Message lié virus
bigdarkmort
Messages postés
48
Statut
Membre
-
bigdarkmort Messages postés 48 Statut Membre -
bigdarkmort Messages postés 48 Statut Membre -
Bonjour j'ai grand besoin de votre aide . Je vais essayer d'être le plus clair possible .
Apres le chargement de windows et juste avant l'écran de bienvenue j'ai un message en un langue étrangère que je ne comprend pas je peut cliquer seulement "OK" ; et le message diffère à chaque demarrage je crois que c'est dut à un virus qui à dut faire des opération dans ma base de registre . J'ai fait un scan avec Spybot S&D et il a détecté des virus je les ais supprimer mais le message persite au démarage ! MerCi d'avance ! Je compte sur ce Forum car je suis nouveau je viens de m'inscrire ! :)
Apres le chargement de windows et juste avant l'écran de bienvenue j'ai un message en un langue étrangère que je ne comprend pas je peut cliquer seulement "OK" ; et le message diffère à chaque demarrage je crois que c'est dut à un virus qui à dut faire des opération dans ma base de registre . J'ai fait un scan avec Spybot S&D et il a détecté des virus je les ais supprimer mais le message persite au démarage ! MerCi d'avance ! Je compte sur ce Forum car je suis nouveau je viens de m'inscrire ! :)
A voir également:
- Message lié virus
- Recuperer message whatsapp supprimé - Guide
- Message absence thunderbird - Guide
- Virus mcafee - Accueil - Piratage
- Epingler un message whatsapp - Accueil - Messagerie instantanée
- Message supprimé whatsapp - Guide
44 réponses
C'est à dire que j'ai toujours un message au demarrage ! Juste entre l'ecran de chargement Windows Xp et l'écran des sessions !
Jespere vraiment qu'on réussisse à l'enlever .
Merci
A+
Jespere vraiment qu'on réussisse à l'enlever .
Merci
A+
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Re,
J'ai essayer de trouver des infos sur mon probleme mais je ne trouve pas quelque chose de très clair .
Ce message s'affiche apres le chargement de windows mais avant l'écran de sessions !
Ce message je ne pense qui soit du genre Publicité mais personnelement je pense que soit il est du à un probleme dans le system ou dût à un virus qui à fait n'importe quoi ! Ce message est dans une langue totalement imcompréemsible ! Mais à force de chercher dans le registre avec Tune Up Registry editor j'ai trouver quelque chose d'interressant , j'ai trouver cette clé :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings
Dedans il y a :
"Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,\
00,00,00,7a,68,71,4d,d6,bc,fb,42,81,51,47,58,1d,15,68,be,04,00,\
00,00,04,00,00,00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,\
00,30,aa,ac,ed,c7,e6,b3,02,bf,59,53,46,7d,80,93,19,00,00,00,00,\
04,80,00,00,a0,00,00,00,10,00,00,00,dc,e8,dc,1d,ba,10,80,44,19,\
3f,db,91,79,d9,e7,f0,b0,01,00,00,df,fd,79,32,83,84,4a,c3,c6,66,\
f1,6b,a1,81,f5,a1,da,b4,a0,14,a9,66,ac,0e,e0,4d,53,c8,c4,f2,37,\
5b,d1,f0,48,ac,8e,c6,6e,fd,14,cf,ae,3b,a0,b0,ac,c2,27,12,d1,fc,\
5f,6a,5c,b3,20,55,53,7d,c2,21,15,7f,ad,8f,12,b0,a2,8a,72,9f,2c,\
f8,c9,9a,f4,18,bf,8e,31,35,bf,fb,e0,35,58,6e,70,8b,00,05,3b,37,\
9b,38,66,ab,bb,df,40,e9,d8,80,2f,7c,50,fc,b1,b6,72,20,e4,97,aa,\
7d,62,7c,18,d7,3d,0b,00,80,b2,f1,a7,24,66,0f,5d,2f,3a,dc,ba,83,\
24,5d,1e,2b,b4,aa,ed,21,9d,85,41,43,e8,8b,d8,4a,fb,cb,7d,35,5b,\
e8,26,bc,c5,93,65,40,70,c0,39,6f,d2,b6,4e,a1,a9,96,4d,2e,c3,e4,\
4a,93,21,28,aa,32,90,4c,db,72,df,1c,fb,2b,20,d7,6c,86,bd,89,53,\
f0,e2,7a,2c,7a,c9,46,0b,ec,25,f3,bd,3a,aa,56,3c,5e,13,df,cb,df,\
1d,b9,7d,c6,e3,9c,9e,84,3f,a4,a5,ea,a1,3b,82,20,b4,cd,4a,26,1a,\
2e,ec,7d,81,e6,73,1d,a0,eb,21,dd,4c,e6,95,e9,df,93,06,99,e4,a0,\
51,fe,05,1a,91,ff,60,0e,c4,5e,9d,61,c6,df,c7,1e,7e,09,47,10,fe,\
5c,82,96,c6,24,b9,f2,74,4c,b5,ca,c2,d0,e5,81,20,98,12,34,c3,56,\
e2,68,6d,39,3f,b2,9e,18,4e,3b,87,a5,f1,63,b7,75,4f,91,fe,71,e5,\
6b,52,10,75,b2,da,fd,35,c5,5f,48,0b,3c,fb,79,37,21,b9,a9,e1,35,\
ec,b3,ad,4f,67,66,d8,2c,40,94,0d,9e,8c,b2,71,7d,00,cc,75,6b,f4,\
d3,91,8f,85,90,7a,84,f9,43,53,5a,19,84,41,d4,cd,76,ab,ce,3e,3c,\
29,4a,57,39,52,e1,f7,3a,93,84,e3,bf,90,cc,95,b4,60,68,7d,52,73,\
42,de,9c,82,4d,db,15,e6,48,7b,4a,1a,6b,9a,a2,9e,aa,25,53,0f,04,\
d0,b9,14,00,00,00,dd,52,6d,85,ed,46,a2,4a,05,c5,21,36,01,6b,89,\
45,82,3f,6b,c8
Et a coté de sa (je n'arrirve pas à copier coller) il y a des mort à caractere bizarre que je ne comprend pas et CES MOTS sont contenue dans le message !!! Jespere que tu pourras éclairé tous sa !
Merci beaucoup , A+ !
J'ai essayer de trouver des infos sur mon probleme mais je ne trouve pas quelque chose de très clair .
Ce message s'affiche apres le chargement de windows mais avant l'écran de sessions !
Ce message je ne pense qui soit du genre Publicité mais personnelement je pense que soit il est du à un probleme dans le system ou dût à un virus qui à fait n'importe quoi ! Ce message est dans une langue totalement imcompréemsible ! Mais à force de chercher dans le registre avec Tune Up Registry editor j'ai trouver quelque chose d'interressant , j'ai trouver cette clé :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings
Dedans il y a :
"Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,\
00,00,00,7a,68,71,4d,d6,bc,fb,42,81,51,47,58,1d,15,68,be,04,00,\
00,00,04,00,00,00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,\
00,30,aa,ac,ed,c7,e6,b3,02,bf,59,53,46,7d,80,93,19,00,00,00,00,\
04,80,00,00,a0,00,00,00,10,00,00,00,dc,e8,dc,1d,ba,10,80,44,19,\
3f,db,91,79,d9,e7,f0,b0,01,00,00,df,fd,79,32,83,84,4a,c3,c6,66,\
f1,6b,a1,81,f5,a1,da,b4,a0,14,a9,66,ac,0e,e0,4d,53,c8,c4,f2,37,\
5b,d1,f0,48,ac,8e,c6,6e,fd,14,cf,ae,3b,a0,b0,ac,c2,27,12,d1,fc,\
5f,6a,5c,b3,20,55,53,7d,c2,21,15,7f,ad,8f,12,b0,a2,8a,72,9f,2c,\
f8,c9,9a,f4,18,bf,8e,31,35,bf,fb,e0,35,58,6e,70,8b,00,05,3b,37,\
9b,38,66,ab,bb,df,40,e9,d8,80,2f,7c,50,fc,b1,b6,72,20,e4,97,aa,\
7d,62,7c,18,d7,3d,0b,00,80,b2,f1,a7,24,66,0f,5d,2f,3a,dc,ba,83,\
24,5d,1e,2b,b4,aa,ed,21,9d,85,41,43,e8,8b,d8,4a,fb,cb,7d,35,5b,\
e8,26,bc,c5,93,65,40,70,c0,39,6f,d2,b6,4e,a1,a9,96,4d,2e,c3,e4,\
4a,93,21,28,aa,32,90,4c,db,72,df,1c,fb,2b,20,d7,6c,86,bd,89,53,\
f0,e2,7a,2c,7a,c9,46,0b,ec,25,f3,bd,3a,aa,56,3c,5e,13,df,cb,df,\
1d,b9,7d,c6,e3,9c,9e,84,3f,a4,a5,ea,a1,3b,82,20,b4,cd,4a,26,1a,\
2e,ec,7d,81,e6,73,1d,a0,eb,21,dd,4c,e6,95,e9,df,93,06,99,e4,a0,\
51,fe,05,1a,91,ff,60,0e,c4,5e,9d,61,c6,df,c7,1e,7e,09,47,10,fe,\
5c,82,96,c6,24,b9,f2,74,4c,b5,ca,c2,d0,e5,81,20,98,12,34,c3,56,\
e2,68,6d,39,3f,b2,9e,18,4e,3b,87,a5,f1,63,b7,75,4f,91,fe,71,e5,\
6b,52,10,75,b2,da,fd,35,c5,5f,48,0b,3c,fb,79,37,21,b9,a9,e1,35,\
ec,b3,ad,4f,67,66,d8,2c,40,94,0d,9e,8c,b2,71,7d,00,cc,75,6b,f4,\
d3,91,8f,85,90,7a,84,f9,43,53,5a,19,84,41,d4,cd,76,ab,ce,3e,3c,\
29,4a,57,39,52,e1,f7,3a,93,84,e3,bf,90,cc,95,b4,60,68,7d,52,73,\
42,de,9c,82,4d,db,15,e6,48,7b,4a,1a,6b,9a,a2,9e,aa,25,53,0f,04,\
d0,b9,14,00,00,00,dd,52,6d,85,ed,46,a2,4a,05,c5,21,36,01,6b,89,\
45,82,3f,6b,c8
Et a coté de sa (je n'arrirve pas à copier coller) il y a des mort à caractere bizarre que je ne comprend pas et CES MOTS sont contenue dans le message !!! Jespere que tu pourras éclairé tous sa !
Merci beaucoup , A+ !
Re,
Voila un nouveau log HijackThis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:49 , on 08/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\SLEE503.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Works\wkswp.exe
C:\Program Files\Microsoft Works\MSWorks.exe
C:\Program Files\Microsoft Works\wkgdcach.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Steganos Secure FileSharing 6\sfs.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qfr10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qfr10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKCU\..\Run: [System settings protector] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Afficher cette page dans Firefox - file://C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\88nbxcw2.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
O8 - Extra context menu item: Ouvrir la cible dans Firefox - file://C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\88nbxcw2.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
O8 - Extra context menu item: Ouvrir une &nouvelle fenêtre - C:\Documents and Settings\Propriétaire\Application Data\TuneUp Software\TuneUp Utilities\Web\tuofinw.htm
O8 - Extra context menu item: Recherche &Google - C:\Documents and Settings\Propriétaire\Application Data\TuneUp Software\TuneUp Utilities\Web\gsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by116w.bay116.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - https://www.zonealarm.com/
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://akilan0.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: Steganos Live Encryption Engine (Version 503) [Service] (SLEE_503_SERVICE) - Unknown owner - C:\WINDOWS\system32\SLEE503.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: (no name) - http://www.absolute3d.net/Images/Grandes/Feu/43.jpg
Voila un nouveau log HijackThis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:49 , on 08/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\SLEE503.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Works\wkswp.exe
C:\Program Files\Microsoft Works\MSWorks.exe
C:\Program Files\Microsoft Works\wkgdcach.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Steganos Secure FileSharing 6\sfs.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qfr10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qfr10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKCU\..\Run: [System settings protector] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Afficher cette page dans Firefox - file://C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\88nbxcw2.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
O8 - Extra context menu item: Ouvrir la cible dans Firefox - file://C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\88nbxcw2.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
O8 - Extra context menu item: Ouvrir une &nouvelle fenêtre - C:\Documents and Settings\Propriétaire\Application Data\TuneUp Software\TuneUp Utilities\Web\tuofinw.htm
O8 - Extra context menu item: Recherche &Google - C:\Documents and Settings\Propriétaire\Application Data\TuneUp Software\TuneUp Utilities\Web\gsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by116w.bay116.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - https://www.zonealarm.com/
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://akilan0.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: Steganos Live Encryption Engine (Version 503) [Service] (SLEE_503_SERVICE) - Unknown owner - C:\WINDOWS\system32\SLEE503.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: (no name) - http://www.absolute3d.net/Images/Grandes/Feu/43.jpg
Re !
Tu a surement raison ! Je sur que sa va marcher si jarrive à le supprimer !
Mais malheuresement , au redemmarage toujours pareil , Pourquoi ?!
Parce-que en refaisant un scan Hijackthis ceci:
O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\
Est réapparu !!! Est-ce à cause de mes logiciel de protection registre ? Ou peut-etre est-ce à cause d'un virus ?
Merci A+ !
Tu a surement raison ! Je sur que sa va marcher si jarrive à le supprimer !
Mais malheuresement , au redemmarage toujours pareil , Pourquoi ?!
Parce-que en refaisant un scan Hijackthis ceci:
O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\
Est réapparu !!! Est-ce à cause de mes logiciel de protection registre ? Ou peut-etre est-ce à cause d'un virus ?
Merci A+ !
Re
Ouvre le bloc note et copie/colle ceci: (regedit4 sur la 1ere ligne)
Puis enregistrer sous et dans:
Nom du fichier, met bureau.reg
Type : sélectionne "tous les fichiers"
clique sur enregistrer
Double clique sur bureau.reg et accepte la fusion avec le registre.
regarde s il est supprimé
a+
Ouvre le bloc note et copie/colle ceci: (regedit4 sur la 1ere ligne)
REGEDIT4 [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
Puis enregistrer sous et dans:
Nom du fichier, met bureau.reg
Type : sélectionne "tous les fichiers"
clique sur enregistrer
Double clique sur bureau.reg et accepte la fusion avec le registre.
regarde s il est supprimé
a+
Re,
Il est bien supprimer mais il est revenut !!! J'ai fait comme tu m'as dit j'ai regarder dans Hijackthis apres pour voir si il a bien été supprimer mais lors du redemmarrage le message s'affiche !!! Alors j'ai Reregarder dans hijackthis et il est revenue !!!
Merci de ton aide ! Jespere qu'on réussira à le détruire!
A+
Il est bien supprimer mais il est revenut !!! J'ai fait comme tu m'as dit j'ai regarder dans Hijackthis apres pour voir si il a bien été supprimer mais lors du redemmarrage le message s'affiche !!! Alors j'ai Reregarder dans hijackthis et il est revenue !!!
Merci de ton aide ! Jespere qu'on réussira à le détruire!
A+
Re , Voila le log Combo Fix Suivi de HijackThis :
ComboFix 07-08-17.2 - "Propri‚taire" 2007-09-16 11:15:09.4 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.648 [GMT 2:00]
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-09-15 20:35 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-15 13:18 --------- d-------- C:\Program Files\SUPERAntiSpyware
2007-09-14 20:52 --------- d-------- C:\Program Files\eMule
2007-09-14 16:27 --------- d-------- C:\Program Files\McAfee
2007-09-09 10:24 --------- d-------- C:\Program Files\Microsoft Works
2007-09-08 18:30 --------- d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-09-07 17:35 --------- d-------- C:\Program Files\SiteAdvisor
2007-09-07 17:34 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\SiteAdvisor
2007-09-06 17:57 --------- d-------- C:\Program Files\GIMP-2.0
2007-09-04 13:42 737280 --a--c--- C:\WINDOWS\iun6002.exe
2007-09-04 08:07 --------- d-------- C:\Program Files\Executive Software
2007-09-02 17:17 --------- d-------- C:\Program Files\Windows Live Safety Center
2007-09-02 17:11 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Azureus
2007-08-28 19:23 --------- d-------- C:\Program Files\RootKit Hook Analyzer
2007-08-28 19:08 --------- d-------- C:\Program Files\Movie Maker
2007-08-28 18:56 65294 --a--c--- C:\WINDOWS\BricoPackUninst.cmd
2007-08-28 18:34 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\teamspeak2
2007-08-27 12:47 --------- d-------- C:\Program Files\GUILD WARS
2007-08-27 12:44 --------- d-------- C:\Program Files\Azureus
2007-08-27 12:44 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Vidalia
2007-08-23 16:48 --------- d-------- C:\Program Files\unCDcopy
2007-08-19 17:36 --------- d-------- C:\Program Files\Notepad++
2007-08-19 17:36 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Notepad++
2007-08-17 12:26 --------- d-------- C:\Program Files\WowCartographe
2007-08-17 12:25 --------- d-------- C:\Program Files\TuneUp Utilities 2007
2007-08-17 12:25 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Skype
2007-08-17 12:10 2322176 --a------ C:\WINDOWS\system32\TUKernel.exe
2007-08-09 18:57 --------- d-------- C:\Program Files\World of Warcraft
2007-08-08 20:15 --------- d-------- C:\Program Files\Lavasoft
2007-08-08 20:13 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Lavasoft
2007-08-06 12:49 --------- d-------- C:\Program Files\Speed Gear 5
2007-08-03 16:54 --------- d-------- C:\Program Files\autorun
2007-08-03 13:14 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Ulead Systems
2007-08-03 13:11 --------- d-------- C:\Program Files\Intel
2007-08-03 13:03 --------- d-------- C:\Program Files\Windows Media Components
2007-08-03 13:02 --------- d-------- C:\Program Files\Ulead Systems
2007-08-03 13:02 --------- d-------- C:\Program Files\Fichiers communs\Ulead Systems
2007-08-03 13:02 --------- d-------- C:\Program Files\Fichiers communs\InstallShield
2007-08-01 15:39 --------- d-------- C:\Program Files\Fichiers communs\MAGIX Shared
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 68440 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 14:59 --------- d-------- C:\Program Files\IVCsoft
2007-07-30 14:11 --------- d-------- C:\Program Files\YouTUBE (TM) movie downloader
2007-07-30 14:11 --------- d-------- C:\Program Files\AviSynth 2.5
2007-07-28 16:29 --------- d-------- C:\Program Files\Super X Studios
2007-07-28 16:27 --------- d-------- C:\Program Files\JeffProd
2007-07-28 13:22 --------- d-------- C:\Program Files\Fichiers communs\Atlence
2007-07-28 13:22 --------- d-------- C:\Program Files\Atlence
2007-07-27 14:20 --------- d-------- C:\Program Files\Windows Defender
2007-07-27 13:12 --------- d-------- C:\Program Files\SupraASCIIArt
2007-07-22 13:16 --------- d-------- C:\Program Files\CursorXP
2007-07-08 12:42 570 --a------ C:\execut.reg
2007-06-26 08:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2005-05-12 00:36 12288 --a--c--- C:\WINDOWS\Fonts.\RandFont.dll
--------- C:\Program Files\Hijackthis Version Française
--------- C:\Program Files\Autorun Créator
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 12:22]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2006-10-02 21:09]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2007-08-01 17:16]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"System settings protector"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 16:16]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"=1 (0x1)
"NoInstrumentation"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"=1 (0x1)
"NoInstrumentation"=1 (0x1)
"NoSharedDocuments"=1 (0x1)
"NoActiveDesktop"=00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" -s
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
R2 Dnscache;Client DNS;C:\WINDOWS\System32\svchost.exe -k NetworkService
R2 SLEE_503_DRIVER;Steganos Live Encryption Engine (Version 503) [Driver];\??\C:\WINDOWS\system32\drivers\SLEE503.sys
R2 SQLBrowser;SQL Server Browser;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe"
R2 SQLWriter;Enregistreur VSS SQL Server;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
R2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
S3 p2pgasvc;Authentification de groupe réseau homologue;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 p2psvc;Réseau homologue;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 PNRPSvc;Protocole de résolution de noms d'homologues;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 RSPSC;RSPSC;C:\WINDOWS\system32\drivers\rspsc.sys
S3 tap0801;TAP-Win32 Adapter V8;C:\WINDOWS\system32\DRIVERS\tap0801.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0e459b3-dbde-11db-8e0c-000c76c10064}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(&0)\command- Recycled\ctfmon.exe
*Newly Created Service* - USNJSVC
Contents of the 'Scheduled Tasks' folder
2007-09-14 15:15:01 C:\WINDOWS\Tasks\Maintenance en 1 clic.job - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
2007-03-23 07:15:15 C:\WINDOWS\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe
2007-03-23 07:15:13 C:\WINDOWS\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe
2007-09-16 09:11:54 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe
2007-09-15 19:59:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-16 11:21:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-09-16 11:22:50
C:\ComboFix-quarantined-files.txt ... 2007-09-16 11:22
C:\ComboFix2.txt ... 2007-08-28 12:41
C:\ComboFix3.txt ... 2007-08-26 18:29
--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:13 , on 16/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\SLEE503.exe
C:\WINDOWS\System32\snmp.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qfr10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qfr10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE by Papa !
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [System settings protector] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Afficher cette page dans Firefox - file://C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\88nbxcw2.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
O8 - Extra context menu item: Ouvrir la cible dans Firefox - file://C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\88nbxcw2.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
O8 - Extra context menu item: Ouvrir une &nouvelle fenêtre - C:\Documents and Settings\Propriétaire\Application Data\TuneUp Software\TuneUp Utilities\Web\tuofinw.htm
O8 - Extra context menu item: Recherche &Google - C:\Documents and Settings\Propriétaire\Application Data\TuneUp Software\TuneUp Utilities\Web\gsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by116w.bay116.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - https://www.zonealarm.com/
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://MASQUER.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: Steganos Live Encryption Engine (Version 503) [Service] (SLEE_503_SERVICE) - Unknown owner - C:\WINDOWS\system32\SLEE503.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: (no name) - http://www.absolute3d.net/Images/Grandes/Feu/43.jpg
ComboFix 07-08-17.2 - "Propri‚taire" 2007-09-16 11:15:09.4 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.648 [GMT 2:00]
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-09-15 20:35 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-15 13:18 --------- d-------- C:\Program Files\SUPERAntiSpyware
2007-09-14 20:52 --------- d-------- C:\Program Files\eMule
2007-09-14 16:27 --------- d-------- C:\Program Files\McAfee
2007-09-09 10:24 --------- d-------- C:\Program Files\Microsoft Works
2007-09-08 18:30 --------- d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-09-07 17:35 --------- d-------- C:\Program Files\SiteAdvisor
2007-09-07 17:34 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\SiteAdvisor
2007-09-06 17:57 --------- d-------- C:\Program Files\GIMP-2.0
2007-09-04 13:42 737280 --a--c--- C:\WINDOWS\iun6002.exe
2007-09-04 08:07 --------- d-------- C:\Program Files\Executive Software
2007-09-02 17:17 --------- d-------- C:\Program Files\Windows Live Safety Center
2007-09-02 17:11 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Azureus
2007-08-28 19:23 --------- d-------- C:\Program Files\RootKit Hook Analyzer
2007-08-28 19:08 --------- d-------- C:\Program Files\Movie Maker
2007-08-28 18:56 65294 --a--c--- C:\WINDOWS\BricoPackUninst.cmd
2007-08-28 18:34 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\teamspeak2
2007-08-27 12:47 --------- d-------- C:\Program Files\GUILD WARS
2007-08-27 12:44 --------- d-------- C:\Program Files\Azureus
2007-08-27 12:44 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Vidalia
2007-08-23 16:48 --------- d-------- C:\Program Files\unCDcopy
2007-08-19 17:36 --------- d-------- C:\Program Files\Notepad++
2007-08-19 17:36 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Notepad++
2007-08-17 12:26 --------- d-------- C:\Program Files\WowCartographe
2007-08-17 12:25 --------- d-------- C:\Program Files\TuneUp Utilities 2007
2007-08-17 12:25 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Skype
2007-08-17 12:10 2322176 --a------ C:\WINDOWS\system32\TUKernel.exe
2007-08-09 18:57 --------- d-------- C:\Program Files\World of Warcraft
2007-08-08 20:15 --------- d-------- C:\Program Files\Lavasoft
2007-08-08 20:13 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Lavasoft
2007-08-06 12:49 --------- d-------- C:\Program Files\Speed Gear 5
2007-08-03 16:54 --------- d-------- C:\Program Files\autorun
2007-08-03 13:14 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Ulead Systems
2007-08-03 13:11 --------- d-------- C:\Program Files\Intel
2007-08-03 13:03 --------- d-------- C:\Program Files\Windows Media Components
2007-08-03 13:02 --------- d-------- C:\Program Files\Ulead Systems
2007-08-03 13:02 --------- d-------- C:\Program Files\Fichiers communs\Ulead Systems
2007-08-03 13:02 --------- d-------- C:\Program Files\Fichiers communs\InstallShield
2007-08-01 15:39 --------- d-------- C:\Program Files\Fichiers communs\MAGIX Shared
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 68440 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 14:59 --------- d-------- C:\Program Files\IVCsoft
2007-07-30 14:11 --------- d-------- C:\Program Files\YouTUBE (TM) movie downloader
2007-07-30 14:11 --------- d-------- C:\Program Files\AviSynth 2.5
2007-07-28 16:29 --------- d-------- C:\Program Files\Super X Studios
2007-07-28 16:27 --------- d-------- C:\Program Files\JeffProd
2007-07-28 13:22 --------- d-------- C:\Program Files\Fichiers communs\Atlence
2007-07-28 13:22 --------- d-------- C:\Program Files\Atlence
2007-07-27 14:20 --------- d-------- C:\Program Files\Windows Defender
2007-07-27 13:12 --------- d-------- C:\Program Files\SupraASCIIArt
2007-07-22 13:16 --------- d-------- C:\Program Files\CursorXP
2007-07-08 12:42 570 --a------ C:\execut.reg
2007-06-26 08:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2005-05-12 00:36 12288 --a--c--- C:\WINDOWS\Fonts.\RandFont.dll
--------- C:\Program Files\Hijackthis Version Française
--------- C:\Program Files\Autorun Créator
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 12:22]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2006-10-02 21:09]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2007-08-01 17:16]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"System settings protector"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 16:16]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"=1 (0x1)
"NoInstrumentation"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"=1 (0x1)
"NoInstrumentation"=1 (0x1)
"NoSharedDocuments"=1 (0x1)
"NoActiveDesktop"=00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" -s
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
R2 Dnscache;Client DNS;C:\WINDOWS\System32\svchost.exe -k NetworkService
R2 SLEE_503_DRIVER;Steganos Live Encryption Engine (Version 503) [Driver];\??\C:\WINDOWS\system32\drivers\SLEE503.sys
R2 SQLBrowser;SQL Server Browser;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe"
R2 SQLWriter;Enregistreur VSS SQL Server;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
R2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
S3 p2pgasvc;Authentification de groupe réseau homologue;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 p2psvc;Réseau homologue;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 PNRPSvc;Protocole de résolution de noms d'homologues;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 RSPSC;RSPSC;C:\WINDOWS\system32\drivers\rspsc.sys
S3 tap0801;TAP-Win32 Adapter V8;C:\WINDOWS\system32\DRIVERS\tap0801.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0e459b3-dbde-11db-8e0c-000c76c10064}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(&0)\command- Recycled\ctfmon.exe
*Newly Created Service* - USNJSVC
Contents of the 'Scheduled Tasks' folder
2007-09-14 15:15:01 C:\WINDOWS\Tasks\Maintenance en 1 clic.job - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
2007-03-23 07:15:15 C:\WINDOWS\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe
2007-03-23 07:15:13 C:\WINDOWS\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe
2007-09-16 09:11:54 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe
2007-09-15 19:59:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-16 11:21:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-09-16 11:22:50
C:\ComboFix-quarantined-files.txt ... 2007-09-16 11:22
C:\ComboFix2.txt ... 2007-08-28 12:41
C:\ComboFix3.txt ... 2007-08-26 18:29
--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:13 , on 16/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\SLEE503.exe
C:\WINDOWS\System32\snmp.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qfr10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qfr10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE by Papa !
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [System settings protector] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Afficher cette page dans Firefox - file://C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\88nbxcw2.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
O8 - Extra context menu item: Ouvrir la cible dans Firefox - file://C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\88nbxcw2.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
O8 - Extra context menu item: Ouvrir une &nouvelle fenêtre - C:\Documents and Settings\Propriétaire\Application Data\TuneUp Software\TuneUp Utilities\Web\tuofinw.htm
O8 - Extra context menu item: Recherche &Google - C:\Documents and Settings\Propriétaire\Application Data\TuneUp Software\TuneUp Utilities\Web\gsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by116w.bay116.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - https://www.zonealarm.com/
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://MASQUER.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: Steganos Live Encryption Engine (Version 503) [Service] (SLEE_503_SERVICE) - Unknown owner - C:\WINDOWS\system32\SLEE503.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: (no name) - http://www.absolute3d.net/Images/Grandes/Feu/43.jpg
En re ! J'ai effectuer un scan avec un anti-rootkit , sa a peut-etre rien a voir mais il m'a trouvé des choses s'il te plaît est-ce que tu peux me l'analyser(le log) , il n'est pas très long le voila :
Service name Syscall Address Hooked Module Product Company Description
---------------------------------------------------------------------------------------------------------------------------------------------------------
NtClose, ZwClose 25 0xF74D4C58 YES Vax347b.sys Plug and Play BIOS Extension
NtCreateKey, ZwCreateKey 41 0xF74D4C10 YES Vax347b.sys Plug and Play BIOS Extension
NtCreatePagingFile, ZwCreatePagingFile 45 0xF74C8C70 YES Vax347b.sys Plug and Play BIOS Extension
NtEnumerateKey, ZwEnumerateKey 71 0xF74C94FE YES Vax347b.sys Plug and Play BIOS Extension
NtEnumerateValueKey, ZwEnumerateValueKey 73 0xF74D4D50 YES Vax347b.sys Plug and Play BIOS Extension
NtOpenKey, ZwOpenKey 119 0xF74D4BD4 YES Vax347b.sys Plug and Play BIOS Extension
NtQueryKey, ZwQueryKey 160 0xF74C951E YES Vax347b.sys Plug and Play BIOS Extension
NtQueryValueKey, ZwQueryValueKey 177 0xF74D4CA6 YES Vax347b.sys Plug and Play BIOS Extension
NtSetSystemPowerState, ZwSetSystemPowerState 241 0xF74D44F0 YES Vax347b.sys Plug and Play BIOS Extension
NtSetValueKey, ZwSetValueKey 247 0xF750C148 YES sptd.sys
Merci ! PS: C'est pas grave si tu ne l'analyse pas :-) !
Service name Syscall Address Hooked Module Product Company Description
---------------------------------------------------------------------------------------------------------------------------------------------------------
NtClose, ZwClose 25 0xF74D4C58 YES Vax347b.sys Plug and Play BIOS Extension
NtCreateKey, ZwCreateKey 41 0xF74D4C10 YES Vax347b.sys Plug and Play BIOS Extension
NtCreatePagingFile, ZwCreatePagingFile 45 0xF74C8C70 YES Vax347b.sys Plug and Play BIOS Extension
NtEnumerateKey, ZwEnumerateKey 71 0xF74C94FE YES Vax347b.sys Plug and Play BIOS Extension
NtEnumerateValueKey, ZwEnumerateValueKey 73 0xF74D4D50 YES Vax347b.sys Plug and Play BIOS Extension
NtOpenKey, ZwOpenKey 119 0xF74D4BD4 YES Vax347b.sys Plug and Play BIOS Extension
NtQueryKey, ZwQueryKey 160 0xF74C951E YES Vax347b.sys Plug and Play BIOS Extension
NtQueryValueKey, ZwQueryValueKey 177 0xF74D4CA6 YES Vax347b.sys Plug and Play BIOS Extension
NtSetSystemPowerState, ZwSetSystemPowerState 241 0xF74D44F0 YES Vax347b.sys Plug and Play BIOS Extension
NtSetValueKey, ZwSetValueKey 247 0xF750C148 YES sptd.sys
Merci ! PS: C'est pas grave si tu ne l'analyse pas :-) !
ok lol
Vas sur le site https://virusscan.jotti.org/
- Clic en haut à droite sur "Parcourir", navigue dans les dossiers et sélectionne ce fichier : C:\WINDOWS\iun6002.exe
- Clic sur submit toujours en haut à droite
- Le scan va se lancer, ça va prendre un petit instant
- En bas, tu as le résultat du scan, copie/colle le résultat complet du scan ici.
Aide : https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId662799
Vas sur le site https://virusscan.jotti.org/
- Clic en haut à droite sur "Parcourir", navigue dans les dossiers et sélectionne ce fichier : C:\WINDOWS\iun6002.exe
- Clic sur submit toujours en haut à droite
- Le scan va se lancer, ça va prendre un petit instant
- En bas, tu as le résultat du scan, copie/colle le résultat complet du scan ici.
Aide : https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId662799
Re ! ^^ Voila le résultat du scan , rien de grave je suppose ? :
Scan taken on 18 Sep 2007 14:48:12 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing
Merci !
Scan taken on 18 Sep 2007 14:48:12 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing
Merci !
Hélas , le probleme est toujours la ! Jespere qu'on trouvera une solution !
Je vais essayer de mon côté de faire des recherches !
A+
Je vais essayer de mon côté de faire des recherches !
A+
Re, voila le log comboFix :
ComboFix 07-08-17.2 - "Propri‚taire" 2007-09-22 18:39:34.5 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.622 [GMT 2:00]
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-09-22 18:08 --------- d-------- C:\Program Files\Warcraft III (Lol si tu y joue mon seudo est FrDarkmort)
2007-09-22 12:33 --------- d-------- C:\Program Files\McAfee
2007-09-17 18:48 --------- d-------- C:\Program Files\eMule
2007-09-16 14:11 --------- d-------- C:\Program Files\GUILD WARS
2007-09-15 20:35 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-15 13:18 --------- d-------- C:\Program Files\SUPERAntiSpyware
2007-09-09 10:24 --------- d-------- C:\Program Files\Microsoft Works
2007-09-08 18:30 --------- d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-09-07 17:35 --------- d-------- C:\Program Files\SiteAdvisor
2007-09-07 17:34 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\SiteAdvisor
2007-09-06 17:57 --------- d-------- C:\Program Files\GIMP-2.0
2007-09-04 13:42 737280 --a--c--- C:\WINDOWS\iun6002.exe
2007-09-04 08:07 --------- d-------- C:\Program Files\Executive Software
2007-09-02 17:17 --------- d-------- C:\Program Files\Windows Live Safety Center
2007-09-02 17:11 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Azureus
2007-08-28 19:23 --------- d-------- C:\Program Files\RootKit Hook Analyzer
2007-08-28 19:08 --------- d-------- C:\Program Files\Movie Maker
2007-08-28 18:56 65294 --a--c--- C:\WINDOWS\BricoPackUninst.cmd
2007-08-28 18:34 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\teamspeak2
2007-08-27 12:44 --------- d-------- C:\Program Files\Azureus
2007-08-27 12:44 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Vidalia
2007-08-23 16:48 --------- d-------- C:\Program Files\unCDcopy
2007-08-20 18:29 --------- d-------- C:\Program Files\GBA
2007-08-19 17:36 --------- d-------- C:\Program Files\Notepad++
2007-08-19 17:36 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Notepad++
2007-08-17 12:26 --------- d-------- C:\Program Files\WowCartographe
2007-08-17 12:25 --------- d-------- C:\Program Files\TuneUp Utilities 2007
2007-08-17 12:25 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Skype
2007-08-17 12:10 2322176 --a------ C:\WINDOWS\system32\TUKernel.exe
2007-08-09 18:57 --------- d-------- C:\Program Files\World of Warcraft
2007-08-08 20:15 --------- d-------- C:\Program Files\Lavasoft
2007-08-08 20:13 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Lavasoft
2007-08-06 12:49 --------- d-------- C:\Program Files\Speed Gear 5
2007-08-03 13:14 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Ulead Systems
2007-08-03 13:11 --------- d-------- C:\Program Files\Intel
2007-08-03 13:03 --------- d-------- C:\Program Files\Windows Media Components
2007-08-03 13:02 --------- d-------- C:\Program Files\Ulead Systems
2007-08-03 13:02 --------- d-------- C:\Program Files\Fichiers communs\Ulead Systems
2007-08-03 13:02 --------- d-------- C:\Program Files\Fichiers communs\InstallShield
2007-08-01 15:39 --------- d-------- C:\Program Files\Fichiers communs\MAGIX Shared
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 68440 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 14:59 --------- d-------- C:\Program Files\IVCsoft
2007-07-30 14:11 --------- d-------- C:\Program Files\YouTUBE (TM) movie downloader
2007-07-30 14:11 --------- d-------- C:\Program Files\AviSynth 2.5
2007-07-28 16:29 --------- d-------- C:\Program Files\Super X Studios
2007-07-28 16:27 --------- d-------- C:\Program Files\JeffProd
2007-07-28 13:22 --------- d-------- C:\Program Files\Fichiers communs\Atlence
2007-07-28 13:22 --------- d-------- C:\Program Files\Atlence
2007-07-27 14:20 --------- d-------- C:\Program Files\Windows Defender
2007-07-27 13:12 --------- d-------- C:\Program Files\SupraASCIIArt
2007-07-22 13:16 --------- d-------- C:\Program Files\CursorXP
2007-07-08 12:42 570 --a------ C:\execut.reg
2007-06-26 08:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2005-05-12 00:36 12288 --a--c--- C:\WINDOWS\Fonts.\RandFont.dll
--------- C:\Program Files\Hijackthis Version Française
--------- C:\Program Files\Autorun Créator
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 12:22]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2006-10-02 21:09]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2007-08-01 17:16]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"System settings protector"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 16:16]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"=1 (0x1)
"NoInstrumentation"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"=1 (0x1)
"NoInstrumentation"=1 (0x1)
"NoSharedDocuments"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" -s
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
R2 Dnscache;Client DNS;C:\WINDOWS\System32\svchost.exe -k NetworkService
R2 SLEE_503_DRIVER;Steganos Live Encryption Engine (Version 503) [Driver];\??\C:\WINDOWS\system32\drivers\SLEE503.sys
R2 SQLBrowser;SQL Server Browser;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe"
R2 SQLWriter;Enregistreur VSS SQL Server;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
R2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
S3 p2pgasvc;Authentification de groupe réseau homologue;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 p2psvc;Réseau homologue;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 PNRPSvc;Protocole de résolution de noms d'homologues;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 RSPSC;RSPSC;C:\WINDOWS\system32\drivers\rspsc.sys
S3 tap0801;TAP-Win32 Adapter V8;C:\WINDOWS\system32\DRIVERS\tap0801.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0e459b3-dbde-11db-8e0c-000c76c10064}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(&0)\command- Recycled\ctfmon.exe
Contents of the 'Scheduled Tasks' folder
2007-09-21 15:15:01 C:\WINDOWS\Tasks\Maintenance en 1 clic.job - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
2007-03-23 07:15:15 C:\WINDOWS\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe
2007-03-23 07:15:13 C:\WINDOWS\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe
2007-09-22 14:59:04 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe
2007-09-22 15:59:04 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-22 18:44:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-09-22 18:47:06
C:\ComboFix-quarantined-files.txt ... 2007-09-22 18:46
C:\ComboFix2.txt ... 2007-09-16 11:22
C:\ComboFix3.txt ... 2007-08-28 12:41
--- E O F ---
ComboFix 07-08-17.2 - "Propri‚taire" 2007-09-22 18:39:34.5 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.622 [GMT 2:00]
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-09-22 18:08 --------- d-------- C:\Program Files\Warcraft III (Lol si tu y joue mon seudo est FrDarkmort)
2007-09-22 12:33 --------- d-------- C:\Program Files\McAfee
2007-09-17 18:48 --------- d-------- C:\Program Files\eMule
2007-09-16 14:11 --------- d-------- C:\Program Files\GUILD WARS
2007-09-15 20:35 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-15 13:18 --------- d-------- C:\Program Files\SUPERAntiSpyware
2007-09-09 10:24 --------- d-------- C:\Program Files\Microsoft Works
2007-09-08 18:30 --------- d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-09-07 17:35 --------- d-------- C:\Program Files\SiteAdvisor
2007-09-07 17:34 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\SiteAdvisor
2007-09-06 17:57 --------- d-------- C:\Program Files\GIMP-2.0
2007-09-04 13:42 737280 --a--c--- C:\WINDOWS\iun6002.exe
2007-09-04 08:07 --------- d-------- C:\Program Files\Executive Software
2007-09-02 17:17 --------- d-------- C:\Program Files\Windows Live Safety Center
2007-09-02 17:11 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Azureus
2007-08-28 19:23 --------- d-------- C:\Program Files\RootKit Hook Analyzer
2007-08-28 19:08 --------- d-------- C:\Program Files\Movie Maker
2007-08-28 18:56 65294 --a--c--- C:\WINDOWS\BricoPackUninst.cmd
2007-08-28 18:34 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\teamspeak2
2007-08-27 12:44 --------- d-------- C:\Program Files\Azureus
2007-08-27 12:44 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Vidalia
2007-08-23 16:48 --------- d-------- C:\Program Files\unCDcopy
2007-08-20 18:29 --------- d-------- C:\Program Files\GBA
2007-08-19 17:36 --------- d-------- C:\Program Files\Notepad++
2007-08-19 17:36 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Notepad++
2007-08-17 12:26 --------- d-------- C:\Program Files\WowCartographe
2007-08-17 12:25 --------- d-------- C:\Program Files\TuneUp Utilities 2007
2007-08-17 12:25 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Skype
2007-08-17 12:10 2322176 --a------ C:\WINDOWS\system32\TUKernel.exe
2007-08-09 18:57 --------- d-------- C:\Program Files\World of Warcraft
2007-08-08 20:15 --------- d-------- C:\Program Files\Lavasoft
2007-08-08 20:13 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Lavasoft
2007-08-06 12:49 --------- d-------- C:\Program Files\Speed Gear 5
2007-08-03 13:14 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Ulead Systems
2007-08-03 13:11 --------- d-------- C:\Program Files\Intel
2007-08-03 13:03 --------- d-------- C:\Program Files\Windows Media Components
2007-08-03 13:02 --------- d-------- C:\Program Files\Ulead Systems
2007-08-03 13:02 --------- d-------- C:\Program Files\Fichiers communs\Ulead Systems
2007-08-03 13:02 --------- d-------- C:\Program Files\Fichiers communs\InstallShield
2007-08-01 15:39 --------- d-------- C:\Program Files\Fichiers communs\MAGIX Shared
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 68440 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 14:59 --------- d-------- C:\Program Files\IVCsoft
2007-07-30 14:11 --------- d-------- C:\Program Files\YouTUBE (TM) movie downloader
2007-07-30 14:11 --------- d-------- C:\Program Files\AviSynth 2.5
2007-07-28 16:29 --------- d-------- C:\Program Files\Super X Studios
2007-07-28 16:27 --------- d-------- C:\Program Files\JeffProd
2007-07-28 13:22 --------- d-------- C:\Program Files\Fichiers communs\Atlence
2007-07-28 13:22 --------- d-------- C:\Program Files\Atlence
2007-07-27 14:20 --------- d-------- C:\Program Files\Windows Defender
2007-07-27 13:12 --------- d-------- C:\Program Files\SupraASCIIArt
2007-07-22 13:16 --------- d-------- C:\Program Files\CursorXP
2007-07-08 12:42 570 --a------ C:\execut.reg
2007-06-26 08:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2005-05-12 00:36 12288 --a--c--- C:\WINDOWS\Fonts.\RandFont.dll
--------- C:\Program Files\Hijackthis Version Française
--------- C:\Program Files\Autorun Créator
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 12:22]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2006-10-02 21:09]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2007-08-01 17:16]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"System settings protector"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 16:16]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"=1 (0x1)
"NoInstrumentation"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"=1 (0x1)
"NoInstrumentation"=1 (0x1)
"NoSharedDocuments"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" -s
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
R2 Dnscache;Client DNS;C:\WINDOWS\System32\svchost.exe -k NetworkService
R2 SLEE_503_DRIVER;Steganos Live Encryption Engine (Version 503) [Driver];\??\C:\WINDOWS\system32\drivers\SLEE503.sys
R2 SQLBrowser;SQL Server Browser;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe"
R2 SQLWriter;Enregistreur VSS SQL Server;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
R2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
S3 p2pgasvc;Authentification de groupe réseau homologue;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 p2psvc;Réseau homologue;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 PNRPSvc;Protocole de résolution de noms d'homologues;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 RSPSC;RSPSC;C:\WINDOWS\system32\drivers\rspsc.sys
S3 tap0801;TAP-Win32 Adapter V8;C:\WINDOWS\system32\DRIVERS\tap0801.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0e459b3-dbde-11db-8e0c-000c76c10064}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(&0)\command- Recycled\ctfmon.exe
Contents of the 'Scheduled Tasks' folder
2007-09-21 15:15:01 C:\WINDOWS\Tasks\Maintenance en 1 clic.job - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
2007-03-23 07:15:15 C:\WINDOWS\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe
2007-03-23 07:15:13 C:\WINDOWS\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe
2007-09-22 14:59:04 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe
2007-09-22 15:59:04 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-22 18:44:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-09-22 18:47:06
C:\ComboFix-quarantined-files.txt ... 2007-09-22 18:46
C:\ComboFix2.txt ... 2007-09-16 11:22
C:\ComboFix3.txt ... 2007-08-28 12:41
--- E O F ---
