Probleme virus détécter a chaque démarage(2) - Page 3
Résolu
Précédent
- 1
- 2
- 3
- 4
Suivant
Suivez les invites pour permettre à ComboFix de télécharger et installer la Console de récupération Microsoft Windows, et lorsque cela vous est demandé, acceptez le Contrat de Licence Utilisateur Final pour installer la Console de récupération Microsoft Windows.
Sous XP
https://support.microsoft.com/en-us/help/310994
Sous XP
https://support.microsoft.com/en-us/help/310994
j'ai un petit probléme cela me la fait avant cette analyse et sa m'enpêche de renomer un dossier le rendant inutilisable si renomer ! vloila le message exacte :" Si vous modifiez l'extension d'un fichier, il risque de être inutilisable"
que dois je faire pour pouvoir renomer ?
voila le rapport :
ComboFix 09-05-20.A0 - utilisateur 21/05/2009 9:00.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.959.444 [GMT 2:00]
Lancé depuis: c:\documents and settings\utilisateur\Bureau\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
[i] ADS - system32: deleted 0 bytes in 1 streams. /i
[i] ADS - WINDOWS: deleted 0 bytes in 1 streams. /i
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\utilisateur\Application Data\[u]0/u2000000fc34b8f2598C.manifest
c:\documents and settings\utilisateur\Application Data\[u]0/u2000000fc34b8f2598O.manifest
c:\documents and settings\utilisateur\Application Data\[u]0/u2000000fc34b8f2598P.manifest
c:\documents and settings\utilisateur\Application Data\[u]0/u2000000fc34b8f2598S.manifest
c:\documents and settings\utilisateur\Application Data\ShoppingReport
c:\documents and settings\utilisateur\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\utilisateur\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\utilisateur\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\utilisateur\Local Settings\Application Data\cowss.dat
c:\documents and settings\utilisateur\Local Settings\Application Data\cowss.exe
c:\documents and settings\utilisateur\Local Settings\Application Data\cowss_nav.dat
c:\documents and settings\utilisateur\Local Settings\Application Data\cowss_navps.dat
c:\program files\ShoppingReport
c:\program files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
c:\program files\ShoppingReport\Uninst.exe
c:\windows\GnuHashes.ini
c:\windows\system32\acovcnt.exe
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\SystemService32
c:\windows\system32\SystemService32\141.crack.zip
c:\windows\system32\SystemService32\141.crack.zip.kwd
c:\windows\system32\SystemService32\142.keygen.zip
c:\windows\system32\SystemService32\142.keygen.zip.kwd
c:\windows\system32\SystemService32\143.serial.zip
c:\windows\system32\SystemService32\143.serial.zip.kwd
c:\windows\system32\SystemService32\144.setup.zip
c:\windows\system32\SystemService32\144.setup.zip.kwd
c:\windows\system32\SystemService32\145.music.au
c:\windows\system32\SystemService32\145.music.au.kwd
c:\windows\system32\SystemService32\146.music1.mp3
c:\windows\system32\SystemService32\146.music1.mp3.kwd
c:\windows\system32\SystemService32\147.music2.mp3
c:\windows\system32\SystemService32\147.music2.mp3.kwd
c:\windows\system32\SystemService32\148.music.snd
c:\windows\system32\SystemService32\148.music.snd.kwd
c:\windows\system32\wztmscs.dll
c:\windows\ylgbzt.dll
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-04-21 au 2009-05-21 ))))))))))))))))))))))))))))))))))))
.
2009-05-21 06:21 . 2009-05-21 06:22 -------- dc----w C:\rsit
2009-05-21 06:16 . 2009-05-21 06:16 -------- dc----w c:\windows\LastGood
2009-05-20 21:08 . 2009-05-20 21:09 -------- dc----w c:\program files\QuickTime
2009-05-20 21:08 . 2009-05-20 21:08 -------- dc----w c:\documents and settings\All Users\Application Data\Games-Attack
2009-05-20 21:08 . 2009-05-20 21:08 -------- dc----w c:\documents and settings\utilisateur\Application Data\Dealio
2009-05-20 21:08 . 2009-05-20 21:08 -------- dc----w c:\documents and settings\utilisateur\Application Data\Search Settings
2009-05-20 21:08 . 2009-05-20 21:08 -------- dc----w c:\program files\Search Settings
2009-05-20 19:55 . 2009-05-20 21:08 -------- dc----w c:\documents and settings\utilisateur\Application Data\Dealio(2)
2009-05-20 19:42 . 2009-05-20 21:08 -------- dc----w C:\ToolBar SD
2009-05-20 18:46 . 2009-05-20 21:08 -------- dc----w c:\program files\Navilog1
2009-05-20 17:29 . 2009-05-21 06:21 -------- dc----w c:\program files\trend micro
2009-05-17 14:46 . 2009-05-17 14:46 -------- dc----w c:\documents and settings\utilisateur\Application Data\InstallShield
2009-05-16 18:31 . 2009-05-20 14:20 -------- dc----w c:\documents and settings\utilisateur\Application Data\Clickteam
2009-05-15 21:18 . 2009-05-15 21:18 615 -c--a-w c:\windows\system32\10OEfMAmo5Sw86r.vbs
2009-05-15 21:17 . 2009-05-15 21:17 615 -c--a-w c:\windows\system32\pX2D2tl.vbs
2009-05-15 21:17 . 2009-05-15 21:17 615 -c--a-w c:\windows\system32\VpkUt.vbs
2009-05-15 21:16 . 2009-05-15 21:16 615 -c--a-w c:\windows\system32\av8SE.vbs
2009-05-15 20:53 . 2009-05-15 20:53 59526 -c--a-w c:\windows\system32\pmgthqhvzo.dll-uninst.exe
2009-05-15 20:53 . 2009-05-15 20:53 85660 -c--a-w c:\windows\system32\195be703-5f42-3c36-cdc4-4d8fe18c3746.exe
2009-05-15 19:46 . 2009-05-15 21:19 -------- dc----w c:\documents and settings\utilisateur\Application Data\LimeWire
2009-05-15 19:45 . 2009-05-15 19:46 -------- dc----w c:\program files\LimeWire
2009-05-15 17:53 . 2009-05-15 17:53 -------- dc----w c:\documents and settings\utilisateur\Application Data\Ulead Systems
2009-05-15 17:50 . 2007-03-27 17:56 210456 -c--a-w c:\windows\system32\IVIresizeW7.dll
2009-05-15 17:50 . 2007-03-27 17:56 194072 -c--a-w c:\windows\system32\IVIresizePX.dll
2009-05-15 17:50 . 2007-03-27 17:56 198168 -c--a-w c:\windows\system32\IVIresizeM6.dll
2009-05-15 17:50 . 2007-03-27 17:56 198168 -c--a-w c:\windows\system32\IVIresizeP6.dll
2009-05-15 17:50 . 2007-03-27 17:56 206360 -c--a-w c:\windows\system32\IVIresizeA6.dll
2009-05-15 17:50 . 2007-03-27 17:56 26136 -c--a-w c:\windows\system32\IVIresize.dll
2009-05-15 17:48 . 2009-05-15 18:01 -------- dc----w c:\documents and settings\All Users\Application Data\Ulead Systems
2009-05-15 17:39 . 2009-05-15 17:39 -------- dc----w c:\program files\Fichiers communs\InterVideo
2009-05-15 17:38 . 2009-05-15 17:38 -------- dc----w c:\program files\Windows Media Components
2009-05-15 16:49 . 2009-05-15 16:59 -------- dc----w c:\program files\SoftChris
2009-05-15 16:11 . 2009-05-15 16:11 -------- dc----w c:\documents and settings\utilisateur\Application Data\Netscape
2009-05-15 16:11 . 2009-05-15 16:11 -------- dc----w c:\program files\Photodex
2009-05-15 16:10 . 2009-05-15 16:10 -------- dc----w c:\documents and settings\utilisateur\Application Data\Photodex
2009-05-14 15:50 . 2009-05-14 15:50 -------- dc----w c:\documents and settings\utilisateur\Local Settings\Application Data\HP
2009-05-14 15:18 . 2009-05-14 15:18 572928 -c--a-w c:\windows\system32\pmgthqhvzo.dll
2009-05-07 16:34 . 2009-05-07 16:34 -------- dc----w c:\documents and settings\utilisateur\Application Data\Sony Corporation
2009-05-07 16:29 . 2009-05-07 16:29 -------- dc----w c:\windows\Logs
2009-05-07 16:23 . 2009-05-07 16:23 -------- dc----w c:\documents and settings\All Users\Application Data\Sony Corporation
2009-04-29 20:12 . 2009-04-29 20:12 -------- dc----w c:\documents and settings\utilisateur\Application Data\Inkscape
2009-04-29 14:09 . 2009-04-29 14:09 684544 -c--a-w c:\windows\system32\nso1BC.dll
2009-04-28 14:16 . 2009-04-28 14:30 -------- dc----w c:\program files\Pinnacle
2009-04-28 14:14 . 2009-04-28 14:14 -------- dc----w c:\documents and settings\All Users\Application Data\Pinnacle
2009-04-28 14:13 . 2009-04-28 14:13 -------- dc----w c:\documents and settings\utilisateur\Local Settings\Application Data\Downloaded Installations
2009-04-25 17:02 . 2009-04-25 17:02 -------- dc----w c:\program files\iPod
2009-04-25 17:02 . 2009-04-25 17:03 -------- dc----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-25 17:02 . 2009-04-25 17:03 -------- dc----w c:\program files\iTunes
2009-04-25 16:32 . 2009-04-25 16:32 -------- dc-h--w c:\windows\PIF
2009-04-25 09:30 . 2009-05-20 20:35 -------- dc----w c:\documents and settings\utilisateur\Application Data\HPAppData
2009-04-25 09:29 . 2008-04-16 04:05 16496 -c--a-r c:\windows\system32\drivers\HPZipr12.sys
2009-04-25 09:29 . 2008-04-16 04:05 49920 -c--a-r c:\windows\system32\drivers\HPZid412.sys
2009-04-25 09:29 . 2008-04-16 04:05 21568 -c--a-r c:\windows\system32\drivers\HPZius12.sys
2009-04-25 09:28 . 2008-04-13 17:45 15104 -c--a-w c:\windows\system32\dllcache\usbscan.sys
2009-04-25 09:28 . 2008-04-13 17:45 15104 -c--a-w c:\windows\system32\drivers\usbscan.sys
2009-04-25 09:26 . 2009-04-25 09:26 -------- dc----w c:\documents and settings\All Users\Application Data\WEBREG
2009-04-25 09:24 . 2009-04-25 09:27 -------- dc----w c:\documents and settings\utilisateur\Application Data\HP
2009-04-25 09:15 . 2008-06-06 18:49 118272 -c--a-w c:\windows\system32\hpz3l692.dll
2009-04-25 09:15 . 2008-04-16 04:05 271704 -c--a-r c:\windows\system32\hpzids01.dll
2009-04-25 09:14 . 2008-04-16 04:05 309760 -c--a-r c:\windows\system32\difxapi.dll
2009-04-25 09:14 . 2008-04-16 04:05 372736 -c--a-r c:\windows\system32\hppldcoi.dll
2009-04-25 09:14 . 2008-02-28 10:08 303104 -c--a-r c:\windows\system32\hposc_p01a.dll
2009-04-25 09:14 . 2008-04-16 04:05 974848 -c--a-r c:\windows\system32\hpost_p01a.dll
2009-04-25 09:14 . 2008-04-16 04:05 729088 -c--a-r c:\windows\system32\hposwia_p01a.dll
2009-04-25 09:14 . 2001-08-23 15:20 6912 -c--a-w c:\windows\system32\dllcache\serscan.sys
2009-04-25 09:14 . 2001-08-23 15:20 6912 -c--a-w c:\windows\system32\drivers\serscan.sys
2009-04-25 09:01 . 2009-04-25 09:03 -------- dc----w c:\documents and settings\All Users\Application Data\HP
2009-04-25 09:01 . 2009-04-25 09:01 -------- dc----w c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-04-25 09:01 . 2009-04-25 09:01 -------- dc----w c:\program files\Hewlett-Packard
2009-04-25 09:00 . 2009-04-25 09:00 -------- dc----w c:\program files\Fichiers communs\HP
2009-04-25 08:55 . 2009-04-25 09:39 188511 -c--a-w c:\windows\hpoins30.dat
2009-04-25 08:55 . 2008-06-18 06:22 844 -c----w c:\windows\hpomdl30.dat
2009-04-25 08:35 . 2009-04-25 08:35 -------- dc----w c:\program files\Fichiers communs\Hewlett-Packard
2009-04-25 08:33 . 2008-04-13 17:47 25856 -c--a-w c:\windows\system32\dllcache\usbprint.sys
2009-04-25 08:33 . 2008-04-13 17:47 25856 -c--a-w c:\windows\system32\drivers\usbprint.sys
2009-04-25 08:31 . 2009-04-26 19:48 -------- dc----w c:\program files\HP
2009-04-24 17:40 . 2009-04-24 17:40 -------- dc----w c:\program files\IVCsoft
2009-04-24 17:31 . 2009-04-24 17:31 -------- dc----w c:\program files\FLV Player
2009-04-23 13:04 . 2008-04-14 02:33 221184 -c--a-w c:\windows\system32\wmpns.dll
2009-04-23 12:14 . 2009-04-23 12:15 -------- dc----w c:\documents and settings\utilisateur\dwhelper
2009-04-23 11:23 . 2009-04-23 11:23 -------- dc----w c:\program files\Dealio Toolbar
2009-04-23 11:23 . 2005-02-24 10:51 348160 -c--a-w c:\windows\system32\WMAFile.dll
2009-04-23 11:23 . 2005-02-24 11:11 1212416 -c--a-w c:\windows\system32\AudioInfos.dll
2009-04-23 11:23 . 2005-03-11 16:37 1986560 -c--a-w c:\windows\system32\AudFile.dll
2009-04-23 11:23 . 1998-07-12 20:00 15360 -c--a-w c:\windows\system32\inetfr.DLL
2009-04-23 11:23 . 2003-01-26 10:41 40960 -c--a-w c:\windows\system32\SSubTmr6.dll
2009-04-23 11:23 . 1999-03-25 16:00 101888 -c--a-w c:\windows\system32\VB6STKIT.DLL
2009-04-23 11:23 . 1998-07-12 20:00 141312 -c--a-w c:\windows\system32\MSCMCFR.DLL
2009-04-23 11:22 . 1998-07-12 16:00 32768 -c--a-w c:\windows\system32\CMDLGFR.DLL
2009-04-23 11:22 . 2003-04-18 13:29 44544 -c--a-w c:\windows\system32\msxml4a.dll
2009-04-23 11:22 . 2009-05-04 16:26 -------- dc----w c:\program files\Free Easy Burner
2009-04-23 11:03 . 2009-04-23 11:08 -------- dc----w c:\documents and settings\utilisateur\Application Data\DeepBurner
2009-04-23 11:02 . 2009-05-04 16:27 -------- dc----w c:\program files\Astonsoft
2009-04-23 07:08 . 2009-04-23 07:11 -------- dc----w c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-20 14:25 . 2007-05-31 12:27 -------- dc----w c:\program files\Google
2009-05-20 14:25 . 2009-03-18 20:58 -------- dc----w c:\program files\Buzoot
2009-05-20 14:23 . 2008-02-07 18:25 -------- dc----w c:\program files\Fichiers communs\Apple
2009-05-20 14:22 . 2007-05-31 16:53 -------- dc----w c:\program files\Fichiers communs\Adobe
2009-05-20 14:20 . 2007-08-27 11:59 -------- dc----w c:\program files\EA GAMES
2009-05-19 16:45 . 2009-01-02 19:53 11952 -c--a-w c:\windows\system32\avgrsstx.dll
2009-05-19 16:45 . 2009-01-02 19:53 325896 -c--a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-19 16:45 . 2009-01-02 19:53 108552 -c--a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-18 07:36 . 2007-05-28 16:37 -------- dc-h--w c:\program files\InstallShield Installation Information
2009-05-17 14:44 . 2009-01-06 18:38 -------- dc----w c:\program files\Yahoo!
2009-05-17 13:58 . 2009-03-13 16:32 -------- dc----w c:\program files\ALFANO_VUE
2009-05-15 21:21 . 2009-05-15 21:21 108 -c--a-w c:\documents and settings\utilisateur\udpcrawl.tmp
2009-05-15 21:16 . 2009-05-15 21:16 374272 -csha-w c:\windows\system32\1D5.tmp
2009-05-15 18:11 . 2007-05-29 11:45 106672 -c--a-w c:\documents and settings\utilisateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-11 18:56 . 2008-12-20 15:37 -------- dc----w c:\program files\Windows Live
2009-05-03 16:18 . 2008-12-21 15:02 -------- dc----w c:\program files\eMule
2009-04-30 17:12 . 2009-03-05 11:38 -------- dc----w c:\program files\AVS4YOU
2009-04-28 14:13 . 2006-03-02 12:00 71248 ----a-w c:\windows\system32\perfc00C.dat
2009-04-28 14:13 . 2006-03-02 12:00 458230 ----a-w c:\windows\system32\perfh00C.dat
2009-04-23 11:35 . 2009-01-01 12:54 -------- dc----w c:\program files\peer2Peer-FR2
2009-04-20 15:12 . 2009-04-20 15:12 -------- dc----w c:\program files\AIST
2009-04-03 19:47 . 2009-01-01 13:34 -------- dc----w c:\program files\Java
2009-03-29 15:42 . 2008-12-20 18:08 -------- dc----w c:\program files\Bonjour
2009-03-19 14:32 . 2006-09-19 13:44 23400 -c--a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-18 17:55 . 2009-03-18 17:55 9728 -c--a-w c:\windows\system32\Rnaph.dll
2009-03-13 16:20 . 2005-06-17 10:20 119424 -c--a-w c:\windows\system32\drivers\ser2pl.sys
2009-03-09 03:19 . 2009-01-02 09:22 410984 -c--a-w c:\windows\system32\deploytk.dll
2009-03-06 14:20 . 2006-03-02 12:00 286720 -c--a-w c:\windows\system32\pdh.dll
2009-03-03 00:13 . 2006-03-02 12:00 826368 -c--a-w c:\windows\system32\wininet.dll
2009-02-21 16:27 . 2007-07-30 10:01 107888 -c--a-w c:\windows\system32\CmdLineExt.dll
2009-02-20 17:10 . 2006-03-02 12:00 78336 -c--a-w c:\windows\system32\ieencode.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}]
2009-04-09 18:09 688128 -c--a-w c:\program files\Dealio Toolbar\DealioToolbarIE.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0A57C47A-B5EA-4658-BD7C-ACD7C83B68F9}]
2009-05-14 15:18 572928 -c--a-w c:\windows\system32\pmgthqhvzo.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9f23e207-7e05-4ee2-a90e-50cf3ae9b03f}]
2009-04-23 11:36 1883672 -c--a-w c:\program files\peer2Peer-FR2\tbpee1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a6fc3506-df1e-46ea-1a21-760a0c4cce66}]
2009-04-29 14:09 684544 -c--a-w c:\windows\system32\nso1BC.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cd36797a-70f3-4acd-8825-623d3b896881}]
2007-09-06 10:28 1453080 ----a-w c:\program files\securedie\tbsecu.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7561216]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-27 86016]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2006-05-30 811008]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-08-23 110592]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-05-16 53248]
"RemoteControl"="c:\program files\ASUSTek\ASUSDVD\PDVDServ.exe" [2003-10-31 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SoftwareHelper"="c:\documents and settings\utilisateur\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe" [2008-12-09 368224]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-19 1947928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2009-04-09 970240]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-04-27 1519616]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-06-13 16239616]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-8-8 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-19 16:45 11952 -c--a-w c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Maxis\\SimCity 3000 World Edition\\Apps\\Updater\\UPDATER.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"427:UDP"= 427:UDP:SLP_Port(427)
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [02/01/2009 21:53 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [02/01/2009 21:53 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [02/01/2009 21:52 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [08/02/2009 11:21 298776]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\system32\StkSrv.exe [28/05/2007 18:06 24576]
R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\ATK0100\ASNDIS5.sys [28/05/2004 10:13 16269]
R3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\drivers\fbxusb32.sys [18/12/2008 18:53 21344]
R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;c:\windows\system32\drivers\SynMini.sys [28/05/2007 22:40 841110]
R3 SynScan;ASUS WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [28/05/2007 22:41 8278]
S2 ShellHWDetection_Untrusted_BZ;Détection matériel noyau_Untrusted_BZ;c:\virtual\Untrusted\C_\WINDOWS\System32\svchost.exe -k netsvcs [02/03/2006 14:00 14336]
S2 StiSvc_Untrusted_BZ;Acquisition d'image Windows (WIA)_Untrusted_BZ;c:\virtual\Untrusted\C_\WINDOWS\system32\svchost.exe -k imgsvc [02/03/2006 14:00 14336]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [11/07/2007 16:38 20608]
S3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\drivers\StkCMini.sys [28/05/2007 18:06 669568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenu du dossier 'Tâches planifiées'
2009-04-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2009-05-16 c:\windows\Tasks\WebReg HP Photosmart C4500 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2008-03-25 18:42]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-cowss - c:\documents and settings\utilisateur\local settings\application data\cowss.exe
HKLM-Run-EoEngine - (no file)
Notify-944c3eee598 - c:\windows\System32\drmclien32.dll
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.cooxer.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.cooxer.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} -
TCP: {51581F91-207D-484E-9382-5030461B8309} = 192.168.0.1
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\documents and settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\5j2sn4je.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2265575&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2265575&SearchSource=13
FF - component: c:\documents and settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\5j2sn4je.default\extensions\{0b46ab23-2b13-44a5-b3ad-f5c4bfd55028}\components\FFExternalAlert.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\components\DealioToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: google.toolbar.linkdoctor.enabled - false
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-21 09:02
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1801674531-2147110713-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:cc,5b,6e,9d,cc,77,d0,66,7f,b0,f1,ac,1c,fe,40,f2,6e,63,bb,93,81,41,0d,
1b,ac,03,3e,5d,3e,46,e1,97,d0,7e,53,de,12,c8,53,a2,0a,e6,a5,b6,af,db,98,5b,\
"??"=hex:bd,cb,13,55,eb,04,57,f5,09,f0,02,e9,91,71,7c,c7
[HKEY_USERS\S-1-5-21-1801674531-2147110713-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:76,34,a2,af,76,65,2c,1d,81,f3,a8,87,7c,32,14,35,8c,a9,7d,f7,2e,
08,4b,0d,31,76,cf,2d,ed,41,d6,b1,4c,e4,d5,1a,93,d0,75,24,ea,d7,61,56,7f,5c,\
"rkeysecu"=hex:04,18,d6,df,66,97,a6,c4,f4,7a,9b,49,7c,df,ab,9b
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,15,3a,44,09,2b,
d4,d9,e9,c8,28,51,af,b0,29,a3,98,c0,86,37,95,2e,6f,bf,fd,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,b3,e7,80,dc,84,
78,91,39,71,3b,04,66,8b,46,0d,96,37,58,7e,ae,ad,c3,9c,df,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,a9,19,57,aa,d8,
12,0a,3e,25,da,ec,7e,55,20,c9,26,65,cc,01,db,10,22,ab,e0,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,80,03,36,21,87,
27,7a,4d,3e,1e,9e,e0,57,5a,93,61,a3,42,24,3d,16,13,77,11,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,5b,ee,fe,ae,41,
2e,f0,17,cd,44,cd,b9,a6,33,6c,cd,f3,07,c0,46,8c,6e,af,b6,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,29,02,45,b0,4f,
d1,c6,ca,b0,18,ed,a7,3f,8d,37,a4,e1,6c,67,2a,7f,e6,07,13,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,d6,24,d8,c8,ad,
70,de,20,31,77,e1,ba,b1,f8,68,02,30,8d,b1,d2,3d,6d,3c,8e,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,75,b5,56,b8,75,
c5,57,e0,83,6c,56,8b,a0,85,96,ab,3a,61,9f,2c,5b,ec,98,c9,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,c5,81,9a,a7,61,
86,b8,60,51,fa,6e,91,28,9e,14,cc,24,92,97,de,b3,7b,68,88,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,4b,cc,11,21,c7,
96,14,6c,b1,cd,45,5a,a8,c4,f8,b9,9b,40,b0,74,2f,8a,87,31,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,1c,d9,89,5f,de,
11,25,74,e3,0e,66,d5,eb,bc,2f,6b,1a,fb,94,df,d9,f8,a0,a0,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,ef,a0,36,f3,40,
c2,d9,83,fa,ea,66,7f,d4,3b,6b,70,5e,59,22,b7,f0,94,d6,1b,6c,43,2d,1e,aa,22,\
[HKEY_LOCAL_MACHINE\software\Classes\JwÎÃgçè;ÿhB_*a*u*t*o*_*f*i*l*e*\shell]
@="open"
[HKEY_LOCAL_MACHINE\software\Classes\JwÎÃgçè;ÿhB_*a*u*t*o*_*f*i*l*e*\shell\open\command]
@="\"c:\\Program Files\\OpenOffice.org 3\\program\\swriter.exe\" -o \"%1\""
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ñw*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Heure de fin: 2009-05-21 9:03
ComboFix-quarantined-files.txt 2009-05-21 07:03
Avant-CF: 47 683 018 752 octets libres
Après-CF: 47 677 464 576 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
403 --- E O F --- 2009-05-13 09:37
que dois je faire pour pouvoir renomer ?
voila le rapport :
ComboFix 09-05-20.A0 - utilisateur 21/05/2009 9:00.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.959.444 [GMT 2:00]
Lancé depuis: c:\documents and settings\utilisateur\Bureau\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
[i] ADS - system32: deleted 0 bytes in 1 streams. /i
[i] ADS - WINDOWS: deleted 0 bytes in 1 streams. /i
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\utilisateur\Application Data\[u]0/u2000000fc34b8f2598C.manifest
c:\documents and settings\utilisateur\Application Data\[u]0/u2000000fc34b8f2598O.manifest
c:\documents and settings\utilisateur\Application Data\[u]0/u2000000fc34b8f2598P.manifest
c:\documents and settings\utilisateur\Application Data\[u]0/u2000000fc34b8f2598S.manifest
c:\documents and settings\utilisateur\Application Data\ShoppingReport
c:\documents and settings\utilisateur\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\utilisateur\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\utilisateur\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\utilisateur\Local Settings\Application Data\cowss.dat
c:\documents and settings\utilisateur\Local Settings\Application Data\cowss.exe
c:\documents and settings\utilisateur\Local Settings\Application Data\cowss_nav.dat
c:\documents and settings\utilisateur\Local Settings\Application Data\cowss_navps.dat
c:\program files\ShoppingReport
c:\program files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
c:\program files\ShoppingReport\Uninst.exe
c:\windows\GnuHashes.ini
c:\windows\system32\acovcnt.exe
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\SystemService32
c:\windows\system32\SystemService32\141.crack.zip
c:\windows\system32\SystemService32\141.crack.zip.kwd
c:\windows\system32\SystemService32\142.keygen.zip
c:\windows\system32\SystemService32\142.keygen.zip.kwd
c:\windows\system32\SystemService32\143.serial.zip
c:\windows\system32\SystemService32\143.serial.zip.kwd
c:\windows\system32\SystemService32\144.setup.zip
c:\windows\system32\SystemService32\144.setup.zip.kwd
c:\windows\system32\SystemService32\145.music.au
c:\windows\system32\SystemService32\145.music.au.kwd
c:\windows\system32\SystemService32\146.music1.mp3
c:\windows\system32\SystemService32\146.music1.mp3.kwd
c:\windows\system32\SystemService32\147.music2.mp3
c:\windows\system32\SystemService32\147.music2.mp3.kwd
c:\windows\system32\SystemService32\148.music.snd
c:\windows\system32\SystemService32\148.music.snd.kwd
c:\windows\system32\wztmscs.dll
c:\windows\ylgbzt.dll
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-04-21 au 2009-05-21 ))))))))))))))))))))))))))))))))))))
.
2009-05-21 06:21 . 2009-05-21 06:22 -------- dc----w C:\rsit
2009-05-21 06:16 . 2009-05-21 06:16 -------- dc----w c:\windows\LastGood
2009-05-20 21:08 . 2009-05-20 21:09 -------- dc----w c:\program files\QuickTime
2009-05-20 21:08 . 2009-05-20 21:08 -------- dc----w c:\documents and settings\All Users\Application Data\Games-Attack
2009-05-20 21:08 . 2009-05-20 21:08 -------- dc----w c:\documents and settings\utilisateur\Application Data\Dealio
2009-05-20 21:08 . 2009-05-20 21:08 -------- dc----w c:\documents and settings\utilisateur\Application Data\Search Settings
2009-05-20 21:08 . 2009-05-20 21:08 -------- dc----w c:\program files\Search Settings
2009-05-20 19:55 . 2009-05-20 21:08 -------- dc----w c:\documents and settings\utilisateur\Application Data\Dealio(2)
2009-05-20 19:42 . 2009-05-20 21:08 -------- dc----w C:\ToolBar SD
2009-05-20 18:46 . 2009-05-20 21:08 -------- dc----w c:\program files\Navilog1
2009-05-20 17:29 . 2009-05-21 06:21 -------- dc----w c:\program files\trend micro
2009-05-17 14:46 . 2009-05-17 14:46 -------- dc----w c:\documents and settings\utilisateur\Application Data\InstallShield
2009-05-16 18:31 . 2009-05-20 14:20 -------- dc----w c:\documents and settings\utilisateur\Application Data\Clickteam
2009-05-15 21:18 . 2009-05-15 21:18 615 -c--a-w c:\windows\system32\10OEfMAmo5Sw86r.vbs
2009-05-15 21:17 . 2009-05-15 21:17 615 -c--a-w c:\windows\system32\pX2D2tl.vbs
2009-05-15 21:17 . 2009-05-15 21:17 615 -c--a-w c:\windows\system32\VpkUt.vbs
2009-05-15 21:16 . 2009-05-15 21:16 615 -c--a-w c:\windows\system32\av8SE.vbs
2009-05-15 20:53 . 2009-05-15 20:53 59526 -c--a-w c:\windows\system32\pmgthqhvzo.dll-uninst.exe
2009-05-15 20:53 . 2009-05-15 20:53 85660 -c--a-w c:\windows\system32\195be703-5f42-3c36-cdc4-4d8fe18c3746.exe
2009-05-15 19:46 . 2009-05-15 21:19 -------- dc----w c:\documents and settings\utilisateur\Application Data\LimeWire
2009-05-15 19:45 . 2009-05-15 19:46 -------- dc----w c:\program files\LimeWire
2009-05-15 17:53 . 2009-05-15 17:53 -------- dc----w c:\documents and settings\utilisateur\Application Data\Ulead Systems
2009-05-15 17:50 . 2007-03-27 17:56 210456 -c--a-w c:\windows\system32\IVIresizeW7.dll
2009-05-15 17:50 . 2007-03-27 17:56 194072 -c--a-w c:\windows\system32\IVIresizePX.dll
2009-05-15 17:50 . 2007-03-27 17:56 198168 -c--a-w c:\windows\system32\IVIresizeM6.dll
2009-05-15 17:50 . 2007-03-27 17:56 198168 -c--a-w c:\windows\system32\IVIresizeP6.dll
2009-05-15 17:50 . 2007-03-27 17:56 206360 -c--a-w c:\windows\system32\IVIresizeA6.dll
2009-05-15 17:50 . 2007-03-27 17:56 26136 -c--a-w c:\windows\system32\IVIresize.dll
2009-05-15 17:48 . 2009-05-15 18:01 -------- dc----w c:\documents and settings\All Users\Application Data\Ulead Systems
2009-05-15 17:39 . 2009-05-15 17:39 -------- dc----w c:\program files\Fichiers communs\InterVideo
2009-05-15 17:38 . 2009-05-15 17:38 -------- dc----w c:\program files\Windows Media Components
2009-05-15 16:49 . 2009-05-15 16:59 -------- dc----w c:\program files\SoftChris
2009-05-15 16:11 . 2009-05-15 16:11 -------- dc----w c:\documents and settings\utilisateur\Application Data\Netscape
2009-05-15 16:11 . 2009-05-15 16:11 -------- dc----w c:\program files\Photodex
2009-05-15 16:10 . 2009-05-15 16:10 -------- dc----w c:\documents and settings\utilisateur\Application Data\Photodex
2009-05-14 15:50 . 2009-05-14 15:50 -------- dc----w c:\documents and settings\utilisateur\Local Settings\Application Data\HP
2009-05-14 15:18 . 2009-05-14 15:18 572928 -c--a-w c:\windows\system32\pmgthqhvzo.dll
2009-05-07 16:34 . 2009-05-07 16:34 -------- dc----w c:\documents and settings\utilisateur\Application Data\Sony Corporation
2009-05-07 16:29 . 2009-05-07 16:29 -------- dc----w c:\windows\Logs
2009-05-07 16:23 . 2009-05-07 16:23 -------- dc----w c:\documents and settings\All Users\Application Data\Sony Corporation
2009-04-29 20:12 . 2009-04-29 20:12 -------- dc----w c:\documents and settings\utilisateur\Application Data\Inkscape
2009-04-29 14:09 . 2009-04-29 14:09 684544 -c--a-w c:\windows\system32\nso1BC.dll
2009-04-28 14:16 . 2009-04-28 14:30 -------- dc----w c:\program files\Pinnacle
2009-04-28 14:14 . 2009-04-28 14:14 -------- dc----w c:\documents and settings\All Users\Application Data\Pinnacle
2009-04-28 14:13 . 2009-04-28 14:13 -------- dc----w c:\documents and settings\utilisateur\Local Settings\Application Data\Downloaded Installations
2009-04-25 17:02 . 2009-04-25 17:02 -------- dc----w c:\program files\iPod
2009-04-25 17:02 . 2009-04-25 17:03 -------- dc----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-25 17:02 . 2009-04-25 17:03 -------- dc----w c:\program files\iTunes
2009-04-25 16:32 . 2009-04-25 16:32 -------- dc-h--w c:\windows\PIF
2009-04-25 09:30 . 2009-05-20 20:35 -------- dc----w c:\documents and settings\utilisateur\Application Data\HPAppData
2009-04-25 09:29 . 2008-04-16 04:05 16496 -c--a-r c:\windows\system32\drivers\HPZipr12.sys
2009-04-25 09:29 . 2008-04-16 04:05 49920 -c--a-r c:\windows\system32\drivers\HPZid412.sys
2009-04-25 09:29 . 2008-04-16 04:05 21568 -c--a-r c:\windows\system32\drivers\HPZius12.sys
2009-04-25 09:28 . 2008-04-13 17:45 15104 -c--a-w c:\windows\system32\dllcache\usbscan.sys
2009-04-25 09:28 . 2008-04-13 17:45 15104 -c--a-w c:\windows\system32\drivers\usbscan.sys
2009-04-25 09:26 . 2009-04-25 09:26 -------- dc----w c:\documents and settings\All Users\Application Data\WEBREG
2009-04-25 09:24 . 2009-04-25 09:27 -------- dc----w c:\documents and settings\utilisateur\Application Data\HP
2009-04-25 09:15 . 2008-06-06 18:49 118272 -c--a-w c:\windows\system32\hpz3l692.dll
2009-04-25 09:15 . 2008-04-16 04:05 271704 -c--a-r c:\windows\system32\hpzids01.dll
2009-04-25 09:14 . 2008-04-16 04:05 309760 -c--a-r c:\windows\system32\difxapi.dll
2009-04-25 09:14 . 2008-04-16 04:05 372736 -c--a-r c:\windows\system32\hppldcoi.dll
2009-04-25 09:14 . 2008-02-28 10:08 303104 -c--a-r c:\windows\system32\hposc_p01a.dll
2009-04-25 09:14 . 2008-04-16 04:05 974848 -c--a-r c:\windows\system32\hpost_p01a.dll
2009-04-25 09:14 . 2008-04-16 04:05 729088 -c--a-r c:\windows\system32\hposwia_p01a.dll
2009-04-25 09:14 . 2001-08-23 15:20 6912 -c--a-w c:\windows\system32\dllcache\serscan.sys
2009-04-25 09:14 . 2001-08-23 15:20 6912 -c--a-w c:\windows\system32\drivers\serscan.sys
2009-04-25 09:01 . 2009-04-25 09:03 -------- dc----w c:\documents and settings\All Users\Application Data\HP
2009-04-25 09:01 . 2009-04-25 09:01 -------- dc----w c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-04-25 09:01 . 2009-04-25 09:01 -------- dc----w c:\program files\Hewlett-Packard
2009-04-25 09:00 . 2009-04-25 09:00 -------- dc----w c:\program files\Fichiers communs\HP
2009-04-25 08:55 . 2009-04-25 09:39 188511 -c--a-w c:\windows\hpoins30.dat
2009-04-25 08:55 . 2008-06-18 06:22 844 -c----w c:\windows\hpomdl30.dat
2009-04-25 08:35 . 2009-04-25 08:35 -------- dc----w c:\program files\Fichiers communs\Hewlett-Packard
2009-04-25 08:33 . 2008-04-13 17:47 25856 -c--a-w c:\windows\system32\dllcache\usbprint.sys
2009-04-25 08:33 . 2008-04-13 17:47 25856 -c--a-w c:\windows\system32\drivers\usbprint.sys
2009-04-25 08:31 . 2009-04-26 19:48 -------- dc----w c:\program files\HP
2009-04-24 17:40 . 2009-04-24 17:40 -------- dc----w c:\program files\IVCsoft
2009-04-24 17:31 . 2009-04-24 17:31 -------- dc----w c:\program files\FLV Player
2009-04-23 13:04 . 2008-04-14 02:33 221184 -c--a-w c:\windows\system32\wmpns.dll
2009-04-23 12:14 . 2009-04-23 12:15 -------- dc----w c:\documents and settings\utilisateur\dwhelper
2009-04-23 11:23 . 2009-04-23 11:23 -------- dc----w c:\program files\Dealio Toolbar
2009-04-23 11:23 . 2005-02-24 10:51 348160 -c--a-w c:\windows\system32\WMAFile.dll
2009-04-23 11:23 . 2005-02-24 11:11 1212416 -c--a-w c:\windows\system32\AudioInfos.dll
2009-04-23 11:23 . 2005-03-11 16:37 1986560 -c--a-w c:\windows\system32\AudFile.dll
2009-04-23 11:23 . 1998-07-12 20:00 15360 -c--a-w c:\windows\system32\inetfr.DLL
2009-04-23 11:23 . 2003-01-26 10:41 40960 -c--a-w c:\windows\system32\SSubTmr6.dll
2009-04-23 11:23 . 1999-03-25 16:00 101888 -c--a-w c:\windows\system32\VB6STKIT.DLL
2009-04-23 11:23 . 1998-07-12 20:00 141312 -c--a-w c:\windows\system32\MSCMCFR.DLL
2009-04-23 11:22 . 1998-07-12 16:00 32768 -c--a-w c:\windows\system32\CMDLGFR.DLL
2009-04-23 11:22 . 2003-04-18 13:29 44544 -c--a-w c:\windows\system32\msxml4a.dll
2009-04-23 11:22 . 2009-05-04 16:26 -------- dc----w c:\program files\Free Easy Burner
2009-04-23 11:03 . 2009-04-23 11:08 -------- dc----w c:\documents and settings\utilisateur\Application Data\DeepBurner
2009-04-23 11:02 . 2009-05-04 16:27 -------- dc----w c:\program files\Astonsoft
2009-04-23 07:08 . 2009-04-23 07:11 -------- dc----w c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-20 14:25 . 2007-05-31 12:27 -------- dc----w c:\program files\Google
2009-05-20 14:25 . 2009-03-18 20:58 -------- dc----w c:\program files\Buzoot
2009-05-20 14:23 . 2008-02-07 18:25 -------- dc----w c:\program files\Fichiers communs\Apple
2009-05-20 14:22 . 2007-05-31 16:53 -------- dc----w c:\program files\Fichiers communs\Adobe
2009-05-20 14:20 . 2007-08-27 11:59 -------- dc----w c:\program files\EA GAMES
2009-05-19 16:45 . 2009-01-02 19:53 11952 -c--a-w c:\windows\system32\avgrsstx.dll
2009-05-19 16:45 . 2009-01-02 19:53 325896 -c--a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-19 16:45 . 2009-01-02 19:53 108552 -c--a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-18 07:36 . 2007-05-28 16:37 -------- dc-h--w c:\program files\InstallShield Installation Information
2009-05-17 14:44 . 2009-01-06 18:38 -------- dc----w c:\program files\Yahoo!
2009-05-17 13:58 . 2009-03-13 16:32 -------- dc----w c:\program files\ALFANO_VUE
2009-05-15 21:21 . 2009-05-15 21:21 108 -c--a-w c:\documents and settings\utilisateur\udpcrawl.tmp
2009-05-15 21:16 . 2009-05-15 21:16 374272 -csha-w c:\windows\system32\1D5.tmp
2009-05-15 18:11 . 2007-05-29 11:45 106672 -c--a-w c:\documents and settings\utilisateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-11 18:56 . 2008-12-20 15:37 -------- dc----w c:\program files\Windows Live
2009-05-03 16:18 . 2008-12-21 15:02 -------- dc----w c:\program files\eMule
2009-04-30 17:12 . 2009-03-05 11:38 -------- dc----w c:\program files\AVS4YOU
2009-04-28 14:13 . 2006-03-02 12:00 71248 ----a-w c:\windows\system32\perfc00C.dat
2009-04-28 14:13 . 2006-03-02 12:00 458230 ----a-w c:\windows\system32\perfh00C.dat
2009-04-23 11:35 . 2009-01-01 12:54 -------- dc----w c:\program files\peer2Peer-FR2
2009-04-20 15:12 . 2009-04-20 15:12 -------- dc----w c:\program files\AIST
2009-04-03 19:47 . 2009-01-01 13:34 -------- dc----w c:\program files\Java
2009-03-29 15:42 . 2008-12-20 18:08 -------- dc----w c:\program files\Bonjour
2009-03-19 14:32 . 2006-09-19 13:44 23400 -c--a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-18 17:55 . 2009-03-18 17:55 9728 -c--a-w c:\windows\system32\Rnaph.dll
2009-03-13 16:20 . 2005-06-17 10:20 119424 -c--a-w c:\windows\system32\drivers\ser2pl.sys
2009-03-09 03:19 . 2009-01-02 09:22 410984 -c--a-w c:\windows\system32\deploytk.dll
2009-03-06 14:20 . 2006-03-02 12:00 286720 -c--a-w c:\windows\system32\pdh.dll
2009-03-03 00:13 . 2006-03-02 12:00 826368 -c--a-w c:\windows\system32\wininet.dll
2009-02-21 16:27 . 2007-07-30 10:01 107888 -c--a-w c:\windows\system32\CmdLineExt.dll
2009-02-20 17:10 . 2006-03-02 12:00 78336 -c--a-w c:\windows\system32\ieencode.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}]
2009-04-09 18:09 688128 -c--a-w c:\program files\Dealio Toolbar\DealioToolbarIE.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0A57C47A-B5EA-4658-BD7C-ACD7C83B68F9}]
2009-05-14 15:18 572928 -c--a-w c:\windows\system32\pmgthqhvzo.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9f23e207-7e05-4ee2-a90e-50cf3ae9b03f}]
2009-04-23 11:36 1883672 -c--a-w c:\program files\peer2Peer-FR2\tbpee1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a6fc3506-df1e-46ea-1a21-760a0c4cce66}]
2009-04-29 14:09 684544 -c--a-w c:\windows\system32\nso1BC.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cd36797a-70f3-4acd-8825-623d3b896881}]
2007-09-06 10:28 1453080 ----a-w c:\program files\securedie\tbsecu.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7561216]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-27 86016]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2006-05-30 811008]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-08-23 110592]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-05-16 53248]
"RemoteControl"="c:\program files\ASUSTek\ASUSDVD\PDVDServ.exe" [2003-10-31 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SoftwareHelper"="c:\documents and settings\utilisateur\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe" [2008-12-09 368224]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-19 1947928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2009-04-09 970240]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-04-27 1519616]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-06-13 16239616]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-8-8 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-19 16:45 11952 -c--a-w c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Maxis\\SimCity 3000 World Edition\\Apps\\Updater\\UPDATER.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"427:UDP"= 427:UDP:SLP_Port(427)
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [02/01/2009 21:53 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [02/01/2009 21:53 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [02/01/2009 21:52 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [08/02/2009 11:21 298776]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\system32\StkSrv.exe [28/05/2007 18:06 24576]
R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\ATK0100\ASNDIS5.sys [28/05/2004 10:13 16269]
R3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\drivers\fbxusb32.sys [18/12/2008 18:53 21344]
R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;c:\windows\system32\drivers\SynMini.sys [28/05/2007 22:40 841110]
R3 SynScan;ASUS WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [28/05/2007 22:41 8278]
S2 ShellHWDetection_Untrusted_BZ;Détection matériel noyau_Untrusted_BZ;c:\virtual\Untrusted\C_\WINDOWS\System32\svchost.exe -k netsvcs [02/03/2006 14:00 14336]
S2 StiSvc_Untrusted_BZ;Acquisition d'image Windows (WIA)_Untrusted_BZ;c:\virtual\Untrusted\C_\WINDOWS\system32\svchost.exe -k imgsvc [02/03/2006 14:00 14336]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [11/07/2007 16:38 20608]
S3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\drivers\StkCMini.sys [28/05/2007 18:06 669568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenu du dossier 'Tâches planifiées'
2009-04-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2009-05-16 c:\windows\Tasks\WebReg HP Photosmart C4500 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2008-03-25 18:42]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-cowss - c:\documents and settings\utilisateur\local settings\application data\cowss.exe
HKLM-Run-EoEngine - (no file)
Notify-944c3eee598 - c:\windows\System32\drmclien32.dll
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.cooxer.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.cooxer.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} -
TCP: {51581F91-207D-484E-9382-5030461B8309} = 192.168.0.1
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\documents and settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\5j2sn4je.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2265575&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2265575&SearchSource=13
FF - component: c:\documents and settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\5j2sn4je.default\extensions\{0b46ab23-2b13-44a5-b3ad-f5c4bfd55028}\components\FFExternalAlert.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\components\DealioToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: google.toolbar.linkdoctor.enabled - false
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-21 09:02
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1801674531-2147110713-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:cc,5b,6e,9d,cc,77,d0,66,7f,b0,f1,ac,1c,fe,40,f2,6e,63,bb,93,81,41,0d,
1b,ac,03,3e,5d,3e,46,e1,97,d0,7e,53,de,12,c8,53,a2,0a,e6,a5,b6,af,db,98,5b,\
"??"=hex:bd,cb,13,55,eb,04,57,f5,09,f0,02,e9,91,71,7c,c7
[HKEY_USERS\S-1-5-21-1801674531-2147110713-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:76,34,a2,af,76,65,2c,1d,81,f3,a8,87,7c,32,14,35,8c,a9,7d,f7,2e,
08,4b,0d,31,76,cf,2d,ed,41,d6,b1,4c,e4,d5,1a,93,d0,75,24,ea,d7,61,56,7f,5c,\
"rkeysecu"=hex:04,18,d6,df,66,97,a6,c4,f4,7a,9b,49,7c,df,ab,9b
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,15,3a,44,09,2b,
d4,d9,e9,c8,28,51,af,b0,29,a3,98,c0,86,37,95,2e,6f,bf,fd,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,b3,e7,80,dc,84,
78,91,39,71,3b,04,66,8b,46,0d,96,37,58,7e,ae,ad,c3,9c,df,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,a9,19,57,aa,d8,
12,0a,3e,25,da,ec,7e,55,20,c9,26,65,cc,01,db,10,22,ab,e0,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,80,03,36,21,87,
27,7a,4d,3e,1e,9e,e0,57,5a,93,61,a3,42,24,3d,16,13,77,11,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,5b,ee,fe,ae,41,
2e,f0,17,cd,44,cd,b9,a6,33,6c,cd,f3,07,c0,46,8c,6e,af,b6,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,29,02,45,b0,4f,
d1,c6,ca,b0,18,ed,a7,3f,8d,37,a4,e1,6c,67,2a,7f,e6,07,13,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,d6,24,d8,c8,ad,
70,de,20,31,77,e1,ba,b1,f8,68,02,30,8d,b1,d2,3d,6d,3c,8e,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,75,b5,56,b8,75,
c5,57,e0,83,6c,56,8b,a0,85,96,ab,3a,61,9f,2c,5b,ec,98,c9,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,c5,81,9a,a7,61,
86,b8,60,51,fa,6e,91,28,9e,14,cc,24,92,97,de,b3,7b,68,88,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,4b,cc,11,21,c7,
96,14,6c,b1,cd,45,5a,a8,c4,f8,b9,9b,40,b0,74,2f,8a,87,31,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,1c,d9,89,5f,de,
11,25,74,e3,0e,66,d5,eb,bc,2f,6b,1a,fb,94,df,d9,f8,a0,a0,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,ef,a0,36,f3,40,
c2,d9,83,fa,ea,66,7f,d4,3b,6b,70,5e,59,22,b7,f0,94,d6,1b,6c,43,2d,1e,aa,22,\
[HKEY_LOCAL_MACHINE\software\Classes\JwÎÃgçè;ÿhB_*a*u*t*o*_*f*i*l*e*\shell]
@="open"
[HKEY_LOCAL_MACHINE\software\Classes\JwÎÃgçè;ÿhB_*a*u*t*o*_*f*i*l*e*\shell\open\command]
@="\"c:\\Program Files\\OpenOffice.org 3\\program\\swriter.exe\" -o \"%1\""
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ñw*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Heure de fin: 2009-05-21 9:03
ComboFix-quarantined-files.txt 2009-05-21 07:03
Avant-CF: 47 683 018 752 octets libres
Après-CF: 47 677 464 576 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
403 --- E O F --- 2009-05-13 09:37
Telecharge FindyKill sur ton bureau :
http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe
https://www.malekal.com/tutorial-findykill/
--> Lance l installation avec les paramètres par défaut
--> Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir
--> Double clic sur le raccourci FindyKill sur ton bureau
--> Au menu principal, choisis l’option 4
--> Poste le rapport FindyKill.txt
http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe
https://www.malekal.com/tutorial-findykill/
--> Lance l installation avec les paramètres par défaut
--> Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir
--> Double clic sur le raccourci FindyKill sur ton bureau
--> Au menu principal, choisis l’option 4
--> Poste le rapport FindyKill.txt
voila le rapport et ca va m'aider a pouvoir renommer les fichier sans les perdres ?
################################### [ FindyKill V4.729 ]
# User : utilisateur (Administrateurs) # UTILISAT-7FC5A5
# Update on 19/05/09 by Chiquitine29
# Start at: 12:16:36 | 21/05/2009
# Website : http://pagesperso-orange.fr/NosTools/findykill.html
# AMD Turion(tm) 64 X2 Mobile Technology TL-52
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled
# AV : AVG Anti-Virus Free 8.5 [ Enabled | Updated ]
# C:\ # Disque fixe local # 69,03 Go (44,42 Go free) [Kévin Oudot] # NTFS
# D:\ # Disque fixe local # 42,76 Go (33,26 Go free) [DATA] # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque fixe local # 232,88 Go (208,5 Go free) [Iomega HDD] # NTFS
################################### [ Cracks / Keygens / Serials ]
# Nothing found !
################## [ ! Fin du rapport # FindyKill V4.729 ! ]
################################### [ FindyKill V4.729 ]
# User : utilisateur (Administrateurs) # UTILISAT-7FC5A5
# Update on 19/05/09 by Chiquitine29
# Start at: 12:16:36 | 21/05/2009
# Website : http://pagesperso-orange.fr/NosTools/findykill.html
# AMD Turion(tm) 64 X2 Mobile Technology TL-52
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled
# AV : AVG Anti-Virus Free 8.5 [ Enabled | Updated ]
# C:\ # Disque fixe local # 69,03 Go (44,42 Go free) [Kévin Oudot] # NTFS
# D:\ # Disque fixe local # 42,76 Go (33,26 Go free) [DATA] # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque fixe local # 232,88 Go (208,5 Go free) [Iomega HDD] # NTFS
################################### [ Cracks / Keygens / Serials ]
# Nothing found !
################## [ ! Fin du rapport # FindyKill V4.729 ! ]
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
je voulais renomer un bloc note et sa marche pas (voir 2°message précedent de moi) sa me met un message que jai cité voila le rapport rsit:
Logfile of random's system information tool 1.06 (written by random/random)
Run by utilisateur at 2009-05-21 12:21:14
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 45 GB (64%) free of 71 GB
Total RAM: 959 MB (47% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:31, on 21/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkSrv.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Documents and Settings\utilisateur\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\utilisateur\Bureau\wlsetup-custom.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\utilisateur\Bureau\RSIT.exe
C:\Program Files\trend micro\utilisateur.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hugedomains.com/domain_profile.cfm?d=cooxer&e=com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hugedomains.com/domain_profile.cfm?d=cooxer&e=com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
R3 - URLSearchHook: peer2Peer-FR2 Toolbar - {9f23e207-7e05-4ee2-a90e-50cf3ae9b03f} - C:\Program Files\peer2Peer-FR2\tbpee1.dll
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: trueads search enhancer - {0A57C47A-B5EA-4658-BD7C-ACD7C83B68F9} - C:\WINDOWS\system32\pmgthqhvzo.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: peer2Peer-FR2 Toolbar - {9f23e207-7e05-4ee2-a90e-50cf3ae9b03f} - C:\Program Files\peer2Peer-FR2\tbpee1.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: trueads - {a6fc3506-df1e-46ea-1a21-760a0c4cce66} - C:\WINDOWS\system32\nso1BC.dll
O2 - BHO: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
O3 - Toolbar: peer2Peer-FR2 Toolbar - {9f23e207-7e05-4ee2-a90e-50cf3ae9b03f} - C:\Program Files\peer2Peer-FR2\tbpee1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O3 - Toolbar: (no name) - {66886C4D-B307-4ECA-A228-52CA9B9851A4} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoftwareHelper] C:\Documents and Settings\utilisateur\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Nero DriveSpeed] C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{51581F91-207D-484E-9382-5030461B8309}: NameServer = 192.168.0.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rakcmdsv - RAVISENT Technologies Inc. - C:\WINDOWS\system32\drivers\cinemst2.sys
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkSrv.exe
Logfile of random's system information tool 1.06 (written by random/random)
Run by utilisateur at 2009-05-21 12:21:14
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 45 GB (64%) free of 71 GB
Total RAM: 959 MB (47% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:31, on 21/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkSrv.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Documents and Settings\utilisateur\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\utilisateur\Bureau\wlsetup-custom.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\utilisateur\Bureau\RSIT.exe
C:\Program Files\trend micro\utilisateur.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hugedomains.com/domain_profile.cfm?d=cooxer&e=com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hugedomains.com/domain_profile.cfm?d=cooxer&e=com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
R3 - URLSearchHook: peer2Peer-FR2 Toolbar - {9f23e207-7e05-4ee2-a90e-50cf3ae9b03f} - C:\Program Files\peer2Peer-FR2\tbpee1.dll
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: trueads search enhancer - {0A57C47A-B5EA-4658-BD7C-ACD7C83B68F9} - C:\WINDOWS\system32\pmgthqhvzo.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: peer2Peer-FR2 Toolbar - {9f23e207-7e05-4ee2-a90e-50cf3ae9b03f} - C:\Program Files\peer2Peer-FR2\tbpee1.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: trueads - {a6fc3506-df1e-46ea-1a21-760a0c4cce66} - C:\WINDOWS\system32\nso1BC.dll
O2 - BHO: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
O3 - Toolbar: peer2Peer-FR2 Toolbar - {9f23e207-7e05-4ee2-a90e-50cf3ae9b03f} - C:\Program Files\peer2Peer-FR2\tbpee1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O3 - Toolbar: (no name) - {66886C4D-B307-4ECA-A228-52CA9B9851A4} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoftwareHelper] C:\Documents and Settings\utilisateur\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Nero DriveSpeed] C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{51581F91-207D-484E-9382-5030461B8309}: NameServer = 192.168.0.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rakcmdsv - RAVISENT Technologies Inc. - C:\WINDOWS\system32\drivers\cinemst2.sys
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkSrv.exe
voila le rapport :
ComboFix 09-05-20.A0 - utilisateur 21/05/2009 12:48.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.959.501 [GMT 2:00]
Lancé depuis: c:\documents and settings\utilisateur\Bureau\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-04-21 au 2009-05-21 ))))))))))))))))))))))))))))))))))))
.
2009-05-21 10:28 . 2009-05-21 10:31 -------- dc----w c:\program files\PHPEdit
2009-05-21 10:22 . 2009-05-21 10:22 -------- dc----w c:\program files\Microsoft Silverlight
2009-05-21 10:15 . 2009-05-21 10:16 -------- dc----w C:\FindyKill
2009-05-21 06:21 . 2009-05-21 06:22 -------- dc----w C:\rsit
2009-05-21 06:16 . 2009-05-21 06:16 -------- dc----w c:\windows\LastGood
2009-05-20 21:08 . 2009-05-20 21:09 -------- dc----w c:\program files\QuickTime
2009-05-20 21:08 . 2009-05-20 21:08 -------- dc----w c:\documents and settings\All Users\Application Data\Games-Attack
2009-05-20 21:08 . 2009-05-20 21:08 -------- dc----w c:\documents and settings\utilisateur\Application Data\Dealio
2009-05-20 21:08 . 2009-05-20 21:08 -------- dc----w c:\documents and settings\utilisateur\Application Data\Search Settings
2009-05-20 21:08 . 2009-05-20 21:08 -------- dc----w c:\program files\Search Settings
2009-05-20 19:55 . 2009-05-20 21:08 -------- dc----w c:\documents and settings\utilisateur\Application Data\Dealio(2)
2009-05-20 19:42 . 2009-05-20 21:08 -------- dc----w C:\ToolBar SD
2009-05-20 18:46 . 2009-05-20 21:08 -------- dc----w c:\program files\Navilog1
2009-05-20 17:29 . 2009-05-21 10:21 -------- dc----w c:\program files\trend micro
2009-05-17 14:46 . 2009-05-17 14:46 -------- dc----w c:\documents and settings\utilisateur\Application Data\InstallShield
2009-05-16 18:31 . 2009-05-20 14:20 -------- dc----w c:\documents and settings\utilisateur\Application Data\Clickteam
2009-05-15 21:18 . 2009-05-15 21:18 615 -c--a-w c:\windows\system32\10OEfMAmo5Sw86r.vbs
2009-05-15 21:17 . 2009-05-15 21:17 615 -c--a-w c:\windows\system32\pX2D2tl.vbs
2009-05-15 21:17 . 2009-05-15 21:17 615 -c--a-w c:\windows\system32\VpkUt.vbs
2009-05-15 21:16 . 2009-05-15 21:16 615 -c--a-w c:\windows\system32\av8SE.vbs
2009-05-15 20:53 . 2009-05-15 20:53 59526 -c--a-w c:\windows\system32\pmgthqhvzo.dll-uninst.exe
2009-05-15 20:53 . 2009-05-15 20:53 85660 -c--a-w c:\windows\system32\195be703-5f42-3c36-cdc4-4d8fe18c3746.exe
2009-05-15 19:46 . 2009-05-15 21:19 -------- dc----w c:\documents and settings\utilisateur\Application Data\LimeWire
2009-05-15 19:45 . 2009-05-15 19:46 -------- dc----w c:\program files\LimeWire
2009-05-15 17:53 . 2009-05-15 17:53 -------- dc----w c:\documents and settings\utilisateur\Application Data\Ulead Systems
2009-05-15 17:50 . 2007-03-27 17:56 210456 -c--a-w c:\windows\system32\IVIresizeW7.dll
2009-05-15 17:50 . 2007-03-27 17:56 194072 -c--a-w c:\windows\system32\IVIresizePX.dll
2009-05-15 17:50 . 2007-03-27 17:56 198168 -c--a-w c:\windows\system32\IVIresizeM6.dll
2009-05-15 17:50 . 2007-03-27 17:56 198168 -c--a-w c:\windows\system32\IVIresizeP6.dll
2009-05-15 17:50 . 2007-03-27 17:56 206360 -c--a-w c:\windows\system32\IVIresizeA6.dll
2009-05-15 17:50 . 2007-03-27 17:56 26136 -c--a-w c:\windows\system32\IVIresize.dll
2009-05-15 17:48 . 2009-05-15 18:01 -------- dc----w c:\documents and settings\All Users\Application Data\Ulead Systems
2009-05-15 17:39 . 2009-05-15 17:39 -------- dc----w c:\program files\Fichiers communs\InterVideo
2009-05-15 17:38 . 2009-05-15 17:38 -------- dc----w c:\program files\Windows Media Components
2009-05-15 16:49 . 2009-05-15 16:59 -------- dc----w c:\program files\SoftChris
2009-05-15 16:11 . 2009-05-15 16:11 -------- dc----w c:\documents and settings\utilisateur\Application Data\Netscape
2009-05-15 16:11 . 2009-05-15 16:11 -------- dc----w c:\program files\Photodex
2009-05-15 16:10 . 2009-05-15 16:10 -------- dc----w c:\documents and settings\utilisateur\Application Data\Photodex
2009-05-14 15:50 . 2009-05-14 15:50 -------- dc----w c:\documents and settings\utilisateur\Local Settings\Application Data\HP
2009-05-14 15:18 . 2009-05-14 15:18 572928 -c--a-w c:\windows\system32\pmgthqhvzo.dll
2009-05-07 16:34 . 2009-05-07 16:34 -------- dc----w c:\documents and settings\utilisateur\Application Data\Sony Corporation
2009-05-07 16:29 . 2009-05-07 16:29 -------- dc----w c:\windows\Logs
2009-05-07 16:23 . 2009-05-07 16:23 -------- dc----w c:\documents and settings\All Users\Application Data\Sony Corporation
2009-04-29 20:12 . 2009-04-29 20:12 -------- dc----w c:\documents and settings\utilisateur\Application Data\Inkscape
2009-04-29 14:09 . 2009-04-29 14:09 684544 -c--a-w c:\windows\system32\nso1BC.dll
2009-04-28 14:16 . 2009-04-28 14:30 -------- dc----w c:\program files\Pinnacle
2009-04-28 14:14 . 2009-04-28 14:14 -------- dc----w c:\documents and settings\All Users\Application Data\Pinnacle
2009-04-28 14:13 . 2009-04-28 14:13 -------- dc----w c:\documents and settings\utilisateur\Local Settings\Application Data\Downloaded Installations
2009-04-25 17:02 . 2009-04-25 17:02 -------- dc----w c:\program files\iPod
2009-04-25 17:02 . 2009-04-25 17:03 -------- dc----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-25 17:02 . 2009-04-25 17:03 -------- dc----w c:\program files\iTunes
2009-04-25 16:32 . 2009-04-25 16:32 -------- dc-h--w c:\windows\PIF
2009-04-25 09:30 . 2009-05-20 20:35 -------- dc----w c:\documents and settings\utilisateur\Application Data\HPAppData
2009-04-25 09:29 . 2008-04-16 04:05 16496 -c--a-r c:\windows\system32\drivers\HPZipr12.sys
2009-04-25 09:29 . 2008-04-16 04:05 49920 -c--a-r c:\windows\system32\drivers\HPZid412.sys
2009-04-25 09:29 . 2008-04-16 04:05 21568 -c--a-r c:\windows\system32\drivers\HPZius12.sys
2009-04-25 09:28 . 2008-04-13 17:45 15104 -c--a-w c:\windows\system32\dllcache\usbscan.sys
2009-04-25 09:28 . 2008-04-13 17:45 15104 -c--a-w c:\windows\system32\drivers\usbscan.sys
2009-04-25 09:26 . 2009-04-25 09:26 -------- dc----w c:\documents and settings\All Users\Application Data\WEBREG
2009-04-25 09:24 . 2009-04-25 09:27 -------- dc----w c:\documents and settings\utilisateur\Application Data\HP
2009-04-25 09:15 . 2008-06-06 18:49 118272 -c--a-w c:\windows\system32\hpz3l692.dll
2009-04-25 09:15 . 2008-04-16 04:05 271704 -c--a-r c:\windows\system32\hpzids01.dll
2009-04-25 09:14 . 2008-04-16 04:05 309760 -c--a-r c:\windows\system32\difxapi.dll
2009-04-25 09:14 . 2008-04-16 04:05 372736 -c--a-r c:\windows\system32\hppldcoi.dll
2009-04-25 09:14 . 2008-02-28 10:08 303104 -c--a-r c:\windows\system32\hposc_p01a.dll
2009-04-25 09:14 . 2008-04-16 04:05 974848 -c--a-r c:\windows\system32\hpost_p01a.dll
2009-04-25 09:14 . 2008-04-16 04:05 729088 -c--a-r c:\windows\system32\hposwia_p01a.dll
2009-04-25 09:14 . 2001-08-23 15:20 6912 -c--a-w c:\windows\system32\dllcache\serscan.sys
2009-04-25 09:14 . 2001-08-23 15:20 6912 -c--a-w c:\windows\system32\drivers\serscan.sys
2009-04-25 09:01 . 2009-04-25 09:03 -------- dc----w c:\documents and settings\All Users\Application Data\HP
2009-04-25 09:01 . 2009-04-25 09:01 -------- dc----w c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-04-25 09:01 . 2009-04-25 09:01 -------- dc----w c:\program files\Hewlett-Packard
2009-04-25 09:00 . 2009-04-25 09:00 -------- dc----w c:\program files\Fichiers communs\HP
2009-04-25 08:55 . 2009-04-25 09:39 188511 -c--a-w c:\windows\hpoins30.dat
2009-04-25 08:55 . 2008-06-18 06:22 844 -c----w c:\windows\hpomdl30.dat
2009-04-25 08:35 . 2009-04-25 08:35 -------- dc----w c:\program files\Fichiers communs\Hewlett-Packard
2009-04-25 08:33 . 2008-04-13 17:47 25856 -c--a-w c:\windows\system32\dllcache\usbprint.sys
2009-04-25 08:33 . 2008-04-13 17:47 25856 -c--a-w c:\windows\system32\drivers\usbprint.sys
2009-04-25 08:31 . 2009-04-26 19:48 -------- dc----w c:\program files\HP
2009-04-24 17:40 . 2009-04-24 17:40 -------- dc----w c:\program files\IVCsoft
2009-04-24 17:31 . 2009-04-24 17:31 -------- dc----w c:\program files\FLV Player
2009-04-23 13:04 . 2008-04-14 02:33 221184 -c--a-w c:\windows\system32\wmpns.dll
2009-04-23 12:14 . 2009-04-23 12:15 -------- dc----w c:\documents and settings\utilisateur\dwhelper
2009-04-23 11:23 . 2009-04-23 11:23 -------- dc----w c:\program files\Dealio Toolbar
2009-04-23 11:23 . 2005-02-24 10:51 348160 -c--a-w c:\windows\system32\WMAFile.dll
2009-04-23 11:23 . 2005-02-24 11:11 1212416 -c--a-w c:\windows\system32\AudioInfos.dll
2009-04-23 11:23 . 2005-03-11 16:37 1986560 -c--a-w c:\windows\system32\AudFile.dll
2009-04-23 11:23 . 1998-07-12 20:00 15360 -c--a-w c:\windows\system32\inetfr.DLL
2009-04-23 11:23 . 2003-01-26 10:41 40960 -c--a-w c:\windows\system32\SSubTmr6.dll
2009-04-23 11:23 . 1999-03-25 16:00 101888 -c--a-w c:\windows\system32\VB6STKIT.DLL
2009-04-23 11:23 . 1998-07-12 20:00 141312 -c--a-w c:\windows\system32\MSCMCFR.DLL
2009-04-23 11:22 . 1998-07-12 16:00 32768 -c--a-w c:\windows\system32\CMDLGFR.DLL
2009-04-23 11:22 . 2003-04-18 13:29 44544 -c--a-w c:\windows\system32\msxml4a.dll
2009-04-23 11:22 . 2009-05-04 16:26 -------- dc----w c:\program files\Free Easy Burner
2009-04-23 11:03 . 2009-04-23 11:08 -------- dc----w c:\documents and settings\utilisateur\Application Data\DeepBurner
2009-04-23 11:02 . 2009-05-04 16:27 -------- dc----w c:\program files\Astonsoft
2009-04-23 07:08 . 2009-04-23 07:11 -------- dc----w c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-20 14:25 . 2007-05-31 12:27 -------- dc----w c:\program files\Google
2009-05-20 14:25 . 2009-03-18 20:58 -------- dc----w c:\program files\Buzoot
2009-05-20 14:23 . 2008-02-07 18:25 -------- dc----w c:\program files\Fichiers communs\Apple
2009-05-20 14:22 . 2007-05-31 16:53 -------- dc----w c:\program files\Fichiers communs\Adobe
2009-05-20 14:20 . 2007-08-27 11:59 -------- dc----w c:\program files\EA GAMES
2009-05-19 16:45 . 2009-01-02 19:53 11952 -c--a-w c:\windows\system32\avgrsstx.dll
2009-05-19 16:45 . 2009-01-02 19:53 325896 -c--a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-19 16:45 . 2009-01-02 19:53 108552 -c--a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-18 07:36 . 2007-05-28 16:37 -------- dc-h--w c:\program files\InstallShield Installation Information
2009-05-17 14:44 . 2009-01-06 18:38 -------- dc----w c:\program files\Yahoo!
2009-05-17 13:58 . 2009-03-13 16:32 -------- dc----w c:\program files\ALFANO_VUE
2009-05-15 21:21 . 2009-05-15 21:21 108 -c--a-w c:\documents and settings\utilisateur\udpcrawl.tmp
2009-05-15 21:16 . 2009-05-15 21:16 374272 -csha-w c:\windows\system32\1D5.tmp
2009-05-15 18:11 . 2007-05-29 11:45 106672 -c--a-w c:\documents and settings\utilisateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-11 18:56 . 2008-12-20 15:37 -------- dc----w c:\program files\Windows Live
2009-05-03 16:18 . 2008-12-21 15:02 -------- dc----w c:\program files\eMule
2009-04-30 17:12 . 2009-03-05 11:38 -------- dc----w c:\program files\AVS4YOU
2009-04-28 14:13 . 2006-03-02 12:00 71248 ----a-w c:\windows\system32\perfc00C.dat
2009-04-28 14:13 . 2006-03-02 12:00 458230 ----a-w c:\windows\system32\perfh00C.dat
2009-04-23 11:35 . 2009-01-01 12:54 -------- dc----w c:\program files\peer2Peer-FR2
2009-04-20 15:12 . 2009-04-20 15:12 -------- dc----w c:\program files\AIST
2009-04-03 19:47 . 2009-01-01 13:34 -------- dc----w c:\program files\Java
2009-03-29 15:42 . 2008-12-20 18:08 -------- dc----w c:\program files\Bonjour
2009-03-19 14:32 . 2006-09-19 13:44 23400 -c--a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-18 17:55 . 2009-03-18 17:55 9728 -c--a-w c:\windows\system32\Rnaph.dll
2009-03-13 16:20 . 2005-06-17 10:20 119424 -c--a-w c:\windows\system32\drivers\ser2pl.sys
2009-03-09 03:19 . 2009-01-02 09:22 410984 -c--a-w c:\windows\system32\deploytk.dll
2009-03-06 14:20 . 2006-03-02 12:00 286720 -c--a-w c:\windows\system32\pdh.dll
2009-03-03 00:13 . 2006-03-02 12:00 826368 -c--a-w c:\windows\system32\wininet.dll
2009-02-21 16:27 . 2007-07-30 10:01 107888 -c--a-w c:\windows\system32\CmdLineExt.dll
2009-02-20 17:10 . 2006-03-02 12:00 78336 -c--a-w c:\windows\system32\ieencode.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}]
2009-04-09 18:09 688128 -c--a-w c:\program files\Dealio Toolbar\DealioToolbarIE.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0A57C47A-B5EA-4658-BD7C-ACD7C83B68F9}]
2009-05-14 15:18 572928 -c--a-w c:\windows\system32\pmgthqhvzo.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9f23e207-7e05-4ee2-a90e-50cf3ae9b03f}]
2009-04-23 11:36 1883672 -c--a-w c:\program files\peer2Peer-FR2\tbpee1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a6fc3506-df1e-46ea-1a21-760a0c4cce66}]
2009-04-29 14:09 684544 -c--a-w c:\windows\system32\nso1BC.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cd36797a-70f3-4acd-8825-623d3b896881}]
2007-09-06 10:28 1453080 ----a-w c:\program files\securedie\tbsecu.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7561216]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-27 86016]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2006-05-30 811008]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-08-23 110592]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-05-16 53248]
"RemoteControl"="c:\program files\ASUSTek\ASUSDVD\PDVDServ.exe" [2003-10-31 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SoftwareHelper"="c:\documents and settings\utilisateur\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe" [2008-12-09 368224]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-19 1947928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2009-04-09 970240]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-04-27 1519616]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-06-13 16239616]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-8-8 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-19 16:45 11952 -c--a-w c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Maxis\\SimCity 3000 World Edition\\Apps\\Updater\\UPDATER.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\PHPEdit\\DBG\\DbgListener.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"427:UDP"= 427:UDP:SLP_Port(427)
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [02/01/2009 21:53 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [02/01/2009 21:53 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [02/01/2009 21:52 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [08/02/2009 11:21 298776]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\system32\StkSrv.exe [28/05/2007 18:06 24576]
R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\ATK0100\ASNDIS5.sys [28/05/2004 10:13 16269]
R3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\drivers\fbxusb32.sys [18/12/2008 18:53 21344]
R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;c:\windows\system32\drivers\SynMini.sys [28/05/2007 22:40 841110]
R3 SynScan;ASUS WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [28/05/2007 22:41 8278]
S2 ShellHWDetection_Untrusted_BZ;Détection matériel noyau_Untrusted_BZ;c:\virtual\Untrusted\C_\WINDOWS\System32\svchost.exe -k netsvcs [02/03/2006 14:00 14336]
S2 StiSvc_Untrusted_BZ;Acquisition d'image Windows (WIA)_Untrusted_BZ;c:\virtual\Untrusted\C_\WINDOWS\system32\svchost.exe -k imgsvc [02/03/2006 14:00 14336]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [11/07/2007 16:38 20608]
S3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\drivers\StkCMini.sys [28/05/2007 18:06 669568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenu du dossier 'Tâches planifiées'
2009-04-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2009-05-16 c:\windows\Tasks\WebReg HP Photosmart C4500 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2008-03-25 18:42]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.cooxer.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.cooxer.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} -
TCP: {51581F91-207D-484E-9382-5030461B8309} = 192.168.0.1
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\documents and settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\5j2sn4je.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2265575&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2265575&SearchSource=13
FF - component: c:\documents and settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\5j2sn4je.default\extensions\{0b46ab23-2b13-44a5-b3ad-f5c4bfd55028}\components\FFExternalAlert.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\5j2sn4je.default\extensions\OberonGameHost@OberonGames.com\platform\WINNT_x86-msvc\plugins\npOberonGameHost.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: google.toolbar.linkdoctor.enabled - false
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-21 12:50
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1801674531-2147110713-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:cc,5b,6e,9d,cc,77,d0,66,7f,b0,f1,ac,1c,fe,40,f2,6e,63,bb,93,81,41,0d,
1b,ac,03,3e,5d,3e,46,e1,97,d0,7e,53,de,12,c8,53,a2,0a,e6,a5,b6,af,db,98,5b,\
"??"=hex:bd,cb,13,55,eb,04,57,f5,09,f0,02,e9,91,71,7c,c7
[HKEY_USERS\S-1-5-21-1801674531-2147110713-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:76,34,a2,af,76,65,2c,1d,81,f3,a8,87,7c,32,14,35,8c,a9,7d,f7,2e,
08,4b,0d,31,76,cf,2d,ed,41,d6,b1,4c,e4,d5,1a,93,d0,75,24,ea,d7,61,56,7f,5c,\
"rkeysecu"=hex:04,18,d6,df,66,97,a6,c4,f4,7a,9b,49,7c,df,ab,9b
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,15,3a,44,09,2b,
d4,d9,e9,c8,28,51,af,b0,29,a3,98,c0,86,37,95,2e,6f,bf,fd,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,b3,e7,80,dc,84,
78,91,39,71,3b,04,66,8b,46,0d,96,37,58,7e,ae,ad,c3,9c,df,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,a9,19,57,aa,d8,
12,0a,3e,25,da,ec,7e,55,20,c9,26,65,cc,01,db,10,22,ab,e0,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,80,03,36,21,87,
27,7a,4d,3e,1e,9e,e0,57,5a,93,61,a3,42,24,3d,16,13,77,11,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,5b,ee,fe,ae,41,
2e,f0,17,cd,44,cd,b9,a6,33,6c,cd,f3,07,c0,46,8c,6e,af,b6,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,29,02,45,b0,4f,
d1,c6,ca,b0,18,ed,a7,3f,8d,37,a4,e1,6c,67,2a,7f,e6,07,13,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,d6,24,d8,c8,ad,
70,de,20,31,77,e1,ba,b1,f8,68,02,30,8d,b1,d2,3d,6d,3c,8e,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,75,b5,56,b8,75,
c5,57,e0,83,6c,56,8b,a0,85,96,ab,3a,61,9f,2c,5b,ec,98,c9,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,c5,81,9a,a7,61,
86,b8,60,51,fa,6e,91,28,9e,14,cc,24,92,97,de,b3,7b,68,88,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,4b,cc,11,21,c7,
96,14,6c,b1,cd,45,5a,a8,c4,f8,b9,9b,40,b0,74,2f,8a,87,31,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,1c,d9,89,5f,de,
11,25,74,e3,0e,66,d5,eb,bc,2f,6b,1a,fb,94,df,d9,f8,a0,a0,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,ef,a0,36,f3,40,
c2,d9,83,fa,ea,66,7f,d4,3b,6b,70,5e,59,22,b7,f0,94,d6,1b,6c,43,2d,1e,aa,22,\
[HKEY_LOCAL_MACHINE\software\Classes\JwÎÃgçè;ÿhB_*a*u*t*o*_*f*i*l*e*\shell]
@="open"
[HKEY_LOCAL_MACHINE\software\Classes\JwÎÃgçè;ÿhB_*a*u*t*o*_*f*i*l*e*\shell\open\command]
@="\"c:\\Program Files\\OpenOffice.org 3\\program\\swriter.exe\" -o \"%1\""
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ñw*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(4092)
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Heure de fin: 2009-05-21 12:52
ComboFix-quarantined-files.txt 2009-05-21 10:52
ComboFix2.txt 2009-05-21 07:03
Avant-CF: 47 593 414 656 octets libres
Après-CF: 47 577 681 920 octets libres
360 --- E O F --- 2009-05-13 09:37
ComboFix 09-05-20.A0 - utilisateur 21/05/2009 12:48.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.959.501 [GMT 2:00]
Lancé depuis: c:\documents and settings\utilisateur\Bureau\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-04-21 au 2009-05-21 ))))))))))))))))))))))))))))))))))))
.
2009-05-21 10:28 . 2009-05-21 10:31 -------- dc----w c:\program files\PHPEdit
2009-05-21 10:22 . 2009-05-21 10:22 -------- dc----w c:\program files\Microsoft Silverlight
2009-05-21 10:15 . 2009-05-21 10:16 -------- dc----w C:\FindyKill
2009-05-21 06:21 . 2009-05-21 06:22 -------- dc----w C:\rsit
2009-05-21 06:16 . 2009-05-21 06:16 -------- dc----w c:\windows\LastGood
2009-05-20 21:08 . 2009-05-20 21:09 -------- dc----w c:\program files\QuickTime
2009-05-20 21:08 . 2009-05-20 21:08 -------- dc----w c:\documents and settings\All Users\Application Data\Games-Attack
2009-05-20 21:08 . 2009-05-20 21:08 -------- dc----w c:\documents and settings\utilisateur\Application Data\Dealio
2009-05-20 21:08 . 2009-05-20 21:08 -------- dc----w c:\documents and settings\utilisateur\Application Data\Search Settings
2009-05-20 21:08 . 2009-05-20 21:08 -------- dc----w c:\program files\Search Settings
2009-05-20 19:55 . 2009-05-20 21:08 -------- dc----w c:\documents and settings\utilisateur\Application Data\Dealio(2)
2009-05-20 19:42 . 2009-05-20 21:08 -------- dc----w C:\ToolBar SD
2009-05-20 18:46 . 2009-05-20 21:08 -------- dc----w c:\program files\Navilog1
2009-05-20 17:29 . 2009-05-21 10:21 -------- dc----w c:\program files\trend micro
2009-05-17 14:46 . 2009-05-17 14:46 -------- dc----w c:\documents and settings\utilisateur\Application Data\InstallShield
2009-05-16 18:31 . 2009-05-20 14:20 -------- dc----w c:\documents and settings\utilisateur\Application Data\Clickteam
2009-05-15 21:18 . 2009-05-15 21:18 615 -c--a-w c:\windows\system32\10OEfMAmo5Sw86r.vbs
2009-05-15 21:17 . 2009-05-15 21:17 615 -c--a-w c:\windows\system32\pX2D2tl.vbs
2009-05-15 21:17 . 2009-05-15 21:17 615 -c--a-w c:\windows\system32\VpkUt.vbs
2009-05-15 21:16 . 2009-05-15 21:16 615 -c--a-w c:\windows\system32\av8SE.vbs
2009-05-15 20:53 . 2009-05-15 20:53 59526 -c--a-w c:\windows\system32\pmgthqhvzo.dll-uninst.exe
2009-05-15 20:53 . 2009-05-15 20:53 85660 -c--a-w c:\windows\system32\195be703-5f42-3c36-cdc4-4d8fe18c3746.exe
2009-05-15 19:46 . 2009-05-15 21:19 -------- dc----w c:\documents and settings\utilisateur\Application Data\LimeWire
2009-05-15 19:45 . 2009-05-15 19:46 -------- dc----w c:\program files\LimeWire
2009-05-15 17:53 . 2009-05-15 17:53 -------- dc----w c:\documents and settings\utilisateur\Application Data\Ulead Systems
2009-05-15 17:50 . 2007-03-27 17:56 210456 -c--a-w c:\windows\system32\IVIresizeW7.dll
2009-05-15 17:50 . 2007-03-27 17:56 194072 -c--a-w c:\windows\system32\IVIresizePX.dll
2009-05-15 17:50 . 2007-03-27 17:56 198168 -c--a-w c:\windows\system32\IVIresizeM6.dll
2009-05-15 17:50 . 2007-03-27 17:56 198168 -c--a-w c:\windows\system32\IVIresizeP6.dll
2009-05-15 17:50 . 2007-03-27 17:56 206360 -c--a-w c:\windows\system32\IVIresizeA6.dll
2009-05-15 17:50 . 2007-03-27 17:56 26136 -c--a-w c:\windows\system32\IVIresize.dll
2009-05-15 17:48 . 2009-05-15 18:01 -------- dc----w c:\documents and settings\All Users\Application Data\Ulead Systems
2009-05-15 17:39 . 2009-05-15 17:39 -------- dc----w c:\program files\Fichiers communs\InterVideo
2009-05-15 17:38 . 2009-05-15 17:38 -------- dc----w c:\program files\Windows Media Components
2009-05-15 16:49 . 2009-05-15 16:59 -------- dc----w c:\program files\SoftChris
2009-05-15 16:11 . 2009-05-15 16:11 -------- dc----w c:\documents and settings\utilisateur\Application Data\Netscape
2009-05-15 16:11 . 2009-05-15 16:11 -------- dc----w c:\program files\Photodex
2009-05-15 16:10 . 2009-05-15 16:10 -------- dc----w c:\documents and settings\utilisateur\Application Data\Photodex
2009-05-14 15:50 . 2009-05-14 15:50 -------- dc----w c:\documents and settings\utilisateur\Local Settings\Application Data\HP
2009-05-14 15:18 . 2009-05-14 15:18 572928 -c--a-w c:\windows\system32\pmgthqhvzo.dll
2009-05-07 16:34 . 2009-05-07 16:34 -------- dc----w c:\documents and settings\utilisateur\Application Data\Sony Corporation
2009-05-07 16:29 . 2009-05-07 16:29 -------- dc----w c:\windows\Logs
2009-05-07 16:23 . 2009-05-07 16:23 -------- dc----w c:\documents and settings\All Users\Application Data\Sony Corporation
2009-04-29 20:12 . 2009-04-29 20:12 -------- dc----w c:\documents and settings\utilisateur\Application Data\Inkscape
2009-04-29 14:09 . 2009-04-29 14:09 684544 -c--a-w c:\windows\system32\nso1BC.dll
2009-04-28 14:16 . 2009-04-28 14:30 -------- dc----w c:\program files\Pinnacle
2009-04-28 14:14 . 2009-04-28 14:14 -------- dc----w c:\documents and settings\All Users\Application Data\Pinnacle
2009-04-28 14:13 . 2009-04-28 14:13 -------- dc----w c:\documents and settings\utilisateur\Local Settings\Application Data\Downloaded Installations
2009-04-25 17:02 . 2009-04-25 17:02 -------- dc----w c:\program files\iPod
2009-04-25 17:02 . 2009-04-25 17:03 -------- dc----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-25 17:02 . 2009-04-25 17:03 -------- dc----w c:\program files\iTunes
2009-04-25 16:32 . 2009-04-25 16:32 -------- dc-h--w c:\windows\PIF
2009-04-25 09:30 . 2009-05-20 20:35 -------- dc----w c:\documents and settings\utilisateur\Application Data\HPAppData
2009-04-25 09:29 . 2008-04-16 04:05 16496 -c--a-r c:\windows\system32\drivers\HPZipr12.sys
2009-04-25 09:29 . 2008-04-16 04:05 49920 -c--a-r c:\windows\system32\drivers\HPZid412.sys
2009-04-25 09:29 . 2008-04-16 04:05 21568 -c--a-r c:\windows\system32\drivers\HPZius12.sys
2009-04-25 09:28 . 2008-04-13 17:45 15104 -c--a-w c:\windows\system32\dllcache\usbscan.sys
2009-04-25 09:28 . 2008-04-13 17:45 15104 -c--a-w c:\windows\system32\drivers\usbscan.sys
2009-04-25 09:26 . 2009-04-25 09:26 -------- dc----w c:\documents and settings\All Users\Application Data\WEBREG
2009-04-25 09:24 . 2009-04-25 09:27 -------- dc----w c:\documents and settings\utilisateur\Application Data\HP
2009-04-25 09:15 . 2008-06-06 18:49 118272 -c--a-w c:\windows\system32\hpz3l692.dll
2009-04-25 09:15 . 2008-04-16 04:05 271704 -c--a-r c:\windows\system32\hpzids01.dll
2009-04-25 09:14 . 2008-04-16 04:05 309760 -c--a-r c:\windows\system32\difxapi.dll
2009-04-25 09:14 . 2008-04-16 04:05 372736 -c--a-r c:\windows\system32\hppldcoi.dll
2009-04-25 09:14 . 2008-02-28 10:08 303104 -c--a-r c:\windows\system32\hposc_p01a.dll
2009-04-25 09:14 . 2008-04-16 04:05 974848 -c--a-r c:\windows\system32\hpost_p01a.dll
2009-04-25 09:14 . 2008-04-16 04:05 729088 -c--a-r c:\windows\system32\hposwia_p01a.dll
2009-04-25 09:14 . 2001-08-23 15:20 6912 -c--a-w c:\windows\system32\dllcache\serscan.sys
2009-04-25 09:14 . 2001-08-23 15:20 6912 -c--a-w c:\windows\system32\drivers\serscan.sys
2009-04-25 09:01 . 2009-04-25 09:03 -------- dc----w c:\documents and settings\All Users\Application Data\HP
2009-04-25 09:01 . 2009-04-25 09:01 -------- dc----w c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-04-25 09:01 . 2009-04-25 09:01 -------- dc----w c:\program files\Hewlett-Packard
2009-04-25 09:00 . 2009-04-25 09:00 -------- dc----w c:\program files\Fichiers communs\HP
2009-04-25 08:55 . 2009-04-25 09:39 188511 -c--a-w c:\windows\hpoins30.dat
2009-04-25 08:55 . 2008-06-18 06:22 844 -c----w c:\windows\hpomdl30.dat
2009-04-25 08:35 . 2009-04-25 08:35 -------- dc----w c:\program files\Fichiers communs\Hewlett-Packard
2009-04-25 08:33 . 2008-04-13 17:47 25856 -c--a-w c:\windows\system32\dllcache\usbprint.sys
2009-04-25 08:33 . 2008-04-13 17:47 25856 -c--a-w c:\windows\system32\drivers\usbprint.sys
2009-04-25 08:31 . 2009-04-26 19:48 -------- dc----w c:\program files\HP
2009-04-24 17:40 . 2009-04-24 17:40 -------- dc----w c:\program files\IVCsoft
2009-04-24 17:31 . 2009-04-24 17:31 -------- dc----w c:\program files\FLV Player
2009-04-23 13:04 . 2008-04-14 02:33 221184 -c--a-w c:\windows\system32\wmpns.dll
2009-04-23 12:14 . 2009-04-23 12:15 -------- dc----w c:\documents and settings\utilisateur\dwhelper
2009-04-23 11:23 . 2009-04-23 11:23 -------- dc----w c:\program files\Dealio Toolbar
2009-04-23 11:23 . 2005-02-24 10:51 348160 -c--a-w c:\windows\system32\WMAFile.dll
2009-04-23 11:23 . 2005-02-24 11:11 1212416 -c--a-w c:\windows\system32\AudioInfos.dll
2009-04-23 11:23 . 2005-03-11 16:37 1986560 -c--a-w c:\windows\system32\AudFile.dll
2009-04-23 11:23 . 1998-07-12 20:00 15360 -c--a-w c:\windows\system32\inetfr.DLL
2009-04-23 11:23 . 2003-01-26 10:41 40960 -c--a-w c:\windows\system32\SSubTmr6.dll
2009-04-23 11:23 . 1999-03-25 16:00 101888 -c--a-w c:\windows\system32\VB6STKIT.DLL
2009-04-23 11:23 . 1998-07-12 20:00 141312 -c--a-w c:\windows\system32\MSCMCFR.DLL
2009-04-23 11:22 . 1998-07-12 16:00 32768 -c--a-w c:\windows\system32\CMDLGFR.DLL
2009-04-23 11:22 . 2003-04-18 13:29 44544 -c--a-w c:\windows\system32\msxml4a.dll
2009-04-23 11:22 . 2009-05-04 16:26 -------- dc----w c:\program files\Free Easy Burner
2009-04-23 11:03 . 2009-04-23 11:08 -------- dc----w c:\documents and settings\utilisateur\Application Data\DeepBurner
2009-04-23 11:02 . 2009-05-04 16:27 -------- dc----w c:\program files\Astonsoft
2009-04-23 07:08 . 2009-04-23 07:11 -------- dc----w c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-20 14:25 . 2007-05-31 12:27 -------- dc----w c:\program files\Google
2009-05-20 14:25 . 2009-03-18 20:58 -------- dc----w c:\program files\Buzoot
2009-05-20 14:23 . 2008-02-07 18:25 -------- dc----w c:\program files\Fichiers communs\Apple
2009-05-20 14:22 . 2007-05-31 16:53 -------- dc----w c:\program files\Fichiers communs\Adobe
2009-05-20 14:20 . 2007-08-27 11:59 -------- dc----w c:\program files\EA GAMES
2009-05-19 16:45 . 2009-01-02 19:53 11952 -c--a-w c:\windows\system32\avgrsstx.dll
2009-05-19 16:45 . 2009-01-02 19:53 325896 -c--a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-19 16:45 . 2009-01-02 19:53 108552 -c--a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-18 07:36 . 2007-05-28 16:37 -------- dc-h--w c:\program files\InstallShield Installation Information
2009-05-17 14:44 . 2009-01-06 18:38 -------- dc----w c:\program files\Yahoo!
2009-05-17 13:58 . 2009-03-13 16:32 -------- dc----w c:\program files\ALFANO_VUE
2009-05-15 21:21 . 2009-05-15 21:21 108 -c--a-w c:\documents and settings\utilisateur\udpcrawl.tmp
2009-05-15 21:16 . 2009-05-15 21:16 374272 -csha-w c:\windows\system32\1D5.tmp
2009-05-15 18:11 . 2007-05-29 11:45 106672 -c--a-w c:\documents and settings\utilisateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-11 18:56 . 2008-12-20 15:37 -------- dc----w c:\program files\Windows Live
2009-05-03 16:18 . 2008-12-21 15:02 -------- dc----w c:\program files\eMule
2009-04-30 17:12 . 2009-03-05 11:38 -------- dc----w c:\program files\AVS4YOU
2009-04-28 14:13 . 2006-03-02 12:00 71248 ----a-w c:\windows\system32\perfc00C.dat
2009-04-28 14:13 . 2006-03-02 12:00 458230 ----a-w c:\windows\system32\perfh00C.dat
2009-04-23 11:35 . 2009-01-01 12:54 -------- dc----w c:\program files\peer2Peer-FR2
2009-04-20 15:12 . 2009-04-20 15:12 -------- dc----w c:\program files\AIST
2009-04-03 19:47 . 2009-01-01 13:34 -------- dc----w c:\program files\Java
2009-03-29 15:42 . 2008-12-20 18:08 -------- dc----w c:\program files\Bonjour
2009-03-19 14:32 . 2006-09-19 13:44 23400 -c--a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-18 17:55 . 2009-03-18 17:55 9728 -c--a-w c:\windows\system32\Rnaph.dll
2009-03-13 16:20 . 2005-06-17 10:20 119424 -c--a-w c:\windows\system32\drivers\ser2pl.sys
2009-03-09 03:19 . 2009-01-02 09:22 410984 -c--a-w c:\windows\system32\deploytk.dll
2009-03-06 14:20 . 2006-03-02 12:00 286720 -c--a-w c:\windows\system32\pdh.dll
2009-03-03 00:13 . 2006-03-02 12:00 826368 -c--a-w c:\windows\system32\wininet.dll
2009-02-21 16:27 . 2007-07-30 10:01 107888 -c--a-w c:\windows\system32\CmdLineExt.dll
2009-02-20 17:10 . 2006-03-02 12:00 78336 -c--a-w c:\windows\system32\ieencode.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}]
2009-04-09 18:09 688128 -c--a-w c:\program files\Dealio Toolbar\DealioToolbarIE.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0A57C47A-B5EA-4658-BD7C-ACD7C83B68F9}]
2009-05-14 15:18 572928 -c--a-w c:\windows\system32\pmgthqhvzo.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9f23e207-7e05-4ee2-a90e-50cf3ae9b03f}]
2009-04-23 11:36 1883672 -c--a-w c:\program files\peer2Peer-FR2\tbpee1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a6fc3506-df1e-46ea-1a21-760a0c4cce66}]
2009-04-29 14:09 684544 -c--a-w c:\windows\system32\nso1BC.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cd36797a-70f3-4acd-8825-623d3b896881}]
2007-09-06 10:28 1453080 ----a-w c:\program files\securedie\tbsecu.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7561216]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-27 86016]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2006-05-30 811008]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-08-23 110592]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-05-16 53248]
"RemoteControl"="c:\program files\ASUSTek\ASUSDVD\PDVDServ.exe" [2003-10-31 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SoftwareHelper"="c:\documents and settings\utilisateur\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe" [2008-12-09 368224]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-19 1947928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2009-04-09 970240]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-04-27 1519616]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-06-13 16239616]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-8-8 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-19 16:45 11952 -c--a-w c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Maxis\\SimCity 3000 World Edition\\Apps\\Updater\\UPDATER.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\PHPEdit\\DBG\\DbgListener.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"427:UDP"= 427:UDP:SLP_Port(427)
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [02/01/2009 21:53 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [02/01/2009 21:53 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [02/01/2009 21:52 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [08/02/2009 11:21 298776]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\system32\StkSrv.exe [28/05/2007 18:06 24576]
R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\ATK0100\ASNDIS5.sys [28/05/2004 10:13 16269]
R3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\drivers\fbxusb32.sys [18/12/2008 18:53 21344]
R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;c:\windows\system32\drivers\SynMini.sys [28/05/2007 22:40 841110]
R3 SynScan;ASUS WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [28/05/2007 22:41 8278]
S2 ShellHWDetection_Untrusted_BZ;Détection matériel noyau_Untrusted_BZ;c:\virtual\Untrusted\C_\WINDOWS\System32\svchost.exe -k netsvcs [02/03/2006 14:00 14336]
S2 StiSvc_Untrusted_BZ;Acquisition d'image Windows (WIA)_Untrusted_BZ;c:\virtual\Untrusted\C_\WINDOWS\system32\svchost.exe -k imgsvc [02/03/2006 14:00 14336]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [11/07/2007 16:38 20608]
S3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\drivers\StkCMini.sys [28/05/2007 18:06 669568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenu du dossier 'Tâches planifiées'
2009-04-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2009-05-16 c:\windows\Tasks\WebReg HP Photosmart C4500 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2008-03-25 18:42]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.cooxer.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.cooxer.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} -
TCP: {51581F91-207D-484E-9382-5030461B8309} = 192.168.0.1
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\documents and settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\5j2sn4je.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2265575&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2265575&SearchSource=13
FF - component: c:\documents and settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\5j2sn4je.default\extensions\{0b46ab23-2b13-44a5-b3ad-f5c4bfd55028}\components\FFExternalAlert.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\5j2sn4je.default\extensions\OberonGameHost@OberonGames.com\platform\WINNT_x86-msvc\plugins\npOberonGameHost.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: google.toolbar.linkdoctor.enabled - false
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-21 12:50
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1801674531-2147110713-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:cc,5b,6e,9d,cc,77,d0,66,7f,b0,f1,ac,1c,fe,40,f2,6e,63,bb,93,81,41,0d,
1b,ac,03,3e,5d,3e,46,e1,97,d0,7e,53,de,12,c8,53,a2,0a,e6,a5,b6,af,db,98,5b,\
"??"=hex:bd,cb,13,55,eb,04,57,f5,09,f0,02,e9,91,71,7c,c7
[HKEY_USERS\S-1-5-21-1801674531-2147110713-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:76,34,a2,af,76,65,2c,1d,81,f3,a8,87,7c,32,14,35,8c,a9,7d,f7,2e,
08,4b,0d,31,76,cf,2d,ed,41,d6,b1,4c,e4,d5,1a,93,d0,75,24,ea,d7,61,56,7f,5c,\
"rkeysecu"=hex:04,18,d6,df,66,97,a6,c4,f4,7a,9b,49,7c,df,ab,9b
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,15,3a,44,09,2b,
d4,d9,e9,c8,28,51,af,b0,29,a3,98,c0,86,37,95,2e,6f,bf,fd,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,b3,e7,80,dc,84,
78,91,39,71,3b,04,66,8b,46,0d,96,37,58,7e,ae,ad,c3,9c,df,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,a9,19,57,aa,d8,
12,0a,3e,25,da,ec,7e,55,20,c9,26,65,cc,01,db,10,22,ab,e0,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,80,03,36,21,87,
27,7a,4d,3e,1e,9e,e0,57,5a,93,61,a3,42,24,3d,16,13,77,11,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,5b,ee,fe,ae,41,
2e,f0,17,cd,44,cd,b9,a6,33,6c,cd,f3,07,c0,46,8c,6e,af,b6,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,29,02,45,b0,4f,
d1,c6,ca,b0,18,ed,a7,3f,8d,37,a4,e1,6c,67,2a,7f,e6,07,13,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,d6,24,d8,c8,ad,
70,de,20,31,77,e1,ba,b1,f8,68,02,30,8d,b1,d2,3d,6d,3c,8e,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,75,b5,56,b8,75,
c5,57,e0,83,6c,56,8b,a0,85,96,ab,3a,61,9f,2c,5b,ec,98,c9,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,c5,81,9a,a7,61,
86,b8,60,51,fa,6e,91,28,9e,14,cc,24,92,97,de,b3,7b,68,88,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,4b,cc,11,21,c7,
96,14,6c,b1,cd,45,5a,a8,c4,f8,b9,9b,40,b0,74,2f,8a,87,31,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,1c,d9,89,5f,de,
11,25,74,e3,0e,66,d5,eb,bc,2f,6b,1a,fb,94,df,d9,f8,a0,a0,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,ef,a0,36,f3,40,
c2,d9,83,fa,ea,66,7f,d4,3b,6b,70,5e,59,22,b7,f0,94,d6,1b,6c,43,2d,1e,aa,22,\
[HKEY_LOCAL_MACHINE\software\Classes\JwÎÃgçè;ÿhB_*a*u*t*o*_*f*i*l*e*\shell]
@="open"
[HKEY_LOCAL_MACHINE\software\Classes\JwÎÃgçè;ÿhB_*a*u*t*o*_*f*i*l*e*\shell\open\command]
@="\"c:\\Program Files\\OpenOffice.org 3\\program\\swriter.exe\" -o \"%1\""
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ñw*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(4092)
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Heure de fin: 2009-05-21 12:52
ComboFix-quarantined-files.txt 2009-05-21 10:52
ComboFix2.txt 2009-05-21 07:03
Avant-CF: 47 593 414 656 octets libres
Après-CF: 47 577 681 920 octets libres
360 --- E O F --- 2009-05-13 09:37
rapport de rsit :
Logfile of random's system information tool 1.06 (written by random/random)
Run by utilisateur at 2009-05-21 12:58:41
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 45 GB (64%) free of 71 GB
Total RAM: 959 MB (45% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:59:01, on 21/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkSrv.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Documents and Settings\utilisateur\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\PROGRA~1\PHPEdit\DBG\DBGLIS~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Installer\wlarp.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Documents and Settings\utilisateur\Bureau\RSIT.exe
C:\Program Files\trend micro\utilisateur.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hugedomains.com/domain_profile.cfm?d=cooxer&e=com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hugedomains.com/domain_profile.cfm?d=cooxer&e=com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
R3 - URLSearchHook: peer2Peer-FR2 Toolbar - {9f23e207-7e05-4ee2-a90e-50cf3ae9b03f} - C:\Program Files\peer2Peer-FR2\tbpee1.dll
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: trueads search enhancer - {0A57C47A-B5EA-4658-BD7C-ACD7C83B68F9} - C:\WINDOWS\system32\pmgthqhvzo.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: peer2Peer-FR2 Toolbar - {9f23e207-7e05-4ee2-a90e-50cf3ae9b03f} - C:\Program Files\peer2Peer-FR2\tbpee1.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: trueads - {a6fc3506-df1e-46ea-1a21-760a0c4cce66} - C:\WINDOWS\system32\nso1BC.dll
O2 - BHO: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
O3 - Toolbar: peer2Peer-FR2 Toolbar - {9f23e207-7e05-4ee2-a90e-50cf3ae9b03f} - C:\Program Files\peer2Peer-FR2\tbpee1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O3 - Toolbar: (no name) - {66886C4D-B307-4ECA-A228-52CA9B9851A4} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoftwareHelper] C:\Documents and Settings\utilisateur\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Nero DriveSpeed] C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{51581F91-207D-484E-9382-5030461B8309}: NameServer = 192.168.0.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rakcmdsv - RAVISENT Technologies Inc. - C:\WINDOWS\system32\drivers\cinemst2.sys
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkSrv.exe
Logfile of random's system information tool 1.06 (written by random/random)
Run by utilisateur at 2009-05-21 12:58:41
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 45 GB (64%) free of 71 GB
Total RAM: 959 MB (45% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:59:01, on 21/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkSrv.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Documents and Settings\utilisateur\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\PROGRA~1\PHPEdit\DBG\DBGLIS~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Installer\wlarp.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Documents and Settings\utilisateur\Bureau\RSIT.exe
C:\Program Files\trend micro\utilisateur.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hugedomains.com/domain_profile.cfm?d=cooxer&e=com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hugedomains.com/domain_profile.cfm?d=cooxer&e=com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
R3 - URLSearchHook: peer2Peer-FR2 Toolbar - {9f23e207-7e05-4ee2-a90e-50cf3ae9b03f} - C:\Program Files\peer2Peer-FR2\tbpee1.dll
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: trueads search enhancer - {0A57C47A-B5EA-4658-BD7C-ACD7C83B68F9} - C:\WINDOWS\system32\pmgthqhvzo.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: peer2Peer-FR2 Toolbar - {9f23e207-7e05-4ee2-a90e-50cf3ae9b03f} - C:\Program Files\peer2Peer-FR2\tbpee1.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: trueads - {a6fc3506-df1e-46ea-1a21-760a0c4cce66} - C:\WINDOWS\system32\nso1BC.dll
O2 - BHO: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
O3 - Toolbar: peer2Peer-FR2 Toolbar - {9f23e207-7e05-4ee2-a90e-50cf3ae9b03f} - C:\Program Files\peer2Peer-FR2\tbpee1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O3 - Toolbar: (no name) - {66886C4D-B307-4ECA-A228-52CA9B9851A4} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoftwareHelper] C:\Documents and Settings\utilisateur\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Nero DriveSpeed] C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{51581F91-207D-484E-9382-5030461B8309}: NameServer = 192.168.0.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rakcmdsv - RAVISENT Technologies Inc. - C:\WINDOWS\system32\drivers\cinemst2.sys
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkSrv.exe
Tu fais quoi sur ton PC ?
Les mêmes infections reviennent à chaque passage de fix ;(( surtout de Combo
Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe
---> Double-clique sur OTMoveIt3.exe afin de le lancer.
---> Copie (Ctrl+C) le texte suivant ci-dessous :
:processes
explorer.exe
:files
c:\documents and settings\utilisateur\application data\eorezo\softwareupdate\softwareupdatehp.exe
c:\program files\search settings\searchsettings.exe
c:\windows\system32\shdocvw.dll
:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoftwareHelper"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SearchSettings"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}]
:commands
[emptytemp]
[start explorer]
---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
Les mêmes infections reviennent à chaque passage de fix ;(( surtout de Combo
Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe
---> Double-clique sur OTMoveIt3.exe afin de le lancer.
---> Copie (Ctrl+C) le texte suivant ci-dessous :
:processes
explorer.exe
:files
c:\documents and settings\utilisateur\application data\eorezo\softwareupdate\softwareupdatehp.exe
c:\program files\search settings\searchsettings.exe
c:\windows\system32\shdocvw.dll
:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoftwareHelper"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SearchSettings"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}]
:commands
[emptytemp]
[start explorer]
---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
je vais sur internet et fais mon site (envoi de photo)
je m'occuperais de sa tout a l'heur, le devoir m'appel ailleur
je m'occuperais de sa tout a l'heur, le devoir m'appel ailleur
voila le rapport (il ma fait redemarer) :
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
c:\documents and settings\utilisateur\application data\eorezo\softwareupdate\SoftwareUpdateHP.exe moved successfully.
c:\program files\search settings\SearchSettings.exe moved successfully.
c:\windows\system32\shdocvw.dll unregistered successfully.
c:\windows\system32\shdocvw.dll moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\etilqs_lAwQPfKWgSged6fNf7dv scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\utilisateur\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\HPSLPS012.log scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_1a0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\utilisateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\5j2sn4je.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\utilisateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\5j2sn4je.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\utilisateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\5j2sn4je.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\utilisateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\5j2sn4je.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\utilisateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\5j2sn4je.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\utilisateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\5j2sn4je.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05212009_160151
Files moved on Reboot...
File C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\etilqs_lAwQPfKWgSged6fNf7dv not found!
C:\WINDOWS\temp\HPSLPS012.log moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_1a0.dat not found!
C:\Documents and Settings\utilisateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\5j2sn4je.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\utilisateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\5j2sn4je.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\utilisateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\5j2sn4je.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\utilisateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\5j2sn4je.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\utilisateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\5j2sn4je.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\utilisateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\5j2sn4je.default\XUL.mfl moved successfully.
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
c:\documents and settings\utilisateur\application data\eorezo\softwareupdate\SoftwareUpdateHP.exe moved successfully.
c:\program files\search settings\SearchSettings.exe moved successfully.
c:\windows\system32\shdocvw.dll unregistered successfully.
c:\windows\system32\shdocvw.dll moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\etilqs_lAwQPfKWgSged6fNf7dv scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\utilisateur\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\HPSLPS012.log scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_1a0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\utilisateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\5j2sn4je.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\utilisateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\5j2sn4je.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\utilisateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\5j2sn4je.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\utilisateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\5j2sn4je.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\utilisateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\5j2sn4je.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\utilisateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\5j2sn4je.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05212009_160151
Files moved on Reboot...
File C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\etilqs_lAwQPfKWgSged6fNf7dv not found!
C:\WINDOWS\temp\HPSLPS012.log moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_1a0.dat not found!
C:\Documents and Settings\utilisateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\5j2sn4je.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\utilisateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\5j2sn4je.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\utilisateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\5j2sn4je.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\utilisateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\5j2sn4je.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\utilisateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\5j2sn4je.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\utilisateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\5j2sn4je.default\XUL.mfl moved successfully.
voila le rapport :
Logfile of random's system information tool 1.06 (written by random/random)
Run by utilisateur at 2009-05-21 17:52:05
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 45 GB (64%) free of 71 GB
Total RAM: 959 MB (33% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:52:18, on 21/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkSrv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\utilisateur\Bureau\RSIT.exe
C:\Program Files\trend micro\utilisateur.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cooxer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cooxer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
R3 - URLSearchHook: peer2Peer-FR2 Toolbar - {9f23e207-7e05-4ee2-a90e-50cf3ae9b03f} - C:\Program Files\peer2Peer-FR2\tbpee1.dll
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: trueads search enhancer - {0A57C47A-B5EA-4658-BD7C-ACD7C83B68F9} - C:\WINDOWS\system32\pmgthqhvzo.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: peer2Peer-FR2 Toolbar - {9f23e207-7e05-4ee2-a90e-50cf3ae9b03f} - C:\Program Files\peer2Peer-FR2\tbpee1.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: trueads - {a6fc3506-df1e-46ea-1a21-760a0c4cce66} - C:\WINDOWS\system32\nso1BC.dll
O2 - BHO: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
O3 - Toolbar: peer2Peer-FR2 Toolbar - {9f23e207-7e05-4ee2-a90e-50cf3ae9b03f} - C:\Program Files\peer2Peer-FR2\tbpee1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O3 - Toolbar: (no name) - {66886C4D-B307-4ECA-A228-52CA9B9851A4} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoftwareHelper] C:\Documents and Settings\utilisateur\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Nero DriveSpeed] C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{51581F91-207D-484E-9382-5030461B8309}: NameServer = 192.168.0.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rakcmdsv - RAVISENT Technologies Inc. - C:\WINDOWS\system32\drivers\cinemst2.sys
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkSrv.exe
Logfile of random's system information tool 1.06 (written by random/random)
Run by utilisateur at 2009-05-21 17:52:05
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 45 GB (64%) free of 71 GB
Total RAM: 959 MB (33% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:52:18, on 21/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkSrv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\utilisateur\Bureau\RSIT.exe
C:\Program Files\trend micro\utilisateur.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cooxer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cooxer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
R3 - URLSearchHook: peer2Peer-FR2 Toolbar - {9f23e207-7e05-4ee2-a90e-50cf3ae9b03f} - C:\Program Files\peer2Peer-FR2\tbpee1.dll
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: trueads search enhancer - {0A57C47A-B5EA-4658-BD7C-ACD7C83B68F9} - C:\WINDOWS\system32\pmgthqhvzo.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: peer2Peer-FR2 Toolbar - {9f23e207-7e05-4ee2-a90e-50cf3ae9b03f} - C:\Program Files\peer2Peer-FR2\tbpee1.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: trueads - {a6fc3506-df1e-46ea-1a21-760a0c4cce66} - C:\WINDOWS\system32\nso1BC.dll
O2 - BHO: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
O3 - Toolbar: peer2Peer-FR2 Toolbar - {9f23e207-7e05-4ee2-a90e-50cf3ae9b03f} - C:\Program Files\peer2Peer-FR2\tbpee1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O3 - Toolbar: (no name) - {66886C4D-B307-4ECA-A228-52CA9B9851A4} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoftwareHelper] C:\Documents and Settings\utilisateur\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Nero DriveSpeed] C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{51581F91-207D-484E-9382-5030461B8309}: NameServer = 192.168.0.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rakcmdsv - RAVISENT Technologies Inc. - C:\WINDOWS\system32\drivers\cinemst2.sys
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkSrv.exe
O4 - HKLM\..\Run: [SoftwareHelper] C:\Documents and Settings\utilisateur\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
Tu dois faire 36 000 choses en même temps
Tu te sert de EoReZo ?
Tu dois faire 36 000 choses en même temps
Tu te sert de EoReZo ?
Il apparait toujours .....
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
Dealio ► tu connais ?
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
Dealio ► tu connais ?
Précédent
- 1
- 2
- 3
- 4
Suivant
