6 réponses
Neotri
Messages postés
3
Date d'inscription
jeudi 28 mai 2009
Statut
Membre
Dernière intervention
28 mai 2009
3
28 mai 2009 à 17:32
28 mai 2009 à 17:32
merci bcp a tous car moi aussi j eu le meme bleme et mnt tout va bien. merci.
salwa5
Messages postés
7452
Date d'inscription
jeudi 30 novembre 2006
Statut
Contributeur
Dernière intervention
18 août 2012
1 625
22 avril 2009 à 19:12
22 avril 2009 à 19:12
Le virus a modifier le registre . Il faut maintenant reparer le registre avec ce programe
telecharge combofix et lance le
http://download.bleepingcomputer.com/sUBs/combofix.exe (par sUBs) sur ton Bureau
Double clique combofix.exe.
Tape sur la touche Y (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
( de preference desactive ton antivirus car il empeche l'outil de bien travailler )
a++++
telecharge combofix et lance le
http://download.bleepingcomputer.com/sUBs/combofix.exe (par sUBs) sur ton Bureau
Double clique combofix.exe.
Tape sur la touche Y (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
( de preference desactive ton antivirus car il empeche l'outil de bien travailler )
a++++
Salut salwa
merci infinément de ton aide
tu es trés gentille et je te serai vraiment trés reconnaissant
voici le rapport que combofix m'a donné.
ComboFix 09-04-23.A3 - Administrateur 23/04/2009 21:18.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1256.20.1036.18.127.33 [GMT 2:00]
Running from: c:\program files\combofix\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090423-0] *On-access scanning disabled* (Updated)
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
c:\documents and settings\Administrateur\Application Data\addons.dat
c:\program files\FunWebProducts
c:\program files\FunWebProducts\ScreenSaver\Images\[u]0/u00B5276.urr
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.html
c:\program files\Internet Explorer\msimg32.dll
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\[u]0/u003A95D
c:\program files\MyWebSearch\bar\Cache\[u]0/u00497FC
c:\program files\MyWebSearch\bar\Cache\[u]0/u013031D
c:\program files\MyWebSearch\bar\Cache\[u]0/u09C9C4C.bin
c:\program files\MyWebSearch\bar\Cache\[u]0/u0FE9E20.bin
c:\program files\MyWebSearch\bar\Cache\[u]0/u0FEBF4C.bin
c:\program files\MyWebSearch\bar\Cache\[u]0/u0FEC2E5.bin
c:\program files\MyWebSearch\bar\Cache\[u]0/u0FEC516.bin
c:\program files\MyWebSearch\bar\Cache\[u]0/u0FEC73D.bin
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\windows\system32\AutoRun.inf
c:\windows\system32\f3PSSavr.scr
D:\Autorun.inf
F:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService
((((((((((((((((((((((((( Files Created from 2009-05-23 to 2009-4-23 )))))))))))))))))))))))))))))))
.
2009-04-23 19:12 . 2009-04-23 19:13 -------- d-----w c:\program files\combofix
2009-04-23 18:50 . 2009-04-23 18:53 394 ----a-w c:\windows\capture.ini
2009-04-23 18:42 . 2009-04-23 18:42 0 ----a-w c:\windows\CorelDrw.INI
2009-04-23 13:11 . 2009-04-23 18:42 -------- d-----w c:\documents and settings\Administrateur\Application Data\Corel
2009-04-23 13:07 . 2009-04-23 13:07 -------- d-----w c:\documents and settings\All Users\Application Data\Corel
2009-04-23 13:03 . 2009-04-23 18:41 -------- d-----w c:\program files\Fichiers communs\Corel
2009-04-23 13:03 . 2009-04-23 13:11 1140304 ----a-w c:\documents and settings\All Users\Application Data\pswi_preloaded.exe
2009-04-23 12:55 . 2009-04-23 13:11 88 --sh--r c:\windows\system32\4F9EE9CA71.sys
2009-04-23 12:55 . 2009-04-23 18:25 3766 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-04-23 12:52 . 2009-04-23 18:41 -------- d-----w c:\program files\Corel
2009-04-22 13:30 . 2009-04-22 16:21 -------- d-----w c:\documents and settings\Administrateur\Application Data\Download Manager
2009-04-22 12:24 . 2009-04-22 12:24 -------- d-----w c:\documents and settings\Administrateur\Application Data\HP
2009-04-19 15:55 . 2009-04-19 15:55 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-04-17 05:17 . 2009-04-18 19:18 -------- d-----w c:\documents and settings\Administrateur\Application Data\U3
2009-04-16 17:51 . 2009-04-16 17:51 -------- d-----w c:\documents and settings\Administrateur\WINDOWS
2009-04-16 17:02 . 2009-04-23 19:06 -------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2009-04-16 17:02 . 2009-04-16 17:02 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\SACore
2009-04-16 17:00 . 2009-04-16 17:00 -------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-04-16 17:00 . 2009-04-16 17:00 -------- d-----w c:\program files\Fichiers communs\McAfee
2009-04-16 16:59 . 2009-04-17 05:09 -------- d-----w c:\program files\McAfee
2009-04-16 16:59 . 2009-04-16 17:00 -------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-04-16 16:58 . 2009-04-19 15:56 -------- d-----w c:\documents and settings\Administrateur\Application Data\Yahoo!
2009-04-16 16:58 . 2009-04-19 15:55 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-04-16 16:58 . 2009-04-19 15:55 -------- d-----w c:\program files\Yahoo!
2009-04-16 16:26 . 2009-04-16 16:28 -------- d-----w c:\program files\Fichiers communs\IdiomaX Uninstall
2009-04-16 16:26 . 2009-04-16 16:28 -------- d-----w c:\program files\Fichiers communs\IdiomaX Shared
2009-04-16 16:26 . 2009-04-16 16:26 -------- d-----w c:\program files\IdiomaX
2009-04-16 16:10 . 2009-04-16 16:23 -------- d-----w c:\program files\traducteur
2009-04-13 14:44 . 2007-05-12 09:19 270336 ----a-w c:\windows\tsnp2std.exe
2009-04-13 14:44 . 2007-05-10 14:58 344064 ----a-w c:\windows\vsnp2std.exe
2009-04-13 14:44 . 2004-12-09 15:23 13022 ----a-w c:\windows\snp2std.src
2009-04-13 14:44 . 2004-12-09 15:23 15497 ----a-w c:\windows\snp2std.ini
2009-04-13 14:44 . 2007-01-25 16:48 25472 ----a-w c:\windows\system32\drivers\sncamd.sys
2009-04-13 14:44 . 2007-08-31 14:03 12212864 ----a-w c:\windows\system32\drivers\snp2sxp.sys
2009-04-13 14:43 . 2007-05-31 08:28 73728 ----a-w c:\windows\system32\vsnp2std.dll
2009-04-13 14:43 . 2007-02-05 13:25 151552 ----a-w c:\windows\system32\rsnp2std.dll
2009-04-13 14:43 . 2006-11-16 13:57 77824 ----a-w c:\windows\system32\csnp2std.dll
2009-04-13 14:43 . 2009-04-13 14:44 -------- d-----w c:\program files\Fichiers communs\snp2std
2009-04-13 14:43 . 2009-04-13 14:43 -------- d-----w c:\documents and settings\Administrateur\Application Data\InstallShield
2009-04-08 20:04 . 2009-04-08 20:04 -------- d-----w c:\documents and settings\Administrateur\Application Data\Screaming Bee
2009-04-08 19:28 . 2009-04-08 19:28 -------- d-----w c:\program files\Screaming Bee
2009-04-08 19:09 . 2009-04-08 19:09 -------- d-----w c:\program files\architecte
2009-04-08 18:25 . 2009-04-08 18:27 -------- d-----w c:\program files\son
2009-04-06 21:52 . 2009-04-10 19:07 -------- d-----w c:\temp\easytext
2009-04-06 21:52 . 2009-04-10 19:06 -------- d-----w C:\temp
2009-04-06 11:27 . 2009-04-06 11:27 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-04-06 11:26 . 2009-04-06 11:26 -------- d-----w c:\documents and settings\Administrateur\Local Settings\Application Data\Apple
2009-04-06 11:26 . 2009-04-06 11:26 -------- d-----w c:\program files\Apple Software Update
2009-04-06 11:26 . 2009-04-06 11:26 -------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-04-06 11:25 . 2009-04-06 11:25 -------- d-----w c:\documents and settings\Administrateur\Local Settings\Application Data\Apple Computer
2009-04-06 11:19 . 2009-04-06 11:19 23064 ----a-w c:\windows\system32\drivers\ScreamingBAudio.sys
2009-04-06 06:40 . 2009-04-06 06:40 -------- d-----w c:\documents and settings\All Users\Application Data\WEBREG
2009-04-06 06:34 . 2009-04-06 06:34 -------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-04-06 06:33 . 2007-03-30 15:11 267864 ----a-r c:\windows\system32\hpzids01.dll
2009-04-06 06:32 . 2007-03-28 12:01 117760 ----a-w c:\windows\system32\hpzll5ha.dll
2009-04-06 06:18 . 2009-04-06 06:18 -------- d-----w c:\documents and settings\All Users\Application Data\HPSSUPPLY
2009-04-06 06:15 . 2009-04-06 06:15 -------- d-----w c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-04-06 06:15 . 2009-04-06 06:19 -------- d-----w c:\documents and settings\All Users\Application Data\HP
2009-04-06 06:12 . 2009-04-06 06:12 -------- d-----w c:\program files\Fichiers communs\HP
2009-04-06 06:09 . 2009-04-06 06:09 -------- dc----w c:\windows\system32\DRVSTORE
2009-04-06 06:08 . 2009-04-06 06:18 -------- d-----w c:\program files\HP
2009-04-06 06:03 . 2009-04-06 06:37 152429 ----a-w c:\windows\HPHins15.dat
2009-04-06 06:03 . 2007-08-28 06:45 2828 ------w c:\windows\hphmdl15.dat
2009-04-05 13:58 . 2009-04-06 11:33 -------- d-----w c:\program files\quick time
2009-04-04 21:04 . 2009-04-04 21:04 -------- d-----w c:\program files\Microsoft Works
2009-04-04 21:02 . 2009-04-04 21:02 -------- d-----w c:\program files\MSBuild
2009-04-04 20:07 . 2009-04-04 20:58 -------- d-----w c:\windows\SHELLNEW
2009-04-04 19:52 . 2009-04-04 19:52 -------- d--h--r C:\MSOCache
2009-04-04 19:20 . 2009-04-04 20:20 -------- d-----w c:\program files\office
2009-04-03 18:44 . 2009-04-03 18:44 -------- d-----w c:\documents and settings\Administrateur\Local Settings\Application Data\Microsoft Help
2009-04-03 18:41 . 2009-04-04 21:14 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-03 18:39 . 2009-04-04 19:43 -------- d-----w c:\program files\MSECache
2009-04-02 21:50 . 2009-04-02 21:50 45 ---h--w c:\windows\dsez7291.dat
2009-04-02 21:09 . 2007-07-11 14:09 20480 ----a-w c:\windows\FixCamera.exe
2009-04-02 21:09 . 2007-07-20 13:38 81920 ----a-w c:\windows\amcap.exe
2009-04-02 16:51 . 2009-04-10 16:10 -------- d-----w c:\program files\ttt image
2009-04-02 12:33 . 2001-08-24 16:00 66594 -c--a-w c:\windows\system32\dllcache\c_858.nls
2009-04-02 12:33 . 2001-08-24 16:00 66594 ----a-w c:\windows\system32\c_858.nls
2009-04-02 12:33 . 2001-08-24 16:00 66082 -c--a-w c:\windows\system32\dllcache\c_20924.nls
2009-04-02 12:33 . 2001-08-24 16:00 66082 -c--a-w c:\windows\system32\dllcache\c_20423.nls
2009-04-02 12:33 . 2001-08-24 16:00 66082 ----a-w c:\windows\system32\c_20924.nls
2009-04-02 12:33 . 2001-08-24 16:00 66082 ----a-w c:\windows\system32\c_20423.nls
2009-04-02 12:33 . 2001-08-24 16:00 66082 -c--a-w c:\windows\system32\dllcache\c_870.nls
2009-04-02 12:33 . 2001-08-24 16:00 66082 ----a-w c:\windows\system32\c_870.nls
2009-04-02 12:33 . 2001-08-24 16:00 66082 -c--a-w c:\windows\system32\dllcache\c_20269.nls
2009-04-02 12:33 . 2001-08-24 16:00 66082 ----a-w c:\windows\system32\c_20269.nls
2009-04-02 12:29 . 2009-04-02 12:29 -------- d-----w c:\documents and settings\Administrateur\Application Data\shamela
2009-04-02 12:27 . 2009-01-03 09:59 32768 ----a-w c:\windows\system32\sUpdate1.dll
2009-04-02 12:27 . 1998-12-24 10:23 40960 ----a-w c:\windows\system32\vbame.dll
2009-04-02 12:27 . 1997-04-21 22:00 70400 ----a-w c:\windows\system32\vba332me.dll
2009-04-02 12:27 . 1999-09-28 19:42 1050896 ----a-w c:\windows\system32\msjet35.dll
2009-04-02 10:37 . 2004-08-03 21:01 25856 -c--a-w c:\windows\system32\dllcache\usbprint.sys
2009-04-02 10:37 . 2004-08-03 21:01 25856 ----a-w c:\windows\system32\drivers\usbprint.sys
2009-03-31 19:54 . 2004-08-03 21:08 26496 -c--a-w c:\windows\system32\dllcache\usbstor.sys
2009-03-31 12:34 . 2009-03-31 13:07 -------- d-----w c:\program files\Alwil Software
2009-03-30 22:05 . 2009-03-31 11:56 121 ----a-w c:\windows\bdagent.INI
2009-03-30 21:06 . 2009-03-30 21:08 285 ----a-w c:\windows\system32\BDUpdateV1.xml
2009-03-30 15:26 . 2009-03-30 15:26 -------- d-----w c:\windows\system32\LogFiles
2009-03-30 10:42 . 2009-03-30 10:42 56 ---ha-w c:\windows\system32\ezsidmv.dat
2009-03-30 10:42 . 2009-04-22 16:20 -------- d-----w c:\documents and settings\Administrateur\Application Data\skypePM
2009-03-29 21:41 . 2009-04-23 18:54 -------- d-----w c:\documents and settings\Administrateur\Application Data\Skype
2009-03-29 21:39 . 2009-03-29 21:39 -------- d-----w c:\program files\Fichiers communs\Skype
2009-03-29 21:36 . 2009-03-29 21:39 -------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-03-29 21:24 . 2009-03-29 21:29 -------- d-----w c:\program files\Webfetti
2009-03-29 20:42 . 2009-04-06 12:45 -------- d-----w c:\program files\shamila
2009-03-29 20:10 . 2009-03-29 20:10 -------- d-----w c:\program files\AskSearch
2009-03-29 20:10 . 2009-04-06 12:18 -------- d-----w c:\program files\AskBarDis
2009-03-29 19:55 . 2009-03-29 19:56 -------- d-----w c:\documents and settings\Administrateur\Local Settings\Application Data\Easy CD-DA Extractor
2009-03-29 19:54 . 2009-04-17 08:18 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-29 19:52 . 2009-03-29 19:52 -------- d-----w c:\documents and settings\All Users\Application Data\Easy CD-DA Extractor
2009-03-29 19:52 . 2009-03-29 19:52 -------- d-----w c:\windows\Easy CD-DA Extractor 12.0
2009-03-29 19:47 . 2009-03-29 19:53 -------- d-----w c:\program files\convertisseur cd
2009-03-29 19:42 . 2009-03-29 19:42 -------- d-----w c:\documents and settings\Administrateur\Local Settings\Application Data\WMTools Downloaded Files
2009-03-29 18:20 . 2009-03-29 18:20 -------- d-----w c:\documents and settings\Administrateur\Local Settings\Application Data\Identities
2009-03-29 16:50 . 2009-04-05 15:18 1636 ----a-w c:\windows\system32\d3d9caps.dat
2009-03-29 16:13 . 2009-03-29 16:13 -------- d-----w c:\documents and settings\Administrateur\Local Settings\Application Data\Adobe
2009-03-28 20:38 . 2009-04-11 14:11 -------- d-----r c:\program files\skype
2009-03-28 20:38 . 2009-03-29 20:09 -------- d-----w c:\program files\netoyeur PC
2009-03-28 20:27 . 2009-04-01 16:55 -------- d-----w c:\windows\system32\sysstem
2009-03-28 20:27 . 2009-03-29 19:40 -------- d-----w c:\program files\RealPlayer
2009-03-28 19:40 . 2009-03-28 19:40 -------- d-----w c:\program files\VideoLAN
2009-03-28 19:40 . 2009-03-28 19:40 -------- d-----w c:\documents and settings\Administrateur\Application Data\vlc
2009-03-28 19:35 . 2009-03-29 16:43 -------- d-----w c:\program files\Fichiers communs\Adobe
2009-03-28 19:17 . 2009-03-28 19:17 -------- d-----w c:\program files\W.M.P.10
2009-03-28 19:16 . 2009-03-28 19:16 -------- d-----w c:\program files\Flash player
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-10 19:07 . 2009-04-06 21:50 -------- d-----w c:\program files\Easy For You
2009-04-09 11:48 . 2009-04-08 20:10 0 ----a-w C:\fftoutput.txt
2009-04-09 08:08 . 2001-08-24 16:00 72126 ----a-w c:\windows\system32\perfc00C.dat
2009-04-09 08:08 . 2001-08-24 16:00 460986 ----a-w c:\windows\system32\perfh00C.dat
2009-03-27 16:10 . 2009-03-27 15:33 86331 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-27 15:37 . 2009-03-27 15:37 -------- d-----w c:\program files\microsoft frontpage
2009-03-27 15:31 . 2009-03-27 15:31 -------- d-----w c:\program files\Services en ligne
2009-03-27 15:25 . 2009-03-27 15:25 21892 ----a-w c:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-17 15:20 279944 ----a-w c:\program files\AskBarDis\bar\bin\askBar1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
2009-03-13 22:18 165616 ----a-w c:\program files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar1.dll" [2008-07-17 279944]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\yt.dll" [2009-03-13 908528]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CLASSES_ROOT\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}]
[HKEY_CLASSES_ROOT\yt.YToolbarBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YToolbarBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar1.dll" [2008-07-17 279944]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\yt.dll" [2009-03-13 908528]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CLASSES_ROOT\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}]
[HKEY_CLASSES_ROOT\yt.YToolbarBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YToolbarBand]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"CTFMON"="c:\windows\system32\wscript.exe" [2004-08-03 114688]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"FixCamera"="c:\windows\FixCamera.exe" [2007-07-11 20480]
"tsnp2std"="c:\windows\tsnp2std.exe" [2007-05-12 270336]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"CorelDRAW Graphics Suite 11b"="c:\program files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 729088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drwtsn32.exe]
"Debugger"=c:\windows\system32\wscript.exe /E:vbs c:\windows\system32\winjpg.jpg
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dwwin.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\skype\\Phone\\Skype.exe"=
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-04-06 23064]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-03-11 210216]
S2 YahooAUService;Yahoo! Updater;c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S3 es1969;Pilote audio ESS Solo (WDM);c:\windows\system32\drivers\es1969.sys [2001-08-17 72192]
S3 slnt;Silan SC92031 PCI Fast Ethernet Adapter;c:\windows\system32\DRIVERS\slnt.sys [2003-11-20 18004]
--- Other Services/Drivers In Memory ---
*Deregistered* - ALG
*Deregistered* - aswUpdSv
*Deregistered* - AudioSrv
*Deregistered* - avast! Antivirus
*Deregistered* - avast! Mail Scanner
*Deregistered* - avast! Web Scanner
*Deregistered* - Browser
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - helpsvc
*Deregistered* - HidServ
*Deregistered* - hpqcxs08
*Deregistered* - hpqddsvc
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - McAfee SiteAdvisor Service
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - PartMgr
*Deregistered* - ParVdm
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - ProtexisLicensing
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RemoteRegistry
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - UMWdf
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
*Deregistered* - YahooAUService
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02d33850-2b0f-11de-9775-00e020c42d14}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25484c72-1e2c-11de-970f-00e020c42d14}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25484c95-1e2c-11de-970f-00e020c42d14}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1c8e6db-2c3d-11de-977b-00e020c42d14}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2009-04-22 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\netoyeur PC\Glary Utilities\initialize.exe [2009-03-29 07:49]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
HKLM-Run-regdiit - c:\windows\system32\win.exe
HKLM-Run-QuickTime Task - c:\program files\QuickTime\QTTask.exe
SSODL-CDBurn-{fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll
SSODL-WebCheck-{E6FB5E20-DE35-11CF-9C87-00AA005127ED} - %SystemRoot%\system32\webcheck.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://fr.yahoo.com
mStart Page = hxxp://fr.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://fr.search.yahoo.com/search?fr=mcafee&p=%s
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKman000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: http\[u]0/ux00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FICHIE~1\System\OLEDB~1\MSDAIPP.DLL
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FICHIE~1\System\OLEDB~1\MSDAIPP.DLL
Handler: https\[u]0/ux00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FICHIE~1\System\OLEDB~1\MSDAIPP.DLL
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FICHIE~1\System\OLEDB~1\MSDAIPP.DLL
Handler: ipp\[u]0/ux00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FICHIE~1\System\OLEDB~1\MSDAIPP.DLL
Handler: msdaipp\[u]0/ux00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FICHIE~1\System\OLEDB~1\MSDAIPP.DLL
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FICHIE~1\System\OLEDB~1\MSDAIPP.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\FICHIE~1\Skype\SKYPE4~1.DLL
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - c:\windows\system32\msvidctl.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-23 21:39
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1812)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\PSIService.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\system32\calc.exe
.
**************************************************************************
.
Completion time: 2009-04-23 21:51 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-23 19:50
Pre-Run: 2 933 633 024 octets libres
Post-Run: 3 541 315 584 octets libres
465
merci infinément de ton aide
tu es trés gentille et je te serai vraiment trés reconnaissant
voici le rapport que combofix m'a donné.
ComboFix 09-04-23.A3 - Administrateur 23/04/2009 21:18.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1256.20.1036.18.127.33 [GMT 2:00]
Running from: c:\program files\combofix\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090423-0] *On-access scanning disabled* (Updated)
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
c:\documents and settings\Administrateur\Application Data\addons.dat
c:\program files\FunWebProducts
c:\program files\FunWebProducts\ScreenSaver\Images\[u]0/u00B5276.urr
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.html
c:\program files\Internet Explorer\msimg32.dll
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\[u]0/u003A95D
c:\program files\MyWebSearch\bar\Cache\[u]0/u00497FC
c:\program files\MyWebSearch\bar\Cache\[u]0/u013031D
c:\program files\MyWebSearch\bar\Cache\[u]0/u09C9C4C.bin
c:\program files\MyWebSearch\bar\Cache\[u]0/u0FE9E20.bin
c:\program files\MyWebSearch\bar\Cache\[u]0/u0FEBF4C.bin
c:\program files\MyWebSearch\bar\Cache\[u]0/u0FEC2E5.bin
c:\program files\MyWebSearch\bar\Cache\[u]0/u0FEC516.bin
c:\program files\MyWebSearch\bar\Cache\[u]0/u0FEC73D.bin
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\windows\system32\AutoRun.inf
c:\windows\system32\f3PSSavr.scr
D:\Autorun.inf
F:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService
((((((((((((((((((((((((( Files Created from 2009-05-23 to 2009-4-23 )))))))))))))))))))))))))))))))
.
2009-04-23 19:12 . 2009-04-23 19:13 -------- d-----w c:\program files\combofix
2009-04-23 18:50 . 2009-04-23 18:53 394 ----a-w c:\windows\capture.ini
2009-04-23 18:42 . 2009-04-23 18:42 0 ----a-w c:\windows\CorelDrw.INI
2009-04-23 13:11 . 2009-04-23 18:42 -------- d-----w c:\documents and settings\Administrateur\Application Data\Corel
2009-04-23 13:07 . 2009-04-23 13:07 -------- d-----w c:\documents and settings\All Users\Application Data\Corel
2009-04-23 13:03 . 2009-04-23 18:41 -------- d-----w c:\program files\Fichiers communs\Corel
2009-04-23 13:03 . 2009-04-23 13:11 1140304 ----a-w c:\documents and settings\All Users\Application Data\pswi_preloaded.exe
2009-04-23 12:55 . 2009-04-23 13:11 88 --sh--r c:\windows\system32\4F9EE9CA71.sys
2009-04-23 12:55 . 2009-04-23 18:25 3766 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-04-23 12:52 . 2009-04-23 18:41 -------- d-----w c:\program files\Corel
2009-04-22 13:30 . 2009-04-22 16:21 -------- d-----w c:\documents and settings\Administrateur\Application Data\Download Manager
2009-04-22 12:24 . 2009-04-22 12:24 -------- d-----w c:\documents and settings\Administrateur\Application Data\HP
2009-04-19 15:55 . 2009-04-19 15:55 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-04-17 05:17 . 2009-04-18 19:18 -------- d-----w c:\documents and settings\Administrateur\Application Data\U3
2009-04-16 17:51 . 2009-04-16 17:51 -------- d-----w c:\documents and settings\Administrateur\WINDOWS
2009-04-16 17:02 . 2009-04-23 19:06 -------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2009-04-16 17:02 . 2009-04-16 17:02 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\SACore
2009-04-16 17:00 . 2009-04-16 17:00 -------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-04-16 17:00 . 2009-04-16 17:00 -------- d-----w c:\program files\Fichiers communs\McAfee
2009-04-16 16:59 . 2009-04-17 05:09 -------- d-----w c:\program files\McAfee
2009-04-16 16:59 . 2009-04-16 17:00 -------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-04-16 16:58 . 2009-04-19 15:56 -------- d-----w c:\documents and settings\Administrateur\Application Data\Yahoo!
2009-04-16 16:58 . 2009-04-19 15:55 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-04-16 16:58 . 2009-04-19 15:55 -------- d-----w c:\program files\Yahoo!
2009-04-16 16:26 . 2009-04-16 16:28 -------- d-----w c:\program files\Fichiers communs\IdiomaX Uninstall
2009-04-16 16:26 . 2009-04-16 16:28 -------- d-----w c:\program files\Fichiers communs\IdiomaX Shared
2009-04-16 16:26 . 2009-04-16 16:26 -------- d-----w c:\program files\IdiomaX
2009-04-16 16:10 . 2009-04-16 16:23 -------- d-----w c:\program files\traducteur
2009-04-13 14:44 . 2007-05-12 09:19 270336 ----a-w c:\windows\tsnp2std.exe
2009-04-13 14:44 . 2007-05-10 14:58 344064 ----a-w c:\windows\vsnp2std.exe
2009-04-13 14:44 . 2004-12-09 15:23 13022 ----a-w c:\windows\snp2std.src
2009-04-13 14:44 . 2004-12-09 15:23 15497 ----a-w c:\windows\snp2std.ini
2009-04-13 14:44 . 2007-01-25 16:48 25472 ----a-w c:\windows\system32\drivers\sncamd.sys
2009-04-13 14:44 . 2007-08-31 14:03 12212864 ----a-w c:\windows\system32\drivers\snp2sxp.sys
2009-04-13 14:43 . 2007-05-31 08:28 73728 ----a-w c:\windows\system32\vsnp2std.dll
2009-04-13 14:43 . 2007-02-05 13:25 151552 ----a-w c:\windows\system32\rsnp2std.dll
2009-04-13 14:43 . 2006-11-16 13:57 77824 ----a-w c:\windows\system32\csnp2std.dll
2009-04-13 14:43 . 2009-04-13 14:44 -------- d-----w c:\program files\Fichiers communs\snp2std
2009-04-13 14:43 . 2009-04-13 14:43 -------- d-----w c:\documents and settings\Administrateur\Application Data\InstallShield
2009-04-08 20:04 . 2009-04-08 20:04 -------- d-----w c:\documents and settings\Administrateur\Application Data\Screaming Bee
2009-04-08 19:28 . 2009-04-08 19:28 -------- d-----w c:\program files\Screaming Bee
2009-04-08 19:09 . 2009-04-08 19:09 -------- d-----w c:\program files\architecte
2009-04-08 18:25 . 2009-04-08 18:27 -------- d-----w c:\program files\son
2009-04-06 21:52 . 2009-04-10 19:07 -------- d-----w c:\temp\easytext
2009-04-06 21:52 . 2009-04-10 19:06 -------- d-----w C:\temp
2009-04-06 11:27 . 2009-04-06 11:27 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-04-06 11:26 . 2009-04-06 11:26 -------- d-----w c:\documents and settings\Administrateur\Local Settings\Application Data\Apple
2009-04-06 11:26 . 2009-04-06 11:26 -------- d-----w c:\program files\Apple Software Update
2009-04-06 11:26 . 2009-04-06 11:26 -------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-04-06 11:25 . 2009-04-06 11:25 -------- d-----w c:\documents and settings\Administrateur\Local Settings\Application Data\Apple Computer
2009-04-06 11:19 . 2009-04-06 11:19 23064 ----a-w c:\windows\system32\drivers\ScreamingBAudio.sys
2009-04-06 06:40 . 2009-04-06 06:40 -------- d-----w c:\documents and settings\All Users\Application Data\WEBREG
2009-04-06 06:34 . 2009-04-06 06:34 -------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-04-06 06:33 . 2007-03-30 15:11 267864 ----a-r c:\windows\system32\hpzids01.dll
2009-04-06 06:32 . 2007-03-28 12:01 117760 ----a-w c:\windows\system32\hpzll5ha.dll
2009-04-06 06:18 . 2009-04-06 06:18 -------- d-----w c:\documents and settings\All Users\Application Data\HPSSUPPLY
2009-04-06 06:15 . 2009-04-06 06:15 -------- d-----w c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-04-06 06:15 . 2009-04-06 06:19 -------- d-----w c:\documents and settings\All Users\Application Data\HP
2009-04-06 06:12 . 2009-04-06 06:12 -------- d-----w c:\program files\Fichiers communs\HP
2009-04-06 06:09 . 2009-04-06 06:09 -------- dc----w c:\windows\system32\DRVSTORE
2009-04-06 06:08 . 2009-04-06 06:18 -------- d-----w c:\program files\HP
2009-04-06 06:03 . 2009-04-06 06:37 152429 ----a-w c:\windows\HPHins15.dat
2009-04-06 06:03 . 2007-08-28 06:45 2828 ------w c:\windows\hphmdl15.dat
2009-04-05 13:58 . 2009-04-06 11:33 -------- d-----w c:\program files\quick time
2009-04-04 21:04 . 2009-04-04 21:04 -------- d-----w c:\program files\Microsoft Works
2009-04-04 21:02 . 2009-04-04 21:02 -------- d-----w c:\program files\MSBuild
2009-04-04 20:07 . 2009-04-04 20:58 -------- d-----w c:\windows\SHELLNEW
2009-04-04 19:52 . 2009-04-04 19:52 -------- d--h--r C:\MSOCache
2009-04-04 19:20 . 2009-04-04 20:20 -------- d-----w c:\program files\office
2009-04-03 18:44 . 2009-04-03 18:44 -------- d-----w c:\documents and settings\Administrateur\Local Settings\Application Data\Microsoft Help
2009-04-03 18:41 . 2009-04-04 21:14 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-03 18:39 . 2009-04-04 19:43 -------- d-----w c:\program files\MSECache
2009-04-02 21:50 . 2009-04-02 21:50 45 ---h--w c:\windows\dsez7291.dat
2009-04-02 21:09 . 2007-07-11 14:09 20480 ----a-w c:\windows\FixCamera.exe
2009-04-02 21:09 . 2007-07-20 13:38 81920 ----a-w c:\windows\amcap.exe
2009-04-02 16:51 . 2009-04-10 16:10 -------- d-----w c:\program files\ttt image
2009-04-02 12:33 . 2001-08-24 16:00 66594 -c--a-w c:\windows\system32\dllcache\c_858.nls
2009-04-02 12:33 . 2001-08-24 16:00 66594 ----a-w c:\windows\system32\c_858.nls
2009-04-02 12:33 . 2001-08-24 16:00 66082 -c--a-w c:\windows\system32\dllcache\c_20924.nls
2009-04-02 12:33 . 2001-08-24 16:00 66082 -c--a-w c:\windows\system32\dllcache\c_20423.nls
2009-04-02 12:33 . 2001-08-24 16:00 66082 ----a-w c:\windows\system32\c_20924.nls
2009-04-02 12:33 . 2001-08-24 16:00 66082 ----a-w c:\windows\system32\c_20423.nls
2009-04-02 12:33 . 2001-08-24 16:00 66082 -c--a-w c:\windows\system32\dllcache\c_870.nls
2009-04-02 12:33 . 2001-08-24 16:00 66082 ----a-w c:\windows\system32\c_870.nls
2009-04-02 12:33 . 2001-08-24 16:00 66082 -c--a-w c:\windows\system32\dllcache\c_20269.nls
2009-04-02 12:33 . 2001-08-24 16:00 66082 ----a-w c:\windows\system32\c_20269.nls
2009-04-02 12:29 . 2009-04-02 12:29 -------- d-----w c:\documents and settings\Administrateur\Application Data\shamela
2009-04-02 12:27 . 2009-01-03 09:59 32768 ----a-w c:\windows\system32\sUpdate1.dll
2009-04-02 12:27 . 1998-12-24 10:23 40960 ----a-w c:\windows\system32\vbame.dll
2009-04-02 12:27 . 1997-04-21 22:00 70400 ----a-w c:\windows\system32\vba332me.dll
2009-04-02 12:27 . 1999-09-28 19:42 1050896 ----a-w c:\windows\system32\msjet35.dll
2009-04-02 10:37 . 2004-08-03 21:01 25856 -c--a-w c:\windows\system32\dllcache\usbprint.sys
2009-04-02 10:37 . 2004-08-03 21:01 25856 ----a-w c:\windows\system32\drivers\usbprint.sys
2009-03-31 19:54 . 2004-08-03 21:08 26496 -c--a-w c:\windows\system32\dllcache\usbstor.sys
2009-03-31 12:34 . 2009-03-31 13:07 -------- d-----w c:\program files\Alwil Software
2009-03-30 22:05 . 2009-03-31 11:56 121 ----a-w c:\windows\bdagent.INI
2009-03-30 21:06 . 2009-03-30 21:08 285 ----a-w c:\windows\system32\BDUpdateV1.xml
2009-03-30 15:26 . 2009-03-30 15:26 -------- d-----w c:\windows\system32\LogFiles
2009-03-30 10:42 . 2009-03-30 10:42 56 ---ha-w c:\windows\system32\ezsidmv.dat
2009-03-30 10:42 . 2009-04-22 16:20 -------- d-----w c:\documents and settings\Administrateur\Application Data\skypePM
2009-03-29 21:41 . 2009-04-23 18:54 -------- d-----w c:\documents and settings\Administrateur\Application Data\Skype
2009-03-29 21:39 . 2009-03-29 21:39 -------- d-----w c:\program files\Fichiers communs\Skype
2009-03-29 21:36 . 2009-03-29 21:39 -------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-03-29 21:24 . 2009-03-29 21:29 -------- d-----w c:\program files\Webfetti
2009-03-29 20:42 . 2009-04-06 12:45 -------- d-----w c:\program files\shamila
2009-03-29 20:10 . 2009-03-29 20:10 -------- d-----w c:\program files\AskSearch
2009-03-29 20:10 . 2009-04-06 12:18 -------- d-----w c:\program files\AskBarDis
2009-03-29 19:55 . 2009-03-29 19:56 -------- d-----w c:\documents and settings\Administrateur\Local Settings\Application Data\Easy CD-DA Extractor
2009-03-29 19:54 . 2009-04-17 08:18 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-29 19:52 . 2009-03-29 19:52 -------- d-----w c:\documents and settings\All Users\Application Data\Easy CD-DA Extractor
2009-03-29 19:52 . 2009-03-29 19:52 -------- d-----w c:\windows\Easy CD-DA Extractor 12.0
2009-03-29 19:47 . 2009-03-29 19:53 -------- d-----w c:\program files\convertisseur cd
2009-03-29 19:42 . 2009-03-29 19:42 -------- d-----w c:\documents and settings\Administrateur\Local Settings\Application Data\WMTools Downloaded Files
2009-03-29 18:20 . 2009-03-29 18:20 -------- d-----w c:\documents and settings\Administrateur\Local Settings\Application Data\Identities
2009-03-29 16:50 . 2009-04-05 15:18 1636 ----a-w c:\windows\system32\d3d9caps.dat
2009-03-29 16:13 . 2009-03-29 16:13 -------- d-----w c:\documents and settings\Administrateur\Local Settings\Application Data\Adobe
2009-03-28 20:38 . 2009-04-11 14:11 -------- d-----r c:\program files\skype
2009-03-28 20:38 . 2009-03-29 20:09 -------- d-----w c:\program files\netoyeur PC
2009-03-28 20:27 . 2009-04-01 16:55 -------- d-----w c:\windows\system32\sysstem
2009-03-28 20:27 . 2009-03-29 19:40 -------- d-----w c:\program files\RealPlayer
2009-03-28 19:40 . 2009-03-28 19:40 -------- d-----w c:\program files\VideoLAN
2009-03-28 19:40 . 2009-03-28 19:40 -------- d-----w c:\documents and settings\Administrateur\Application Data\vlc
2009-03-28 19:35 . 2009-03-29 16:43 -------- d-----w c:\program files\Fichiers communs\Adobe
2009-03-28 19:17 . 2009-03-28 19:17 -------- d-----w c:\program files\W.M.P.10
2009-03-28 19:16 . 2009-03-28 19:16 -------- d-----w c:\program files\Flash player
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-10 19:07 . 2009-04-06 21:50 -------- d-----w c:\program files\Easy For You
2009-04-09 11:48 . 2009-04-08 20:10 0 ----a-w C:\fftoutput.txt
2009-04-09 08:08 . 2001-08-24 16:00 72126 ----a-w c:\windows\system32\perfc00C.dat
2009-04-09 08:08 . 2001-08-24 16:00 460986 ----a-w c:\windows\system32\perfh00C.dat
2009-03-27 16:10 . 2009-03-27 15:33 86331 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-27 15:37 . 2009-03-27 15:37 -------- d-----w c:\program files\microsoft frontpage
2009-03-27 15:31 . 2009-03-27 15:31 -------- d-----w c:\program files\Services en ligne
2009-03-27 15:25 . 2009-03-27 15:25 21892 ----a-w c:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-17 15:20 279944 ----a-w c:\program files\AskBarDis\bar\bin\askBar1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
2009-03-13 22:18 165616 ----a-w c:\program files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar1.dll" [2008-07-17 279944]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\yt.dll" [2009-03-13 908528]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CLASSES_ROOT\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}]
[HKEY_CLASSES_ROOT\yt.YToolbarBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YToolbarBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar1.dll" [2008-07-17 279944]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\yt.dll" [2009-03-13 908528]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CLASSES_ROOT\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}]
[HKEY_CLASSES_ROOT\yt.YToolbarBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YToolbarBand]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"CTFMON"="c:\windows\system32\wscript.exe" [2004-08-03 114688]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"FixCamera"="c:\windows\FixCamera.exe" [2007-07-11 20480]
"tsnp2std"="c:\windows\tsnp2std.exe" [2007-05-12 270336]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"CorelDRAW Graphics Suite 11b"="c:\program files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 729088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drwtsn32.exe]
"Debugger"=c:\windows\system32\wscript.exe /E:vbs c:\windows\system32\winjpg.jpg
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dwwin.exe]
"Debugger"=c:\windows\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\skype\\Phone\\Skype.exe"=
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-04-06 23064]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-03-11 210216]
S2 YahooAUService;Yahoo! Updater;c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S3 es1969;Pilote audio ESS Solo (WDM);c:\windows\system32\drivers\es1969.sys [2001-08-17 72192]
S3 slnt;Silan SC92031 PCI Fast Ethernet Adapter;c:\windows\system32\DRIVERS\slnt.sys [2003-11-20 18004]
--- Other Services/Drivers In Memory ---
*Deregistered* - ALG
*Deregistered* - aswUpdSv
*Deregistered* - AudioSrv
*Deregistered* - avast! Antivirus
*Deregistered* - avast! Mail Scanner
*Deregistered* - avast! Web Scanner
*Deregistered* - Browser
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - helpsvc
*Deregistered* - HidServ
*Deregistered* - hpqcxs08
*Deregistered* - hpqddsvc
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - McAfee SiteAdvisor Service
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - PartMgr
*Deregistered* - ParVdm
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - ProtexisLicensing
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RemoteRegistry
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - UMWdf
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
*Deregistered* - YahooAUService
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02d33850-2b0f-11de-9775-00e020c42d14}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25484c72-1e2c-11de-970f-00e020c42d14}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25484c95-1e2c-11de-970f-00e020c42d14}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1c8e6db-2c3d-11de-977b-00e020c42d14}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2009-04-22 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\netoyeur PC\Glary Utilities\initialize.exe [2009-03-29 07:49]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
HKLM-Run-regdiit - c:\windows\system32\win.exe
HKLM-Run-QuickTime Task - c:\program files\QuickTime\QTTask.exe
SSODL-CDBurn-{fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll
SSODL-WebCheck-{E6FB5E20-DE35-11CF-9C87-00AA005127ED} - %SystemRoot%\system32\webcheck.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://fr.yahoo.com
mStart Page = hxxp://fr.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://fr.search.yahoo.com/search?fr=mcafee&p=%s
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKman000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: http\[u]0/ux00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FICHIE~1\System\OLEDB~1\MSDAIPP.DLL
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FICHIE~1\System\OLEDB~1\MSDAIPP.DLL
Handler: https\[u]0/ux00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FICHIE~1\System\OLEDB~1\MSDAIPP.DLL
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FICHIE~1\System\OLEDB~1\MSDAIPP.DLL
Handler: ipp\[u]0/ux00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FICHIE~1\System\OLEDB~1\MSDAIPP.DLL
Handler: msdaipp\[u]0/ux00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FICHIE~1\System\OLEDB~1\MSDAIPP.DLL
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FICHIE~1\System\OLEDB~1\MSDAIPP.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\FICHIE~1\Skype\SKYPE4~1.DLL
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - c:\windows\system32\msvidctl.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-23 21:39
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1812)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\PSIService.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\system32\calc.exe
.
**************************************************************************
.
Completion time: 2009-04-23 21:51 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-23 19:50
Pre-Run: 2 933 633 024 octets libres
Post-Run: 3 541 315 584 octets libres
465
ComboFix 09-09-23.02 - mustapha 24/09/2009 13:11.1.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.383.187 [GMT 1:00]
Lancé depuis: c:\documents and settings\mustapha\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 090923-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\mustapha\LOCALS~1\Temp\install_flash_player.exe
c:\documents and settings\mustapha\Application Data\addons.dat
c:\documents and settings\mustapha\Cookies\mustapha@managerzone.bbgames[2].txt
c:\program files\bifrost
c:\program files\bifrost\logg.dat
C:\test.txt
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-08-24 au 2009-09-24 ))))))))))))))))))))))))))))))))))))
.
2009-09-24 11:15 . 2009-09-24 11:15 -------- d-----w- c:\documents and settings\mustapha\Application Data\Leadertech
2009-09-17 11:48 . 2009-09-17 11:48 -------- d-----w- c:\windows\Downloaded Installations
2009-09-17 09:37 . 2009-09-17 09:37 -------- d-----w- c:\program files\CDROM
2009-09-14 19:26 . 2009-09-14 19:26 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-09-14 19:25 . 2009-09-23 09:19 -------- d-----w- c:\documents and settings\mustapha\Application Data\skypePM
2009-09-14 17:57 . 2009-09-23 09:27 -------- d-----w- c:\documents and settings\mustapha\Application Data\Skype
2009-09-14 17:57 . 2009-09-14 17:57 -------- d-----w- c:\program files\Fichiers communs\Skype
2009-09-14 17:57 . 2009-09-14 17:57 -------- d-----r- c:\program files\Skype
2009-09-14 17:57 . 2009-09-14 17:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-09-04 21:01 . 2009-09-17 11:50 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-09-04 20:57 . 2009-09-22 08:27 -------- d-----w- c:\documents and settings\mustapha\Local Settings\Application Data\Adobe
2009-09-03 01:59 . 2004-08-04 04:54 221184 ----a-w- c:\windows\system32\wmpns.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-24 11:39 . 2009-07-11 08:33 -------- d-----w- c:\documents and settings\mustapha\Application Data\Orbit
2009-09-21 16:26 . 2009-07-09 09:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-19 12:39 . 2009-07-09 11:57 69544 ----a-w- c:\documents and settings\mustapha\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-19 08:28 . 2009-07-11 08:33 -------- d-----w- c:\program files\Orbitdownloader
2009-09-16 18:16 . 2009-07-11 17:07 -------- d-----w- c:\documents and settings\mustapha\Application Data\EoRezo
2009-09-14 13:05 . 2009-08-21 23:19 0 ----a-w- c:\documents and settings\mustapha\errorlog.tmp
2009-09-01 14:08 . 2009-08-17 09:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-08-21 23:15 . 2009-08-21 23:16 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-08-21 23:15 . 2009-08-21 23:15 -------- d-----w- c:\program files\Java
2009-08-17 16:10 . 2009-07-09 14:11 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-07-09 14:11 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-07-09 14:11 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-07-09 14:11 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-07-09 14:11 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-07-09 14:11 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-07-09 14:11 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-07-09 14:11 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-07-09 14:11 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-17 09:26 . 2009-07-10 15:51 -------- d-----w- c:\program files\Google
2009-08-16 23:34 . 2009-08-16 23:34 -------- d-----w- c:\program files\Fichiers communs\DirectX
2009-08-15 23:24 . 2009-08-15 23:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2009-08-15 21:44 . 2009-08-15 21:44 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2009-08-14 22:32 . 2009-08-14 15:53 -------- d-----w- c:\program files\vcmm
2009-08-13 15:56 . 2009-08-13 15:56 -------- d-----w- c:\program files\GTA4MODS.com
2009-08-12 19:32 . 2009-08-12 19:32 131 ----a-w- c:\documents and settings\mustapha\Local Settings\Application Data\fusioncache.dat
2009-08-12 19:24 . 2002-09-07 00:00 70216 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-12 19:24 . 2002-09-07 00:00 504540 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-10 10:59 . 2009-08-10 10:59 -------- d-----w- c:\program files\Fichiers communs\xing shared
2009-08-10 10:59 . 2009-07-10 15:55 -------- d-----w- c:\program files\Fichiers communs\Real
2009-08-08 17:34 . 2009-07-31 13:01 -------- d-----w- c:\documents and settings\mustapha\Application Data\U3
2009-07-09 09:04 . 2009-07-09 09:04 21892 ----a-w- c:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-10 39408]
"Google Update"="c:\documents and settings\mustapha\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-07-15 133104]
"c:\program files\CDROM\CDROM.exe"="c:\program files\CDROM\CDROM.exe" [2007-06-13 828928]
"d:\logiciel\super.exe"="d:\logiciel\super.exe" [2007-06-13 828928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"SoftwareHelper"="c:\documents and settings\mustapha\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe" [2008-12-09 368224]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-08-10 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-21 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 63712]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2009-7-11 1719496]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [09/07/2009 15:11 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [09/07/2009 15:11 20560]
S2 gupdate1ca1f1cc18d6cc0;Service Google Update (gupdate1ca1f1cc18d6cc0);c:\program files\Google\Update\GoogleUpdate.exe [17/08/2009 10:26 133104]
.
Contenu du dossier 'Tâches planifiées'
2009-09-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-10 09:18]
2009-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-17 09:25]
2009-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-17 09:25]
2009-09-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1935655697-1957994488-1003Core.job
- c:\documents and settings\mustapha\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-15 22:28]
2009-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1935655697-1957994488-1003UA.job
- c:\documents and settings\mustapha\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-15 22:28]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://y.lo.st
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.cherche.us/keyword/%s
uSearchMigratedDefaultURL = hxxp://google.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.cherche.us/keyword/%s
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: chat-land.org
TCP: {6DB68334-3E1E-487A-BE34-6A7CDC3AF982} = 41.221.20.4 213.140.2.12
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-EoEngine - (no file)
HKLM-Run-EoSudoku - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-24 13:16
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2009-09-24 13:18
ComboFix-quarantined-files.txt 2009-09-24 12:18
Avant-CF: 5 885 886 464 octets libres
Après-CF: 6 470 508 544 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
158
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.383.187 [GMT 1:00]
Lancé depuis: c:\documents and settings\mustapha\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 090923-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\mustapha\LOCALS~1\Temp\install_flash_player.exe
c:\documents and settings\mustapha\Application Data\addons.dat
c:\documents and settings\mustapha\Cookies\mustapha@managerzone.bbgames[2].txt
c:\program files\bifrost
c:\program files\bifrost\logg.dat
C:\test.txt
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-08-24 au 2009-09-24 ))))))))))))))))))))))))))))))))))))
.
2009-09-24 11:15 . 2009-09-24 11:15 -------- d-----w- c:\documents and settings\mustapha\Application Data\Leadertech
2009-09-17 11:48 . 2009-09-17 11:48 -------- d-----w- c:\windows\Downloaded Installations
2009-09-17 09:37 . 2009-09-17 09:37 -------- d-----w- c:\program files\CDROM
2009-09-14 19:26 . 2009-09-14 19:26 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-09-14 19:25 . 2009-09-23 09:19 -------- d-----w- c:\documents and settings\mustapha\Application Data\skypePM
2009-09-14 17:57 . 2009-09-23 09:27 -------- d-----w- c:\documents and settings\mustapha\Application Data\Skype
2009-09-14 17:57 . 2009-09-14 17:57 -------- d-----w- c:\program files\Fichiers communs\Skype
2009-09-14 17:57 . 2009-09-14 17:57 -------- d-----r- c:\program files\Skype
2009-09-14 17:57 . 2009-09-14 17:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-09-04 21:01 . 2009-09-17 11:50 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-09-04 20:57 . 2009-09-22 08:27 -------- d-----w- c:\documents and settings\mustapha\Local Settings\Application Data\Adobe
2009-09-03 01:59 . 2004-08-04 04:54 221184 ----a-w- c:\windows\system32\wmpns.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-24 11:39 . 2009-07-11 08:33 -------- d-----w- c:\documents and settings\mustapha\Application Data\Orbit
2009-09-21 16:26 . 2009-07-09 09:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-19 12:39 . 2009-07-09 11:57 69544 ----a-w- c:\documents and settings\mustapha\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-19 08:28 . 2009-07-11 08:33 -------- d-----w- c:\program files\Orbitdownloader
2009-09-16 18:16 . 2009-07-11 17:07 -------- d-----w- c:\documents and settings\mustapha\Application Data\EoRezo
2009-09-14 13:05 . 2009-08-21 23:19 0 ----a-w- c:\documents and settings\mustapha\errorlog.tmp
2009-09-01 14:08 . 2009-08-17 09:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-08-21 23:15 . 2009-08-21 23:16 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-08-21 23:15 . 2009-08-21 23:15 -------- d-----w- c:\program files\Java
2009-08-17 16:10 . 2009-07-09 14:11 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-07-09 14:11 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-07-09 14:11 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-07-09 14:11 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-07-09 14:11 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-07-09 14:11 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-07-09 14:11 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-07-09 14:11 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-07-09 14:11 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-17 09:26 . 2009-07-10 15:51 -------- d-----w- c:\program files\Google
2009-08-16 23:34 . 2009-08-16 23:34 -------- d-----w- c:\program files\Fichiers communs\DirectX
2009-08-15 23:24 . 2009-08-15 23:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2009-08-15 21:44 . 2009-08-15 21:44 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2009-08-14 22:32 . 2009-08-14 15:53 -------- d-----w- c:\program files\vcmm
2009-08-13 15:56 . 2009-08-13 15:56 -------- d-----w- c:\program files\GTA4MODS.com
2009-08-12 19:32 . 2009-08-12 19:32 131 ----a-w- c:\documents and settings\mustapha\Local Settings\Application Data\fusioncache.dat
2009-08-12 19:24 . 2002-09-07 00:00 70216 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-12 19:24 . 2002-09-07 00:00 504540 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-10 10:59 . 2009-08-10 10:59 -------- d-----w- c:\program files\Fichiers communs\xing shared
2009-08-10 10:59 . 2009-07-10 15:55 -------- d-----w- c:\program files\Fichiers communs\Real
2009-08-08 17:34 . 2009-07-31 13:01 -------- d-----w- c:\documents and settings\mustapha\Application Data\U3
2009-07-09 09:04 . 2009-07-09 09:04 21892 ----a-w- c:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-10 39408]
"Google Update"="c:\documents and settings\mustapha\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-07-15 133104]
"c:\program files\CDROM\CDROM.exe"="c:\program files\CDROM\CDROM.exe" [2007-06-13 828928]
"d:\logiciel\super.exe"="d:\logiciel\super.exe" [2007-06-13 828928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"SoftwareHelper"="c:\documents and settings\mustapha\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe" [2008-12-09 368224]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-08-10 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-21 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 63712]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2009-7-11 1719496]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [09/07/2009 15:11 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [09/07/2009 15:11 20560]
S2 gupdate1ca1f1cc18d6cc0;Service Google Update (gupdate1ca1f1cc18d6cc0);c:\program files\Google\Update\GoogleUpdate.exe [17/08/2009 10:26 133104]
.
Contenu du dossier 'Tâches planifiées'
2009-09-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-10 09:18]
2009-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-17 09:25]
2009-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-17 09:25]
2009-09-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1935655697-1957994488-1003Core.job
- c:\documents and settings\mustapha\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-15 22:28]
2009-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1935655697-1957994488-1003UA.job
- c:\documents and settings\mustapha\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-15 22:28]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://y.lo.st
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.cherche.us/keyword/%s
uSearchMigratedDefaultURL = hxxp://google.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.cherche.us/keyword/%s
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: chat-land.org
TCP: {6DB68334-3E1E-487A-BE34-6A7CDC3AF982} = 41.221.20.4 213.140.2.12
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-EoEngine - (no file)
HKLM-Run-EoSudoku - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-24 13:16
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2009-09-24 13:18
ComboFix-quarantined-files.txt 2009-09-24 12:18
Avant-CF: 5 885 886 464 octets libres
Après-CF: 6 470 508 544 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
158
salwa5
Messages postés
7452
Date d'inscription
jeudi 30 novembre 2006
Statut
Contributeur
Dernière intervention
18 août 2012
1 625
24 avril 2009 à 00:01
24 avril 2009 à 00:01
Normalement l'outil a bien reparer le registre . tu recois tjr le meme message d'erreur?
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
salwa5
Messages postés
7452
Date d'inscription
jeudi 30 novembre 2006
Statut
Contributeur
Dernière intervention
18 août 2012
1 625
23 avril 2009 à 15:42
23 avril 2009 à 15:42
essaye un de ces lien :
--> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
--> https://forospyware.com
--> http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/
--> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
--> https://forospyware.com
--> http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 291
24 avril 2009 à 00:02
24 avril 2009 à 00:02
Bonjour,
Il reste des choses à faire.
--> Télécharge UsbFix (de C_XX & Chiquitine29) sur ton Bureau.
--> Lance l'installation avec les paramètres par défaut.
--> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
--> Double-clique sur le raccourci UsbFix sur ton Bureau.
--> Choisis l'option 1 (Recherche).
--> Laisse travailler l'outil.
--> Poste le rapport UsbFix.txt.
Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Il reste des choses à faire.
--> Télécharge UsbFix (de C_XX & Chiquitine29) sur ton Bureau.
--> Lance l'installation avec les paramètres par défaut.
--> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
--> Double-clique sur le raccourci UsbFix sur ton Bureau.
--> Choisis l'option 1 (Recherche).
--> Laisse travailler l'outil.
--> Poste le rapport UsbFix.txt.
Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
