\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Lecteur CANALPLAY\\CanalPlayer.exe"=
"c:\\Program Files\\stickies\\stickies.exe"=
"c:\\WINDOWS\\system32\\lxbucoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxbuPSWX.EXE"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"c:\\Program Files\\Apprentice\\Appr.exe"=
"c:\\Program Files\\Infogrames\\Monopoly\\Monopoly.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Documents and Settings\\Luis\\Bureau\\openarena-0.7.0\\openarena.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\PeerTV\\PeerCast.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Chaos Theory\\System\\splintercell3.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Chaos Theory\\Versus\\System\\SCCT_Versus.ex"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"3724:TCP"= 3724:TCP:WOW
"6112:TCP"= 6112:TCP:WOW2
"6881:TCP"= 6881:TCP:WOW3
"6999:TCP"= 6999:TCP:WOW4
"14147:TCP"= 14147:TCP:ftp
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-02-15 28544]
R0 Ramdisk;Ramdisk Driver;c:\windows\system32\drivers\RamDsk.sys [2004-09-28 26240]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-26 114768]
R2 ADSLAutoconnect;ADSLAutoconnect;c:\program files\ADSL Autoconnect\ADSL Autoconnect.exe [2007-02-27 446464]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-10-26 20560]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2007-08-03 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-04-09 47640]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [2008-01-12 7168]
S2 gupdate1c98636a24acf5c;Google Update Service (gupdate1c98636a24acf5c);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 133104]
S3 aaudstum;aaudstum;\??\c:\docume~1\Luis\LOCALS~1\Temp\aaudstum.sys --> c:\docume~1\Luis\LOCALS~1\Temp\aaudstum.sys [?]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2007-05-29 20608]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-10-19 10664]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-01-24 216232]
S3 se57bus;Sony Ericsson Device 087 driver (WDM);c:\windows\system32\drivers\se57bus.sys [2008-04-18 61536]
S3 se57mdfl;Sony Ericsson Device 087 USB WMC Modem Filter;c:\windows\system32\drivers\se57mdfl.sys [2008-04-18 9360]
S3 se57mdm;Sony Ericsson Device 087 USB WMC Modem Driver;c:\windows\system32\drivers\se57mdm.sys [2008-04-18 97088]
S3 se57mgmt;Sony Ericsson Device 087 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\se57mgmt.sys [2008-04-18 88624]
S3 se57nd5;Sony Ericsson Device 087 USB Ethernet Emulation SEMC57 (NDIS);c:\windows\system32\drivers\se57nd5.sys [2008-04-18 18704]
S3 se57obex;Sony Ericsson Device 087 USB WMC OBEX Interface;c:\windows\system32\drivers\se57obex.sys [2008-04-18 86432]
S3 se57unic;Sony Ericsson Device 087 USB Ethernet Emulation SEMC57 (WDM);c:\windows\system32\drivers\se57unic.sys [2008-04-18 90800]
S3 Service CANALPLAY;Service CANALPLAY;c:\program files\Lecteur CANALPLAY\CanalPlayService.exe [2008-11-07 436096]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab72c0b4-44ee-11dd-8993-0013d3f59f00}]
\Shell\AutoRun\command - M:\start.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserRemove
.
Contenu du dossier 'Tâches planifiées'
2009-02-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2009-02-19 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 20:35]
2009-02-13 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2004\SystemOptimizer.exe []
2009-02-14 c:\windows\Tasks\Nettoyage de disque.job
- c:\windows\system32\cleanmgr.exe [2008-04-14 03:33]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{10116804-28fb-26b2-4e73-b9001bdec477} - c:\windows\system32\nsy33.dll
HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
HKLM-Run-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
MSConfigStartUp-CanalPlayerHelper - c:\program files\Lecteur CANALPLAY\CanalPlayerHelper.exe
MSConfigStartUp-FileZilla Server Interface - c:\program files\FileZilla Server\FileZilla Server Interface.exe
MSConfigStartUp-LogitechVideo[inspector] - c:\program files\Logitech\Video\InstallHelper.exe
MSConfigStartUp-msnmsgr - c:\program files\MSN Messenger\msnmsgr.exe
MSConfigStartUp-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
MSConfigStartUp-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
MSConfigStartUp-System Files Updater - c:\windows\FlyakiteOSX\Tools\System Files Updater.exe
MSConfigStartUp-WOOKIT - c:\progra~1\Wanadoo\GestMaj.exe
MSConfigStartUp-WOOTASKBARICON - c:\progra~1\Wanadoo\GestMaj.exe
MSConfigStartUp-WOOWATCH - c:\progra~1\Wanadoo\Watch.exe
MSConfigStartUp-ZoneAlarm Client - c:\program files\Zone Labs\ZoneAlarm\zlclient.exe
.
------- Examen supplémentaire -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: canalplay.com
Trusted Zone: canalplay.com
Trusted Zone: canalplusactive.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://ma-config.com/activex/hardwaredetection_3_1_1_0.cab
FF - ProfilePath - c:\documents and settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www3.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - prefs.js: keyword.URL - hxxp://www3.yoog.com/search.php?q=
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Fichiers communs\mpDRM\NPMPDRM.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMPDRM.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppsynth.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\Photosynth\nppsynth.dll
---- PARAMETRES FIREFOX ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www3.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www3.yoog.com/search.php?q=
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-19 20:58:16
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXBUCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Recherche de fichiers cachés ...
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,ea,72,9d,b2,fb,
9b,ef,d8,c8,28,51,af,b0,29,a3,98,ad,18,c3,3f,9b,89,e1,55,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,b8,5b,87,7e,fa,
d1,fd,b7,71,3b,04,66,8b,46,0d,96,09,a8,d6,0a,28,84,f7,13,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,41,56,20,38,94,
8c,4a,04,25,da,ec,7e,55,20,c9,26,07,cd,35,c3,13,7e,ca,db,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,b0,12,14,fc,86,
64,9b,b9,3e,1e,9e,e0,57,5a,93,61,03,25,a8,1d,92,86,fb,7e,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,2b,26,15,ad,d5,
5b,95,51,cd,44,cd,b9,a6,33,6c,cd,37,bb,53,11,f3,03,bb,12,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,30,7b,57,ad,64,
10,8f,c7,b0,18,ed,a7,3f,8d,37,a4,dd,d1,6a,e4,ee,15,cf,71,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,36,d9,be,76,fa,
f6,11,bd,31,77,e1,ba,b1,f8,68,02,c4,a0,8b,97,f8,12,16,2e,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,4b,f6,eb,89,98,
81,29,6b,83,6c,56,8b,a0,85,96,ab,0c,e2,6e,93,e1,71,77,48,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,f4,7b,3c,24,e8,
7e,03,43,51,fa,6e,91,28,9e,14,cc,01,ff,b8,d0,a7,a9,bc,a1,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,d1,aa,f6,4c,39,
06,3a,b1,b1,cd,45,5a,a8,c4,f8,b9,f0,0f,f3,45,df,23,87,07,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,7b,3b,e2,ca,8b,
1f,cb,e4,e3,0e,66,d5,eb,bc,2f,6b,97,18,7f,51,0e,09,87,71,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,03,2e,ba,54,00,
b7,b1,85,fa,ea,66,7f,d4,3b,6b,70,ea,23,2a,44,11,82,98,4f,6c,43,2d,1e,aa,22,\
[HKEY_LOCAL_MACHINE\software\mpDRM\LicenseStore*]
@DACL=
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\ramaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\searchindexer.exe
c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\lxbucoms.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Heure de fin: 2009-02-19 21:09:39 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-02-19 20:08:15
Avant-CF: 13ÿ883ÿ535ÿ360 octets libres
AprÞs-CF: 15,400,738,816 octets libres
506 --- E O F --- 2009-02-13 12:30:06 -
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question -
Re,
Ah d'accord, et bien je t'apprend que Bitdefender est toujours en activité sur ton pc ..
/!\ Manip crée spécialement pour cet utilisateur , ne pas reproduire chez soi ... /!\
Ouvre le Bloc-Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Copie ce texte ( en gras )d'une traite ( CTRL+C pour copier ) puis colle-le ( CTRL+V dans le bloc-note )
File::
c:\windows\system32\6319f6dc-9da2-f664-0413-15fe293d40a5.exe
c:\program files\wunauclt.tbe
c:\program files\wunauclt.zip
c:\program files\svchosts.tbe
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.mjpg"=""
DirLook::
C:\204ec9823cab4d8a0a
c:\documents and settings\TEMP.VENTURA
FileLook::
M:\start.exe
Sauvegarde ce fichier sur ton bureau sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt.
S'il n'y a pas de rédémarrage, poste quand même le rapport.
++ -
Up ;)
-
Voila le rapport :
ComboFix 09-02-18.01 - Luis 2009-02-19 21:50:32.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.446.52 [GMT 1:00]
Lancé depuis: c:\documents and settings\Luis\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Luis\Bureau\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090218-0] *On-access scanning disabled* (Updated)
AV: Bitdefender Antivirus *On-access scanning disabled* (Updated)
FW: Bitdefender Firewall *disabled*
* Un nouveau point de restauration a été créé
FILE ::
c:\program files\svchosts.tbe
c:\program files\wunauclt.tbe
c:\program files\wunauclt.zip
c:\windows\system32\6319f6dc-9da2-f664-0413-15fe293d40a5.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\svchosts.tbe
c:\program files\wunauclt.tbe
c:\program files\wunauclt.zip
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-19 au 2009-02-19 ))))))))))))))))))))))))))))))))))))
.
2009-02-15 19:21 . 2009-02-15 19:21 <REP> d-------- c:\program files\Panda Security
2009-02-15 19:21 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-02-12 19:23 . 2009-02-12 19:23 <REP> d-------- c:\documents and settings\TEMP.VENTURA\WINDOWS
2009-02-12 19:23 . 2009-02-12 19:23 <REP> d-------- c:\documents and settings\TEMP.VENTURA\Voisinage r‚seau
2009-02-12 19:23 . 2009-02-12 19:23 <REP> d-------- c:\documents and settings\TEMP.VENTURA\Voisinage d'impression
2009-02-12 19:23 . 2009-02-12 19:23 <REP> d-------- c:\documents and settings\TEMP.VENTURA\ModŠles
2009-02-12 19:23 . 2009-02-12 19:23 <REP> d---s---- c:\documents and settings\TEMP.VENTURA\Mes documents
2009-02-12 19:23 . 2009-02-12 19:23 <REP> d-------- c:\documents and settings\TEMP.VENTURA\Menu D‚marrer
2009-02-12 19:23 . 2009-02-12 19:23 <REP> d---s---- c:\documents and settings\TEMP.VENTURA\Favoris
2009-02-12 19:23 . 2009-02-12 19:23 <REP> d-------- c:\documents and settings\TEMP.VENTURA\Bureau
2009-02-12 19:23 . 2009-02-12 19:23 <REP> d-------- c:\documents and settings\TEMP.VENTURA
2009-02-12 19:23 . 2009-02-12 19:23 <REP> d-------- c:\documents and settings\All Users\Application Data\ATI
2009-02-12 15:03 . 2009-02-12 15:03 1,374 --a------ c:\windows\imsins.BAK
2009-02-09 18:24 . 2009-02-09 18:24 <REP> d-------- c:\windows\A6W_DATA
2009-02-09 18:24 . 2009-02-09 18:24 35 --a------ c:\windows\A6W.INI
2009-02-06 17:11 . 2009-02-06 17:11 <REP> d-------- c:\program files\Fichiers communs\Yahoo!
2009-02-04 19:35 . 2009-02-04 19:35 <REP> d-------- c:\program files\VirtualDub
2009-02-02 05:15 . 2009-02-06 18:05 107,632 --a------ c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-02-01 19:05 . 2009-02-01 19:06 <REP> d-------- C:\204ec9823cab4d8a0a
2009-02-01 14:18 . 2009-02-01 14:19 <REP> d-------- c:\program files\AusLogics Disk Defrag
2009-01-26 21:00 . <REP> c:\documents and settings\HP_Propriétaire\Application Data\OpenOffice.org
2009-01-26 20:44 . 2009-01-26 20:44 <REP> d-------- c:\program files\JRE
2009-01-26 20:43 . 2009-01-26 20:43 <REP> d-------- c:\program files\OpenOffice.org 3
2009-01-22 21:33 . 2009-01-22 21:33 <REP> d-------- c:\program files\FMS
2009-01-21 19:53 . 2009-02-13 18:56 85,662 --a------ c:\windows\system32\6319f6dc-9da2-f664-0413-15fe293d40a5.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-19 09:04 --------- d-----w c:\program files\LogMeIn
2009-02-15 14:47 --------- d-----w c:\program files\DivX
2009-02-14 22:38 --------- d-----w c:\program files\Lx_cats
2009-02-14 22:12 --------- d-----w c:\program files\Mozilla Thunderbird
2009-02-13 18:53 --------- d-----w c:\program files\SystemRequirementsLab
2009-02-13 18:52 --------- d-----w c:\documents and settings\Luis\Application Data\SystemRequirementsLab
2009-02-13 16:11 --------- d-----w c:\program files\Google
2009-02-13 13:08 --------- d-----w c:\program files\ATI
2009-02-13 13:05 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-12 19:01 43,978 ----a-w c:\documents and settings\HP_Propriétaire\Application Data\wklnhst.dat
2009-02-12 18:25 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-12 15:57 --------- d-----w c:\program files\ATI Technologies
2009-02-12 15:46 --------- d-----w c:\program files\BitComet
2009-02-12 15:39 --------- d-----w c:\program files\ma-config.com
2009-02-12 15:39 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
2009-02-12 14:06 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-07 10:42 --------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2009-02-06 16:11 --------- d-----w c:\program files\Pinnacle
2009-01-31 09:59 --------- d-----w c:\program files\CCleaner
2009-01-23 11:15 --------- d-----w c:\program files\QuickTime
2009-01-23 10:45 --------- d-----w c:\documents and settings\Luis\Application Data\Browzar
2009-01-18 18:56 --------- d-----w c:\program files\K-Lite Codec Pack
2009-01-14 07:14 3,455,488 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2009-01-14 03:43 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2009-01-04 10:02 --------- d-----w c:\program files\CamStudio
2008-12-30 22:33 --------- d-----w c:\documents and settings\Luis\Application Data\FileZilla
2008-12-30 20:08 2,308 -c--a-w c:\documents and settings\Luis\Application Data\wklnhst.dat
2008-12-30 13:07 --------- d-----w c:\program files\Good Shot
2008-12-29 22:22 --------- d-----w c:\program files\adslTV
2008-12-29 22:18 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\vlc
2008-12-29 22:07 --------- d-----w c:\program files\PeerTV
2008-12-28 15:48 --------- d-----w c:\program files\Maxis
2008-12-27 22:18 23,600 ----a-w c:\windows\system32\drivers\TVICHW32.SYS
2008-12-27 19:06 --------- d-----w c:\program files\MyMPxPlayer.org
2008-12-27 10:32 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-27 10:32 --------- d-----w c:\program files\KCM
2008-12-22 16:06 --------- d-----w c:\program files\World of Warcraft
2008-12-22 12:01 --------- d-----w c:\program files\Java
2008-12-20 20:43 --------- d-----w c:\program files\7-Zip
2008-12-20 20:20 --------- d-----w c:\program files\iWizz
2008-12-19 17:30 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-12-19 16:12 --------- d-----w c:\documents and settings\Luis\Application Data\InstallShield
2008-12-19 16:03 --------- d-----w c:\program files\Realtek AC97
2008-12-19 09:12 --------- d-----w c:\program files\Windows Live
2008-12-19 09:09 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2008-12-04 23:11 308,584 ----a-w c:\windows\WLXPGSS.SCR
2008-04-14 18:00 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2007-09-27 15:53 0 -c--a-w c:\documents and settings\Marina et Anna\Application Data\wklnhst.dat
2007-01-23 12:07 1,847,296 -c--a-w c:\program files\mozilla firefox\plugins\Seadragon.dll
2006-12-10 14:38 56 --sh--r c:\windows\system32\C79846E283.sys
2006-12-10 14:38 3,350 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-06-17 10:59 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008061720080618\index.dat
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
M:\start.exe -- Invalid filepath or file no longer exist
---- Directory of C:\204ec9823cab4d8a0a ----
2008-07-06 17:36 2936832 --------- c:\204ec9823cab4d8a0a\amd64\xpssvcs.dll
2008-07-06 13:06 89088 --------- c:\204ec9823cab4d8a0a\i386\filterpipelineprintproc.dll
2008-07-06 13:06 765440 --------- c:\204ec9823cab4d8a0a\i386\mxdwdrv.dll
2008-07-06 13:06 748032 --------- c:\204ec9823cab4d8a0a\amd64\mxdwdrv.dll
2008-07-06 13:06 1676288 --------- c:\204ec9823cab4d8a0a\i386\xpssvcs.dll
2008-07-06 13:06 147456 --------- c:\204ec9823cab4d8a0a\amd64\filterpipelineprintproc.dll
2008-07-06 13:06 10929 --------- c:\204ec9823cab4d8a0a\i386\msxpsdrv.cat
2008-07-06 13:06 10929 --------- c:\204ec9823cab4d8a0a\amd64\msxpsdrv.cat
2008-06-19 11:03 73 --------- c:\204ec9823cab4d8a0a\i386\msxpsinc.gpd
2008-06-19 11:03 73 --------- c:\204ec9823cab4d8a0a\amd64\msxpsinc.gpd
2008-06-19 06:33 72 --------- c:\204ec9823cab4d8a0a\i386\msxpsinc.ppd
2008-06-19 06:33 72 --------- c:\204ec9823cab4d8a0a\amd64\msxpsinc.ppd
2008-06-19 06:33 2204 --------- c:\204ec9823cab4d8a0a\i386\msxpsdrv.inf
2008-06-19 06:33 2204 --------- c:\204ec9823cab4d8a0a\amd64\msxpsdrv.inf
---- Directory of c:\documents and settings\TEMP.VENTURA ----
2009-02-12 19:21 67 ---hs---- c:\documents and settings\TEMP.VENTURA\Local Settings\Temporary Internet Files\Content.IE5\YL8NKZMV\desktop.ini
2009-02-12 19:21 67 ---hs---- c:\documents and settings\TEMP.VENTURA\Local Settings\Temporary Internet Files\Content.IE5\WRG3Q1KL\desktop.ini
2009-02-12 19:21 67 ---hs---- c:\documents and settings\TEMP.VENTURA\Local Settings\Temporary Internet Files\Content.IE5\UNE1YHST\desktop.ini
2009-02-12 19:21 67 ---hs---- c:\documents and settings\TEMP.VENTURA\Local Settings\Temporary Internet Files\Content.IE5\87CH6MH8\desktop.ini
2009-02-12 19:19 283 --ahs---- c:\documents and settings\TEMP.VENTURA\Mes documents\Ma musique\Desktop.ini
2009-02-12 19:19 282 --ahs---- c:\documents and settings\TEMP.VENTURA\Mes documents\Mes images\Desktop.ini
2009-02-12 19:19 177 --ahs---- c:\documents and settings\TEMP.VENTURA\Mes documents\desktop.ini
2009-02-12 19:19 150 --ahs---- c:\documents and settings\TEMP.VENTURA\Recent\Desktop.ini
2009-02-12 19:19 122 --ahs---- c:\documents and settings\TEMP.VENTURA\Favoris\Desktop.ini
2009-02-12 19:19 107 ---hs---- c:\documents and settings\TEMP.VENTURA\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
2008-09-09 19:58 67 --ahs---- c:\documents and settings\TEMP.VENTURA\Local Settings\Temporary Internet Files\desktop.ini
2008-09-09 19:58 67 --ahs---- c:\documents and settings\TEMP.VENTURA\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
2006-01-03 02:47 184 ---hs---- c:\documents and settings\TEMP.VENTURA\ntuser.ini
2006-01-03 02:39 62 --ahs---- c:\documents and settings\TEMP.VENTURA\Local Settings\desktop.ini
2006-01-03 02:31 1858 --a------ c:\documents and settings\TEMP.VENTURA\Favoris\eBay.lnk
2006-01-03 02:22 1795 --a------ c:\documents and settings\TEMP.VENTURA\Mes documents\Mes images\Samples.lnk
2006-01-03 02:22 1795 --a------ c:\documents and settings\TEMP.VENTURA\Mes documents\Ma musique\Samples.lnk
2006-01-03 02:13 980 --a------ c:\documents and settings\TEMP.VENTURA\Application Data\Microsoft\Internet Explorer\Quick Launch\RealPlayer.lnk
2006-01-03 01:52 11775488 --a------ c:\documents and settings\TEMP.VENTURA\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}\J2SE Runtime Environment 5.0 Update 5.msi
2006-01-03 01:51 56320 --a------ c:\documents and settings\TEMP.VENTURA\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}\1036.MST
2006-01-03 01:48 3434 --a------ c:\documents and settings\TEMP.VENTURA\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
2006-01-03 01:48 1633 --a------ c:\documents and settings\TEMP.VENTURA\Local Settings\Application Data\ApplicationHistory\SL42.tmp.fdcd3327.ini
2004-11-23 23:13 62 --ahs---- c:\documents and settings\TEMP.VENTURA\Application Data\desktop.ini
2004-11-23 22:25 113 --ahs---- c:\documents and settings\TEMP.VENTURA\Local Settings\Historique\desktop.ini
2004-11-23 22:25 0 --a------ c:\documents and settings\TEMP.VENTURA\SendTo\Mes documents.mydocs
2004-11-23 22:22 113 --ahs---- c:\documents and settings\TEMP.VENTURA\Local Settings\Historique\History.IE5\desktop.ini
2004-11-23 22:20 172 --ahs---- c:\documents and settings\TEMP.VENTURA\SendTo\desktop.ini
2004-11-23 22:20 0 --a------ c:\documents and settings\TEMP.VENTURA\SendTo\Destinataire.MAPIMail
c:\documents and settings\TEMP.VENTURA\SendTo\Dossier compressé.ZFSendToTarget
c:\documents and settings\TEMP.VENTURA\SendTo\Bureau (créer un raccourci).DeskLink
c:\documents and settings\TEMP.VENTURA\Modèles\amipro.sam
c:\documents and settings\TEMP.VENTURA\Mes documents\Mes vidéos\Samples.lnk
c:\documents and settings\TEMP.VENTURA\Mes documents\Mes vidéos\Desktop.ini
c:\documents and settings\TEMP.VENTURA\Mes documents\Mes images\Échantillons d'images.lnk
c:\documents and settings\TEMP.VENTURA\Mes documents\Ma musique\Échantillons de musique.lnk
c:\documents and settings\TEMP.VENTURA\Menu Démarrer\Programmes\Windows Media Player.lnk
c:\documents and settings\TEMP.VENTURA\Menu Démarrer\Programmes\Services en ligne\Services Internet.lnk
c:\documents and settings\TEMP.VENTURA\Menu Démarrer\Programmes\Services en ligne\Connexion Facile à Internet.lnk
c:\documents and settings\TEMP.VENTURA\Menu Démarrer\Programmes\Outlook Express.lnk
c:\documents and settings\TEMP.VENTURA\Menu Démarrer\Programmes\Multi-channel Sound Manager.lnk
c:\documents and settings\TEMP.VENTURA\Menu Démarrer\Programmes\Démarrage\Pin.lnk
c:\documents and settings\TEMP.VENTURA\Menu Démarrer\Programmes\Démarrage\desktop.ini
c:\documents and settings\TEMP.VENTURA\Menu Démarrer\Programmes\desktop.ini
c:\documents and settings\TEMP.VENTURA\Menu Démarrer\Programmes\Assistance à distance.lnk
c:\documents and settings\TEMP.VENTURA\Menu Démarrer\Programmes\Accessoires\Visite guidée de Windows XP.lnk
c:\documents and settings\TEMP.VENTURA\Menu Démarrer\Programmes\Accessoires\Synchroniser.lnk
c:\documents and settings\TEMP.VENTURA\Menu Démarrer\Programmes\Accessoires\Invite de commandes.lnk
c:\documents and settings\TEMP.VENTURA\Menu Démarrer\Programmes\Accessoires\Explorateur Windows.lnk
c:\documents and settings\TEMP.VENTURA\Menu Démarrer\Programmes\Accessoires\Divertissement\RealPlayer.lnk
c:\documents and settings\TEMP.VENTURA\Menu Démarrer\Programmes\Accessoires\Divertissement\desktop.ini
c:\documents and settings\TEMP.VENTURA\Menu Démarrer\Programmes\Accessoires\desktop.ini
c:\documents and settings\TEMP.VENTURA\Menu Démarrer\Programmes\Accessoires\Carnet d'adresses.lnk
c:\documents and settings\TEMP.VENTURA\Menu Démarrer\Programmes\Accessoires\Bloc-notes.lnk
c:\documents and settings\TEMP.VENTURA\Menu Démarrer\Programmes\Accessoires\Assistant Compatibilité des programmes.lnk
c:\documents and settings\TEMP.VENTURA\Menu Démarrer\Programmes\Accessoires\Accessibilité\Loupe.lnk
c:\documents and settings\TEMP.VENTURA\Menu Démarrer\Programmes\Accessoires\Accessibilité\Gestionnaire d'utilitaires.lnk
c:\documents and settings\TEMP.VENTURA\Menu Démarrer\Programmes\Accessoires\Accessibilité\desktop.ini
c:\documents and settings\TEMP.VENTURA\Menu Démarrer\Programmes\Accessoires\Accessibilité\Clavier visuel.lnk
c:\documents and settings\TEMP.VENTURA\Menu Démarrer\desktop.ini
c:\documents and settings\TEMP.VENTURA\Application Data\Microsoft\Internet Explorer\Quick Launch\Démarrer Internet Explorer.lnk
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-26 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"lxbumon.exe"="c:\program files\Lexmark 6200 Series\lxbumon.exe" [2005-01-18 196608]
"EzPrint"="c:\program files\Lexmark 6200 Series\ezprint.exe" [2004-09-17 61440]
"LXBUCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll" [2004-11-02 69632]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]
c:\documents and settings\Luis\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Le temps d'ex‚cution du script a ‚t‚ d‚pass‚ pour le script "c:\combofix\lnkread.vbs".
L'ex‚cution du script a pris fin.
c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-01-03 27136]
c:\documents and settings\Anna\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-01-03 27136]
c:\documents and settings\HP_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]
PowerReg Scheduler.exe [2008-08-25 256000]
c:\documents and settings\Marina et Anna\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-01-03 27136]
c:\documents and settings\Luis\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-01-03 27136]
c:\documents and settings\Luis\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-01-03 27136]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-18 21:23 87352 c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:F *
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ZDWLan Utility.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\ZDWLan Utility.lnk
backup=c:\windows\pss\ZDWLan Utility.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Luis^Menu Démarrer^Programmes^Démarrage^Shareaza Turbo Booster.lnk]
path=c:\documents and settings\Luis\Menu Démarrer\Programmes\Démarrage\Shareaza Turbo Booster.lnk
backup=c:\windows\pss\Shareaza Turbo Booster.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Luis^Menu Démarrer^Programmes^Démarrage^Yahoo! Widget Engine.lnk]
path=c:\documents and settings\Luis\Menu Démarrer\Programmes\Démarrage\Yahoo! Widget Engine.lnk
backup=c:\windows\pss\Yahoo! Widget Engine.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-11-07 14:16 111936 c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-08-13 21:05 344064 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2008-07-21 11:05 91440 c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2007-10-25 15:33 563984 c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-10-25 15:37 2178832 c:\program files\Logitech\QuickCam\Quickcam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
--a------ 2007-08-03 14:09 63048 c:\program files\LogMeIn\x86\LogMeInSystray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mouseElf]
--a------ 2005-02-25 09:02 184320 c:\progra~1\SCROLL~1\MouseElf.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 16:18 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2006-11-24 01:06 487424 c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2008-08-29 17:11 61440 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-12-06 10:16 1410296 c:\program files\Steam\Steam.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\eMulec\\emule.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre1.5.0_05\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Lecteur CANALPLAY\\CanalPlayer.exe"=
"c:\\Program Files\\stickies\\stickies.exe"=
"c:\\WINDOWS\\system32\\lxbucoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxbuPSWX.EXE"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"c:\\Program Files\\Apprentice\\Appr.exe"=
"c:\\Program Files\\Infogrames\\Monopoly\\Monopoly.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Documents and Settings\\Luis\\Bureau\\openarena-0.7.0\\openarena.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\PeerTV\\PeerCast.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Chaos Theory\\System\\splintercell3.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Chaos Theory\\Versus\\System\\SCCT_Versus.ex"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"3724:TCP"= 3724:TCP:WOW
"6112:TCP"= 6112:TCP:WOW2
"6881:TCP"= 6881:TCP:WOW3
"6999:TCP"= 6999:TCP:WOW4
"14147:TCP"= 14147:TCP:ftp
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-02-15 28544]
R0 Ramdisk;Ramdisk Driver;c:\windows\system32\drivers\RamDsk.sys [2004-09-28 26240]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-26 114768]
R2 ADSLAutoconnect;ADSLAutoconnect;c:\program files\ADSL Autoconnect\ADSL Autoconnect.exe [2007-02-27 446464]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-10-26 20560]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2007-08-03 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-04-09 47640]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [2008-01-12 7168]
S2 gupdate1c98636a24acf5c;Google Update Service (gupdate1c98636a24acf5c);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 133104]
S3 aaudstum;aaudstum;\??\c:\docume~1\Luis\LOCALS~1\Temp\aaudstum.sys --> c:\docume~1\Luis\LOCALS~1\Temp\aaudstum.sys [?]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2007-05-29 20608]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-10-19 10664]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-01-24 216232]
S3 se57bus;Sony Ericsson Device 087 driver (WDM);c:\windows\system32\drivers\se57bus.sys [2008-04-18 61536]
S3 se57mdfl;Sony Ericsson Device 087 USB WMC Modem Filter;c:\windows\system32\drivers\se57mdfl.sys [2008-04-18 9360]
S3 se57mdm;Sony Ericsson Device 087 USB WMC Modem Driver;c:\windows\system32\drivers\se57mdm.sys [2008-04-18 97088]
S3 se57mgmt;Sony Ericsson Device 087 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\se57mgmt.sys [2008-04-18 88624]
S3 se57nd5;Sony Ericsson Device 087 USB Ethernet Emulation SEMC57 (NDIS);c:\windows\system32\drivers\se57nd5.sys [2008-04-18 18704]
S3 se57obex;Sony Ericsson Device 087 USB WMC OBEX Interface;c:\windows\system32\drivers\se57obex.sys [2008-04-18 86432]
S3 se57unic;Sony Ericsson Device 087 USB Ethernet Emulation SEMC57 (WDM);c:\windows\system32\drivers\se57unic.sys [2008-04-18 90800]
S3 Service CANALPLAY;Service CANALPLAY;c:\program files\Lecteur CANALPLAY\CanalPlayService.exe [2008-11-07 436096]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab72c0b4-44ee-11dd-8993-0013d3f59f00}]
\Shell\AutoRun\command - M:\start.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserRemove
.
Contenu du dossier 'Tâches planifiées'
2009-02-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2009-02-19 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 20:35]
2009-02-13 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2004\SystemOptimizer.exe []
2009-02-14 c:\windows\Tasks\Nettoyage de disque.job
- c:\windows\system32\cleanmgr.exe [2008-04-14 03:33]
.
.
------- Examen supplémentaire -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: canalplay.com
Trusted Zone: canalplay.com
Trusted Zone: canalplusactive.com
TCP: {3DCD8BE7-7B06-4F7E-8D8D-9413D21A7180} = 81.253.149.9 80.10.246.132
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://ma-config.com/activex/hardwaredetection_3_1_1_0.cab
FF - ProfilePath - c:\documents and settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www3.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - prefs.js: keyword.URL - hxxp://www3.yoog.com/search.php?q=
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Fichiers communs\mpDRM\NPMPDRM.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMPDRM.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppsynth.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\Photosynth\nppsynth.dll
---- PARAMETRES FIREFOX ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www3.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www3.yoog.com/search.php?q=
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-19 21:56:05
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXBUCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Recherche de fichiers cachés ...
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,ea,72,9d,b2,fb,
9b,ef,d8,c8,28,51,af,b0,29,a3,98,ad,18,c3,3f,9b,89,e1,55,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,b8,5b,87,7e,fa,
d1,fd,b7,71,3b,04,66,8b,46,0d,96,09,a8,d6,0a,28,84,f7,13,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,41,56,20,38,94,
8c,4a,04,25,da,ec,7e,55,20,c9,26,07,cd,35,c3,13,7e,ca,db,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,b0,12,14,fc,86,
64,9b,b9,3e,1e,9e,e0,57,5a,93,61,03,25,a8,1d,92,86,fb,7e,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,2b,26,15,ad,d5,
5b,95,51,cd,44,cd,b9,a6,33,6c,cd,37,bb,53,11,f3,03,bb,12,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,30,7b,57,ad,64,
10,8f,c7,b0,18,ed,a7,3f,8d,37,a4,dd,d1,6a,e4,ee,15,cf,71,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,36,d9,be,76,fa,
f6,11,bd,31,77,e1,ba,b1,f8,68,02,c4,a0,8b,97,f8,12,16,2e,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,4b,f6,eb,89,98,
81,29,6b,83,6c,56,8b,a0,85,96,ab,0c,e2,6e,93,e1,71,77,48,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,f4,7b,3c,24,e8,
7e,03,43,51,fa,6e,91,28,9e,14,cc,01,ff,b8,d0,a7,a9,bc,a1,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,d1,aa,f6,4c,39,
06,3a,b1,b1,cd,45,5a,a8,c4,f8,b9,f0,0f,f3,45,df,23,87,07,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,7b,3b,e2,ca,8b,
1f,cb,e4,e3,0e,66,d5,eb,bc,2f,6b,97,18,7f,51,0e,09,87,71,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,03,2e,ba,54,00,
b7,b1,85,fa,ea,66,7f,d4,3b,6b,70,ea,23,2a,44,11,82,98,4f,6c,43,2d,1e,aa,22,\
[HKEY_LOCAL_MACHINE\software\mpDRM\LicenseStore*]
@DACL=
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Heure de fin: 2009-02-19 22:06:24
ComboFix-quarantined-files.txt 2009-02-19 21:05:01
ComboFix2.txt 2009-02-19 20:09:41
Avant-CF: 16ÿ506ÿ793ÿ984 octets libres
AprÞs-CF: 16,490,848,256 octets libres
530 --- E O F --- 2009-02-13 12:30:06 -
Re,
c:\windows\system32\6319f6dc-9da2-f664-0413-15fe293d40a5.exe
N'est pas parti, et ne partira pas. J'ai déjà eu ce cas, même avec un logiciel puissant de suppression (The Avenger pour la petite info), ça ne passera pas.
Ce que tu vas faire, c'est réinstaller Mozilla FireFox, okay ?
Une fois ceci fait, fait cela :Pour désinstaller complètement BitDefender 8 suivez l'une des procédures ci-dessous : Procédure automatique : - Allez dans le "Panneau de Configurations de Windows" puis dans "Ajout/Suppression de Programmes", ensuite sélectionnez BitDefender et cliquez sur "Supprimer". - Redémarrez votre ordinateur. - Téléchargez puis éxécutez le fichier disponible ici (BD-89-Uninstall.exe : ftp://ftp.editions-profil.eu/support/bitdefender8/BD-89-Uninstall.exe ) et précisez le répertoire d'installation (exemple: le bureau ou mes documents). - Lancez alors le fichier "Desinstall_All_BD8-9.bat" se trouvant dans le répertoire que vous avez indiqué. - Redémarrez votre ordintateur.
Tiré de : http://www.editions-profil.fr/support/BD8.aspx
*******************************************
● Télécharge et installe MalwareByte's Anti-Malware :http://www.malwarebytes.org/mbam/program/mbam-setup.exe
● Mets le à jour
● Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.
● Sélectionne Exécuter un examen RAPIDE si ce n'est pas déjà fait
● clique sur Rechercher
● Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur Ok
● Si MalwareByte's n'a rien détecté, clique sur Ok Un rapport va apparaître ferme-le.
● Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection
● Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.
Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok
Tutorial : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
++ -
ton lien pour le désinstalleur de bitdefender ne fonctionne pas.
Je fais le reste toute façon . -
Voila le rapport. Par contre c'est le premier que j'ai fait et aprés j'avais oubliés de supprimer la sélection, j'ai refait le scan qui à d'ailleurs aboutit au même résultat et j'ai eu un rapport mais le logiciel voulait que je redémarre et je n'ai donc pas pu enregistrer ce dernier rapport (qui je pense est le même que le suivant).
Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1782
Windows 5.1.2600 Service Pack 3
20/02/2009 22:58:16 Volivolou
mbam-log-2009-02-20 (22-58-15).txt
Type de recherche: Examen rapide
Eléments examinés: 99655
Temps écoulé: 7 minute(s), 42 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.Antivirus2008) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/uninst.bat (Trojan.Agent) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\uninst.bat (Trojan.Agent) -> No action taken.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\WhoisCL.exe (Adware.BHO) -> No action taken.
C:\WINDOWS\Downloaded Program Files\uninst.bat (Trojan.Agent) -> No action taken.
C:\Program Files\eoRezo (Rogue.Eorezo) -> No action taken. -
-
Hello
Désolé pour le retard ..
Télécharges AD-Remover sur ton bureau :
/!\ Déconnectes toi et fermes toutes applications en cours
● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
● Double clique sur l'icône Ad-remover située sur ton bureau
● Au menu principal choisi l'option "A"
● Postes le rapport qui apparait à la fin .
( le rapport est sauvegardé sous C:\Ad-report(date).log )
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note :
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
++ -
Salut,
Désolé pour le retard de ma réponse :
------- LOGFILE OF AD-REMOVER 1.1.1.5 | ONLY XP/VISTA -------
Updated by C_XX on 25/02/2009 at 20:30
Start at: 18:56:17 | Sam 28/02/2009 | Boot mode: Normal Boot
Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows XP™ Service Pack 3 (version 5.1.2600)
Computer Name: VENTURA
Current User: Luis - Administrator
Drive(s):
- C:\ (File System: NTFS)
- D:\ (File System: FAT32)
- F:\ (File System: NTFS)
- G:\ (File System: NTFS)
- Z:\ (File System: FAT)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\
--- Running Processes: 52
+-----------------| Boonty/Boonty Games Elements Found:
.
HKCR\boontybox
HKLM\Software\Boonty
HKLM\Software\Classes\boontybox
.
+-----------------| Eorezo Elements Found:
HKCR\EoRezoBHO.EoBho
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKLM\Software\EoRezo
HKLM\Software\Classes\EoRezoBHO.EoBho
HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
.
C:\Program Files\EoRezo
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\searchplugins\lost.xml
C:\Documents and Settings\HP_Propri‚taire\Application Data\Eorezo
+-----------------| Infected Poker Softwares Elements Found:
.
+-----------------| FunWebProducts/MyWay/MyWebSearch Elements Found:
.
.
+-----------------| It's TV Elements Found:
.
+-----------------| Sweetim Elements Found:
.
+-----------------| Other Adwares Found:
.
HKCR\CLSID\{C0056E1E-2B79-4B4A-AF60-AEEDA51AF822}
HKCR\Interface\{44D78D61-8C97-401C-ADC6-7FCF0A7366B5}
HKCR\Interface\{C0056E1E-2B79-4B4A-AF60-AEEDA51AF822}
HKCR\TypeLib\{12CE6895-E925-4498-9537-302FC7B02A35}
HKLM\Software\Classes\CLSID\{C0056E1E-2B79-4B4A-AF60-AEEDA51AF822}
HKLM\Software\Classes\Interface\{44D78D61-8C97-401C-ADC6-7FCF0A7366B5}
HKLM\Software\Classes\Interface\{C0056E1E-2B79-4B4A-AF60-AEEDA51AF822}
HKLM\Software\Classes\TypeLib\{12CE6895-E925-4498-9537-302FC7B02A35}
HKLM\Software\Trymedia Systems
.
C:\Program Files\Mozilla Firefox\extensions\{C7E0B063-1DC2-4DD0-A502-1D67957B9ADE}
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\searchplugins\Yoog Search.xml
C:\WINDOWS\System32\6319f6dc-9da2-f664-0413-15fe293d40a5.exe
+-----------------| Added Scan:
---- Mozilla FireFox Version 3.0.6 ----
ProfilePath: ca315kh0.default
.
Prefs.js: Browser.Search.DefaultEngineName: "Yoog Search"
Prefs.js: Browser.Search.SelectedEngine: "Yoog Search"
Prefs.js: Browser.Search.DefaultUrl: "hxxp://www3.yoog.com/search.php?q="
.
(Prefs.js) FOUND: user_pref("browser.search.defaultenginename", "Yoog Search");
(Prefs.js) FOUND: user_pref("browser.search.defaulturl", "http://www3.yoog.com/search.php?q=");
(Prefs.js) FOUND: user_pref("browser.search.selectedEngine", "Yoog Search");
(Prefs.js) FOUND: user_pref("keyword.URL", "http://www3.yoog.com/search.php?q=");
.
.
.
User.js: Browser.Search.DefaultEngineName: "Yoog Search"
User.js: Browser.Search.SelectedEngine: "Yoog Search"
User.js: Browser.Search.DefaultUrl: "hxxp://www3.yoog.com/search.php?q="
.
(User.js) FOUND: user_pref("browser.search.selectedEngine", "Yoog Search");
(User.js) FOUND: user_pref("keyword.URL", "http://www3.yoog.com/search.php?q=");
(User.js) FOUND: user_pref("browser.search.defaultenginename", "Yoog Search");
(User.js) FOUND: user_pref("browser.search.defaulturl", "http://www3.yoog.com/search.php?q=");
---- Internet Explorer Version 7.0.5730.11 ----
+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]
Default_Search_URL: hxxp://www.google.com/ie
Search bar: hxxp://www.google.com/ie
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
+-[HKEY_USERS\S-1-5-21-792680728-2042039511-3378621247-1011\..\Internet Explorer\Main]
Default_Search_URL: hxxp://www.google.com/ie
Search bar: hxxp://www.google.com/ie
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start page: hxxp://go.microsoft.com/fwlink/?LinkId=69157
+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
Tabs: hxxp://ieframe.dll/tabswelcome.htm
+---------------------------------------------------------------------------+
[~4700 Bytes] - C:\Ad-Report-Scan-28.02.2009.log
- C:\Program Files\Ad-remover\TOOLS\BACKUP
- C:\Program Files\Ad-remover\TOOLS\QUARANTINE
End at: 19:00:10 | 28/02/2009
.
+-----------------| E.O.F - 99 Lines
. -
Hello
Relance "Ad-remover" en faisant un clic-droit sur le raccourci et en cliquant sur "Exécuter en temps qu'administrateur", et choisis l'option "B" au menu principal
Coche à l'écran de sélection :
Suppression boonty/Boontygames
Suppression Eorezo
Suppression Autres adwares
Puis choisis "S" , le programme va travailler,
Poste le rapport qui apparait à la fin (il est aussi sauvegardé sous C:\Ad-report(date).log )
Je repasse plus tard
++ -
Voilà le rapport, au fait je suis en administrateur je n'ai pas eu à démarrer le programme en administrateur :
------- LOGFILE OF AD-REMOVER 1.1.1.5 | ONLY XP/VISTA -------
Updated by C_XX on 25/02/2009 at 20:30
*** LIMITED TO ***
Boonty/BoontyGames
Eorezo
Other Adwares
******************
Start at: 20:01:14 | Mar 03/03/2009 | Boot mode: Normal Boot
Option: CLEAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows XP™ Service Pack 3 (version 5.1.2600)
Computer Name: VENTURA
Current User: Luis - Administrator
Drive(s):
- C:\ (File System: NTFS)
- D:\ (File System: FAT32)
- F:\ (File System: NTFS)
- G:\ (File System: NTFS)
- Z:\ (File System: FAT)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\
--- Running Processes: 52
(!) ---- IE start pages/Tabs reset
+--------------------| Boonty/Boonty Games Elements Deleted :
.
HKCR\boontybox
HKLM\Software\Boonty
.
+-----------------| Eorezo Elements Deleted :
HKCR\EoRezoBHO.EoBho
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKLM\Software\EoRezo
.
C:\Program Files\EoRezo
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\searchplugins\lost.xml
C:\Documents and Settings\HP_Propri‚taire\Application Data\Eorezo
+-----------------| Other Adwares Deleted:
.
HKCR\CLSID\{C0056E1E-2B79-4B4A-AF60-AEEDA51AF822}
HKCR\Interface\{44D78D61-8C97-401C-ADC6-7FCF0A7366B5}
HKCR\Interface\{C0056E1E-2B79-4B4A-AF60-AEEDA51AF822}
HKCR\TypeLib\{12CE6895-E925-4498-9537-302FC7B02A35}
HKLM\Software\Trymedia Systems
.
C:\Program Files\Mozilla Firefox\extensions\{C7E0B063-1DC2-4DD0-A502-1D67957B9ADE}
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\searchplugins\Yoog Search.xml
C:\WINDOWS\System32\6319f6dc-9da2-f664-0413-15fe293d40a5.exe
(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.
+-----------------| Added Scan :
---- Mozilla FireFox Version 3.0.6 ----
ProfilePath: ca315kh0.default
.
Prefs.js: Browser.Search.DefaultEngineName: "Yoog Search"
Prefs.js: Browser.Search.SelectedEngine: "Yoog Search"
Prefs.js: Browser.Search.DefaultUrl: "hxxp://www3.yoog.com/search.php?q="
.
(Prefs.js) REMOVED: user_pref("browser.search.defaultenginename", "Yoog Search");
(Prefs.js) REMOVED: user_pref("browser.search.defaulturl", "http://www3.yoog.com/search.php?q=");
(Prefs.js) REMOVED: user_pref("browser.search.selectedEngine", "Yoog Search");
(Prefs.js) REMOVED: user_pref("keyword.URL", "http://www3.yoog.com/search.php?q=");
.
.
.
User.js: Browser.Search.DefaultEngineName: "Yoog Search"
User.js: Browser.Search.SelectedEngine: "Yoog Search"
User.js: Browser.Search.DefaultUrl: "hxxp://www3.yoog.com/search.php?q="
.
(User.js) REMOVED: user_pref("browser.search.selectedEngine", "Yoog Search");
(User.js) REMOVED: user_pref("keyword.URL", "http://www3.yoog.com/search.php?q=");
(User.js) REMOVED: user_pref("browser.search.defaultenginename", "Yoog Search");
(User.js) REMOVED: user_pref("browser.search.defaulturl", "http://www3.yoog.com/search.php?q=");
---- Internet Explorer Version 7.0.5730.11 ----
+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
+-[HKEY_USERS\S-1-5-21-792680728-2042039511-3378621247-1011\..\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://fr.msn.com/
+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
Tabs: hxxp://ieframe.dll/tabswelcome.htm
+---------------------------------------------------------------------------+
[~4608 Bytes] - C:\Ad-Report-Clean-03.03.2009.log
[~4921 Bytes] - C:\Ad-Report-Scan-28.02.2009.log
- C:\Program Files\Ad-remover\TOOLS\BACKUP
- C:\Program Files\Ad-remover\TOOLS\QUARANTINE
End at: 20:06:19 | 03/03/2009
.
+-----------------| E.O.F - 94 Lines
. -
-
Hello
encore un peu de patiente, demain je te donnerais les dernières manip et l'on finira ;)
A demain
++ -
-
-
voila le rapport (désolé pour le retard) :
DDS (Ver_09-02-01.01) - NTFSx86
Run by Luis at 20:12:25,21 on 13/03/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.446.93 [GMT 1:00]
AV: Bitdefender Antivirus *On-access scanning disabled* (Updated)
AV: avast! antivirus 4.8.1335 [VPS 090312-0] *On-access scanning enabled* (Updated)
FW: Bitdefender Firewall *disabled*
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lexmark 6200 Series\lxbumon.exe
C:\Program Files\Lexmark 6200 Series\ezprint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\lxbucoms.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Luis\Bureau\dds.scr
============== Pseudo HJT Report ===============
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Aide pour le lien d'Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {10116804-28fb-26b2-4e73-b9001bdec477} - No File
BHO: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - No File
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.2.8.7.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [ISUSPM Startup] c:\progra~1\fichie~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\fichiers communs\installshield\updateservice\issch.exe" -start
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [lxbumon.exe] "c:\program files\lexmark 6200 series\lxbumon.exe"
mRun: [EzPrint] "c:\program files\lexmark 6200 series\ezprint.exe"
mRun: [LXBUCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXBUtime.dll,_RunDLLEntry@16
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album edition découverte\3.0\apps\apdproxy.exe"
StartupFolder: c:\docume~1\luis\menudm~1\progra~1\dmarra~1\adobeg~1.lnk - c:\program files\fichiers communs\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\luis\menudm~1\progra~1\dmarra~1\pin.lnk - c:\hp\bin\CLOAKER.EXE
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.2.8.7.dll/206
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
Trusted Zone: canalplay.com
Trusted Zone: canalplay.com
Trusted Zone: canalplusactive.com
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://webscanner.kaspersky.fr/kavwebscan_unicode.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} - hxxp://musicmix.messenger.msn.com/Medialogic.CAB
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://lewebdeluis.spaces.live.com//PhotoUpload/MsnPUpld.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182437815265
DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - hxxp://www.inoculer.com/antivirus/Msie/bitdefender.cab
DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://ma-config.com/activex/hardwaredetection_3_1_1_0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: {3DCD8BE7-7B06-4F7E-8D8D-9413D21A7180} = 81.253.149.9 80.10.246.132
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LMIinit - LMIinit.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - c:\progra~1\fichie~1\stardock\MCPCore.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\luis\applic~1\mozilla\firefox\profiles\ca315kh0.default\
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\fichiers communs\mpdrm\NPMPDRM.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMPDRM.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppsynth.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\photosynth\nppsynth.dll
---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: keyword.enabled - true
============= SERVICES / DRIVERS ===============
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-2-15 28544]
R0 Ramdisk;Ramdisk Driver;c:\windows\system32\drivers\RamDsk.sys [2004-9-28 26240]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-26 114768]
R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-2-27 425080]
R2 ADSLAutoconnect;ADSLAutoconnect;c:\program files\adsl autoconnect\ADSL Autoconnect.exe [2007-2-27 446464]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-10-26 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-10-26 138680]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-8-3 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-4-9 47640]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-10-26 254040]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [2008-1-12 7168]
S2 gupdate1c98636a24acf5c;Google Update Service (gupdate1c98636a24acf5c);c:\program files\google\update\GoogleUpdate.exe [2009-2-3 133104]
S3 aaudstum;aaudstum;\??\c:\docume~1\luis\locals~1\temp\aaudstum.sys --> c:\docume~1\luis\locals~1\temp\aaudstum.sys [?]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-10-26 352920]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2007-5-29 20608]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-10-19 10664]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-1-24 216232]
S3 se57bus;Sony Ericsson Device 087 driver (WDM);c:\windows\system32\drivers\se57bus.sys [2008-4-18 61536]
S3 se57mdfl;Sony Ericsson Device 087 USB WMC Modem Filter;c:\windows\system32\drivers\se57mdfl.sys [2008-4-18 9360]
S3 se57mdm;Sony Ericsson Device 087 USB WMC Modem Driver;c:\windows\system32\drivers\se57mdm.sys [2008-4-18 97088]
S3 se57mgmt;Sony Ericsson Device 087 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\se57mgmt.sys [2008-4-18 88624]
S3 se57nd5;Sony Ericsson Device 087 USB Ethernet Emulation SEMC57 (NDIS);c:\windows\system32\drivers\se57nd5.sys [2008-4-18 18704]
S3 se57obex;Sony Ericsson Device 087 USB WMC OBEX Interface;c:\windows\system32\drivers\se57obex.sys [2008-4-18 86432]
S3 se57unic;Sony Ericsson Device 087 USB Ethernet Emulation SEMC57 (WDM);c:\windows\system32\drivers\se57unic.sys [2008-4-18 90800]
S3 Service CANALPLAY;Service CANALPLAY;c:\program files\lecteur canalplay\CanalPlayService.exe [2008-11-7 436096]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
=============== Created Last 30 ================
2009-03-09 18:27 <DIR> --d----- c:\program files\NetMeter
2009-03-01 18:54 <DIR> --d----- c:\program files\Wandering IPs
2009-02-28 18:54 <DIR> --d----- c:\program files\Ad-remover
2009-02-25 13:51 1,089,883 -------- c:\windows\system32\dllcache\ntprint.cat
2009-02-24 17:28 <DIR> --d----- c:\docume~1\luis\applic~1\Dev-Cpp
2009-02-24 17:28 <DIR> --d----- C:\Dev-Cpp
2009-02-20 22:30 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-20 22:30 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-20 22:29 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-19 20:34 161,792 a------- c:\windows\SWREG.exe
2009-02-19 20:34 98,816 a------- c:\windows\sed.exe
2009-02-15 19:21 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-02-15 19:21 <DIR> --d----- c:\program files\Panda Security
==================== Find3M ====================
2009-02-09 15:05 1,846,912 a------- c:\windows\system32\win32k.sys
2009-02-09 15:05 1,846,912 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-06 19:39 308,600 a------- c:\windows\WLXPGSS.SCR
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll
2009-02-06 18:05 107,632 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-02-01 22:13 537,552 a------- c:\windows\system32\perfh00C.dat
2009-02-01 22:13 95,396 a------- c:\windows\system32\perfc00C.dat
2009-01-16 21:15 3,594,752 a------- c:\windows\system32\dllcache\mshtml.dll
2009-01-14 08:14 3,455,488 a------- c:\windows\system32\drivers\ati2mtag.sys
2009-01-14 08:14 3,455,488 a------- c:\windows\system32\dllcache\ati2mtag.sys
2009-01-14 06:46 11,591,680 a------- c:\windows\system32\atioglxx.dll
2009-01-14 05:53 286,720 a------- c:\windows\system32\atiok3x2.dll
2009-01-14 05:49 425,984 a------- c:\windows\system32\ATIDEMGX.dll
2009-01-14 05:47 323,584 a------- c:\windows\system32\ati2dvag.dll
2009-01-14 05:36 196,608 a------- c:\windows\system32\atipdlxx.dll
2009-01-14 05:36 151,552 a------- c:\windows\system32\Oemdspif.dll
2009-01-14 05:36 26,112 a------- c:\windows\system32\Ati2mdxx.exe
2009-01-14 05:35 43,520 a------- c:\windows\system32\ati2edxx.dll
2009-01-14 05:35 155,648 a------- c:\windows\system32\ati2evxx.dll
2009-01-14 05:34 598,016 a------- c:\windows\system32\ati2evxx.exe
2009-01-14 05:32 53,248 a------- c:\windows\system32\ATIDDC.DLL
2009-01-14 05:22 4,009,152 a------- c:\windows\system32\ati3duag.dll
2009-01-14 05:05 2,500,224 a------- c:\windows\system32\ativvaxx.dll
2009-01-14 04:50 48,640 a------- c:\windows\system32\amdpcom32.dll
2009-01-14 04:45 401,408 a------- c:\windows\system32\atikvmag.dll
2009-01-14 04:44 110,592 a------- c:\windows\system32\atiadlxx.dll
2009-01-14 04:44 17,408 a------- c:\windows\system32\atitvo32.dll
2009-01-14 04:43 53,248 a------- c:\windows\system32\drivers\ati2erec.dll
2009-01-14 04:37 307,200 a------- c:\windows\system32\atiiiexx.dll
2009-01-14 04:37 577,536 a------- c:\windows\system32\ati2cqag.dll
2009-01-14 03:36 45,056 a------- c:\windows\system32\amdcalrt.dll
2009-01-14 03:36 45,056 a------- c:\windows\system32\amdcalcl.dll
2009-01-14 03:34 3,227,648 a------- c:\windows\system32\Amdcaldd.dll
2009-01-13 21:05 593,920 -------- c:\windows\system32\ati2sgag.exe
2008-12-30 21:08 2,308 ac------ c:\docume~1\luis\applic~1\wklnhst.dat
2008-12-20 23:47 826,368 a------- c:\windows\system32\wininet.dll
2008-12-20 23:47 826,368 a------- c:\windows\system32\dllcache\wininet.dll
2008-12-20 23:47 1,160,192 a------- c:\windows\system32\dllcache\urlmon.dll
2008-12-20 23:47 233,472 a------- c:\windows\system32\dllcache\webcheck.dll
2008-12-20 23:47 671,232 a------- c:\windows\system32\dllcache\mstime.dll
2008-12-20 23:47 105,984 a------- c:\windows\system32\dllcache\url.dll
2008-12-20 23:47 102,912 a------- c:\windows\system32\dllcache\occache.dll
2008-12-20 23:47 44,544 a------- c:\windows\system32\dllcache\pngfilt.dll
2008-12-20 23:47 477,696 a------- c:\windows\system32\dllcache\mshtmled.dll
2008-12-20 23:47 193,024 a------- c:\windows\system32\dllcache\msrating.dll
2008-12-19 10:11 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 10:10 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 06:25 634,024 a------- c:\windows\system32\dllcache\iexplore.exe
2008-12-19 06:23 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2008-12-14 18:35 413,696 a------- c:\windows\system32\wrap_oal.dll
2008-12-14 18:35 110,592 a------- c:\windows\system32\OpenAL32.dll
2008-04-14 19:00 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2006-12-10 15:38 56 ---shr-- c:\windows\system32\C79846E283.sys
2006-12-10 15:38 3,350 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-06-17 11:59 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\historique\history.ie5\mshist012008061720080618\index.dat
============= FINISH: 20:14:01,20 ===============
- 1
- 2
Suivant
