Pc infecté Help Me
Résolu
moinele
Messages postés
138
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour a tous,
je viens d'effectuer un scan anti virus avec kaspersky online il m'a trouvé 4 virus et 21 fichiers infectés!
j'ai lancé hijackthis mais impossible de retrouvé le rapport!
quelqun pourrait il m'aider a me desinfecté!
j'utilise mon pc perso pour le taff
merci de m'aider
@+
je viens d'effectuer un scan anti virus avec kaspersky online il m'a trouvé 4 virus et 21 fichiers infectés!
j'ai lancé hijackthis mais impossible de retrouvé le rapport!
quelqun pourrait il m'aider a me desinfecté!
j'utilise mon pc perso pour le taff
merci de m'aider
@+
A voir également:
- Pc infecté Help Me
- Reinitialiser pc - Guide
- Pc lent - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
- Double ecran pc - Guide
- Forcer demarrage pc - Guide
148 réponses
ComboFix 07-08-14.4 - "Propri‚taire" 2007-08-18 19:12:46.3 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.512 [GMT 2:00]
Command switches used :: /wow
[i] ADS removed - C:\WINDOWS\system32\ntoskrnl.exe: Le fichier spécifié est introuvable. [/i]
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\PROPRI~1\APPLIC~1.\hidires
C:\DOCUME~1\PROPRI~1\APPLIC~1.\hidires\hidr.exe
C:\DOCUME~1\PROPRI~1\APPLIC~1.\hidires\rosa.sys
C:\WINDOWS\system32\nvs2.inf
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_NPF
-------\NPF
((((((((((((((((((((((((( Files Created from 2007-07-18 to 2007-08-18 )))))))))))))))))))))))))))))))
2007-08-18 18:08 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic
2007-08-18 17:48 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-08-18 17:02 11,776 --a------ C:\WINDOWS\system32\chkdsk.exe
2007-08-18 16:48 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-18 00:21 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-08-17 21:19 <REP> d-------- C:\Program Files\FileASSASSIN
2007-08-17 20:36 <REP> d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Comodo
2007-08-17 20:36 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-08-17 18:16 <REP> d-------- C:\WINDOWS\Internet Logs
2007-08-17 18:11 235,008 --a------ C:\WINDOWS\UNBOC.EXE
2007-08-17 18:11 208,896 --a------ C:\WINDOWS\CMDLIC.DLL
2007-08-17 18:11 <REP> d-------- C:\Program Files\Comodo
2007-08-17 18:08 <REP> d-------- C:\Program Files\RogueRemover FREE
2007-08-17 18:02 <REP> d-------- C:\DOCUME~1\PROPRI~1\.housecall6.6
2007-08-14 17:50 60,084 --a------ C:\WINDOWS\system32\drivers\srosa.sys
2007-08-13 09:05 54,452 --a------ C:\WINDOWS\system32\drivers\pci32.sys
2007-08-09 16:34 272,794 --a------ C:\WINDOWS\system32\trusted.exe
2007-08-09 16:34 <REP> d-------- C:\WINDOWS\exefnd
2007-08-08 20:15 <REP> d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Nokia Multimedia Player
2007-08-07 16:14 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite
2007-08-07 16:14 <REP> d-------- C:\Program Files\Fichiers communs\Nokia
2007-08-07 15:48 <REP> d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\ROUTE 66 Sync
2007-08-07 15:39 <REP> d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\AdobeAUM
2007-08-07 15:17 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
2007-08-03 18:56 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
2007-08-03 17:24 <REP> d-------- C:\Program Files\PC Connectivity Solution
2007-08-03 17:24 <REP> d-------- C:\Program Files\DIFX
2007-08-03 17:24 <REP> d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\PC Suite
2007-08-03 17:17 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
2007-07-30 17:21 <REP> d-------- C:\Program Files\Curious Labs
2007-07-30 16:54 <REP> d-------- C:\Program Files\Dark Basic Software
2007-07-29 16:52 2,322,176 --a------ C:\WINDOWS\system32\TUKernel.exe
2007-07-27 23:16 <REP> d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Joost
2007-07-27 19:59 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2007-07-27 19:59 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-07-27 19:59 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2007-07-27 19:59 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-07-27 19:59 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2007-07-27 19:59 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-07-27 02:16 <REP> d-------- C:\Program Files\Live_TV
2007-07-25 15:55 <REP> d-------- C:\Program Files\ItsLabel
2007-07-25 15:50 <REP> d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\ItsLabel
2007-07-24 19:56 <REP> d-------- C:\DJGateFirst
2007-07-24 19:55 73,216 --a------ C:\WINDOWS\ST5UNST.EXE
2007-07-22 19:39 3,107 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
2007-07-22 19:35 <REP> d-------- C:\Program Files\foobar2000
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-18 17:45 --------- d-------- C:\Program Files\Sony
2007-08-18 17:43 --------- d-------- C:\Program Files\Windows Live Toolbar
2007-08-18 17:29 --------- d-------- C:\Program Files\Zylom Games
2007-08-18 17:25 --------- d-------- C:\Program Files\Opera
2007-08-18 17:21 --------- d-------- C:\Program Files\Hewlett-Packard
2007-08-18 17:20 --------- d-a------ C:\Program Files\Easy Internet signup
2007-08-18 17:19 --------- d-------- C:\Program Files\BeClean
2007-08-17 23:19 --------- d-------- C:\Program Files\a-squared Free
2007-08-17 20:50 --------- d-------- C:\Program Files\eMule
2007-08-17 18:55 --------- d-------- C:\Program Files\SuperCopier2
2007-08-17 18:54 --------- d-------- C:\Program Files\MSN Messenger
2007-08-17 18:54 --------- d-------- C:\Program Files\Google
2007-08-14 20:32 --------- d-------- C:\Program Files\Online TV Player
2007-08-10 18:30 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Google
2007-08-07 20:04 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\AdobeUM
2007-08-07 16:14 --------- d-------- C:\Program Files\Nokia
2007-08-07 15:34 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Ulead Systems
2007-08-07 15:26 --------- d-------- C:\Program Files\Fichiers communs\Ulead Systems
2007-08-07 15:23 --------- d-------- C:\Program Files\Ulead Systems
2007-08-07 15:22 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-03 18:58 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Nokia
2007-08-03 00:13 --------- d-------- C:\Program Files\PartyGaming
2007-07-29 19:52 --------- d-------- C:\Program Files\eoRezo
2007-07-29 19:52 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\EoRezo
2007-07-29 17:06 --------- d-------- C:\Program Files\WebEye
2007-07-29 17:06 --------- d-------- C:\Program Files\TuneUp Utilities 2006
2007-07-29 17:06 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\teamspeak2
2007-07-29 17:06 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Skype
2007-07-29 17:06 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\OTVREG
2007-07-28 00:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-07-28 00:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-28 00:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-28 00:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-27 23:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-27 23:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-27 23:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-07-22 19:39 413048 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2007-07-19 08:58 3583488 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-13 01:30 765952 --a--c--- C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-07 21:20 --------- d-------- C:\Program Files\Oak Systems
2007-07-07 16:17 --------- d-------- C:\Program Files\CCleaner
2007-07-06 04:13 --------- d-------- C:\Program Files\Audacity
2007-07-06 04:11 --------- d-------- C:\Program Files\PiloteContactV2
2007-07-06 04:11 --------- d-------- C:\Program Files\Fichiers communs\SONY Digital Images
2007-07-06 04:10 --------- d-------- C:\Program Files\PeerTV
2007-07-06 04:09 --------- d-a------ C:\Program Files\Microsoft AutoRoute
2007-07-06 04:09 --------- d-a------ C:\Program Files\InterVideo
2007-07-06 04:09 --------- d-------- C:\Program Files\Web TV
2007-07-06 04:09 --------- d-------- C:\Program Files\mp3cd
2007-07-06 03:16 --------- d-------- C:\Program Files\DivX
2007-07-06 03:01 --------- d-------- C:\Program Files\muvee Technologies
2007-07-06 03:01 --------- d-------- C:\Program Files\Fichiers communs\muvee Technologies
2007-07-03 02:32 --------- d-------- C:\Program Files\Magellan
2007-06-30 02:21 --------- d-------- C:\Program Files\Activision
2007-06-29 15:22 --------- d-------- C:\Program Files\Red Kawa
2007-06-27 15:24 823808 --a--c--- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 15:24 671232 --a--c--- C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 15:24 477696 --a--c--- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 15:24 232960 -----c--- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 15:24 193024 --a--c--- C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 15:24 1152000 --a--c--- C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 15:24 105984 -----c--- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 15:24 102400 -----c--- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 15:23 6058496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 15:23 52224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 15:23 459264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 15:23 44544 -----c--- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 15:23 27648 --a--c--- C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 15:23 267776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 15:22 384512 -----c--- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 15:22 383488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 15:22 230400 -----c--- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 15:22 153088 -----c--- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 15:22 132608 --a--c--- C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 15:22 124928 -----c--- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 10:28 625152 -----c--- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 10:27 63488 -----c--- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 10:27 13824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 09:00 161792 --a--c--- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 08:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 08:09 1104896 -----c--- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-20 01:35 --------- d-------- C:\Program Files\Winamp
2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 15:32 282112 -----c--- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 15:22 1037312 --a------ C:\WINDOWS\explorer.exe
2007-06-13 15:22 1037312 -----c--- C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-11 23:51 10834944 --a--c--- C:\WINDOWS\system32\dllcache\wmp.dll
2007-06-08 08:11 831048 --a------ C:\WINDOWS\system32\WudfUpdate_01005.dll
2006-12-11 22:40 278528 --a------ C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2006-05-09 16:59 76 --ah----- C:\Program Files\Desktop.ini
2006-02-18 03:17 36868 --a------ C:\Program Files\uninst-shine.exe
2006-01-30 00:18 231 --a------ C:\Program Files\INSTALL.LOG
--------- C:\Program Files\Hijackthis Version Française
2005-12-28 04:21:21 56 --sh--r C:\WINDOWS\system32\4D8204BC78.sys
2006-02-20 21:56:52 8 --sh--r C:\WINDOWS\system32\928FA019FB.sys
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-08-18 18:03]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"=00000000
"ForceActiveDesktop"=0 (0x0)
"NoActiveDesktopChanges"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hp psc 1000 series.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hp psc 1000 series.lnk
backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hpoddt01.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hpoddt01.exe.lnk
backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Acrobat.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Acrobat.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Acrobat.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide de Microsoft Office OneNote 2003.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide de Microsoft Office OneNote 2003.lnk
backup=C:\WINDOWS\pss\Lancement rapide de Microsoft Office OneNote 2003.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^SnagIt 8.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\SnagIt 8.lnk
backup=C:\WINDOWS\pss\SnagIt 8.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
"C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
ALCXMNTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
Ati2mdxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
"C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVPCC]
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /wait
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BOC-425]
C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Firewall Pro]
"C:\Program Files\Comodo\Firewall\CPF.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DaemonTools_WhenUSaveNow_Installer]
C:\Program Files\DaemonTools_WhenUSaveNow_Installer\DaemonTools_WhenUSaveNow_Installer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
C:\Program Files\eMule\emule.exe -AutoStart
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gegfxxqiqj]
c:\windows\system32\gegfxxqiqj.exe gegfxxqiqj
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\windows\system\hpsysdrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaDICO36]
C:\Program Files\Micro Application\36 Dictionnaires et Recueils de Correspondance\LanceMediaDICO36.exe Lancement
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
"C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
"c:\Program Files\Microsoft Money\System\mnyexpr.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\System32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]
rundll32.exe nview.dll,nViewLoadHook
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet /keeploaded /nodetect
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeGuard RegChecker]
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCS]
"C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
C:\WINDOWS\system32\ps2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
"C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowShifter TVTV EPG Daemon]
"C:\Program Files\Home Media Networks Limited\ShowShifter\TVTVD.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
"C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier2.exe]
C:\Program Files\SuperCopier2\SuperCopier2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\switp]
C:\WINDOWS\switpb.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINSOS VERIFY]
"C:\Program Files\Winsos\WINSOS.EXE" MINI
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC]
"C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
R0 a347bus;a347bus;C:\WINDOWS\system32\DRIVERS\a347bus.sys
R0 a347scsi;a347scsi;C:\WINDOWS\system32\Drivers\a347scsi.sys
R1 avgio;avgio;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys
R1 avipbb;avipbb;C:\WINDOWS\system32\DRIVERS\avipbb.sys
R1 ssmdrv;ssmdrv;C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys
R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys
R2 SBKUPNT;SBKUPNT;\??\C:\WINDOWS\System32\Drivers\SBKUPNT.SYS
R2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 avgntflt;avgntflt;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys
R3 PAC7311;VGA SoC PC-Camer@;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 driverhardwarev2;driverhardwarev2;\??\C:\Program Files\HardwareDetection\driverhardwarev2.sys
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys
S3 Tetris;Tetris driver;C:\WINDOWS\system32\Drivers\Tetris.sys
S3 USB28xxBGA;Pinnacle PCTV DVB-T USB Stick;C:\WINDOWS\system32\DRIVERS\emBDA.sys
S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
Contents of the 'Scheduled Tasks' folder
2006-02-12 04:18:51 C:\WINDOWS\Tasks\1-Click Maintenance.job
2006-02-12 04:18:44 C:\WINDOWS\Tasks\Connexion facile à Internet.job
2007-08-17 15:24:34 C:\WINDOWS\Tasks\Maintenance en 1 clic.job - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-18 19:21:31
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
Completion time: 2007-08-18 19:27:38 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-18 19:27
--- E O F ---
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.512 [GMT 2:00]
Command switches used :: /wow
[i] ADS removed - C:\WINDOWS\system32\ntoskrnl.exe: Le fichier spécifié est introuvable. [/i]
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\PROPRI~1\APPLIC~1.\hidires
C:\DOCUME~1\PROPRI~1\APPLIC~1.\hidires\hidr.exe
C:\DOCUME~1\PROPRI~1\APPLIC~1.\hidires\rosa.sys
C:\WINDOWS\system32\nvs2.inf
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_NPF
-------\NPF
((((((((((((((((((((((((( Files Created from 2007-07-18 to 2007-08-18 )))))))))))))))))))))))))))))))
2007-08-18 18:08 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic
2007-08-18 17:48 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-08-18 17:02 11,776 --a------ C:\WINDOWS\system32\chkdsk.exe
2007-08-18 16:48 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-18 00:21 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-08-17 21:19 <REP> d-------- C:\Program Files\FileASSASSIN
2007-08-17 20:36 <REP> d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Comodo
2007-08-17 20:36 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-08-17 18:16 <REP> d-------- C:\WINDOWS\Internet Logs
2007-08-17 18:11 235,008 --a------ C:\WINDOWS\UNBOC.EXE
2007-08-17 18:11 208,896 --a------ C:\WINDOWS\CMDLIC.DLL
2007-08-17 18:11 <REP> d-------- C:\Program Files\Comodo
2007-08-17 18:08 <REP> d-------- C:\Program Files\RogueRemover FREE
2007-08-17 18:02 <REP> d-------- C:\DOCUME~1\PROPRI~1\.housecall6.6
2007-08-14 17:50 60,084 --a------ C:\WINDOWS\system32\drivers\srosa.sys
2007-08-13 09:05 54,452 --a------ C:\WINDOWS\system32\drivers\pci32.sys
2007-08-09 16:34 272,794 --a------ C:\WINDOWS\system32\trusted.exe
2007-08-09 16:34 <REP> d-------- C:\WINDOWS\exefnd
2007-08-08 20:15 <REP> d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Nokia Multimedia Player
2007-08-07 16:14 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite
2007-08-07 16:14 <REP> d-------- C:\Program Files\Fichiers communs\Nokia
2007-08-07 15:48 <REP> d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\ROUTE 66 Sync
2007-08-07 15:39 <REP> d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\AdobeAUM
2007-08-07 15:17 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
2007-08-03 18:56 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
2007-08-03 17:24 <REP> d-------- C:\Program Files\PC Connectivity Solution
2007-08-03 17:24 <REP> d-------- C:\Program Files\DIFX
2007-08-03 17:24 <REP> d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\PC Suite
2007-08-03 17:17 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
2007-07-30 17:21 <REP> d-------- C:\Program Files\Curious Labs
2007-07-30 16:54 <REP> d-------- C:\Program Files\Dark Basic Software
2007-07-29 16:52 2,322,176 --a------ C:\WINDOWS\system32\TUKernel.exe
2007-07-27 23:16 <REP> d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Joost
2007-07-27 19:59 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2007-07-27 19:59 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-07-27 19:59 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2007-07-27 19:59 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-07-27 19:59 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2007-07-27 19:59 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-07-27 02:16 <REP> d-------- C:\Program Files\Live_TV
2007-07-25 15:55 <REP> d-------- C:\Program Files\ItsLabel
2007-07-25 15:50 <REP> d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\ItsLabel
2007-07-24 19:56 <REP> d-------- C:\DJGateFirst
2007-07-24 19:55 73,216 --a------ C:\WINDOWS\ST5UNST.EXE
2007-07-22 19:39 3,107 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
2007-07-22 19:35 <REP> d-------- C:\Program Files\foobar2000
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-18 17:45 --------- d-------- C:\Program Files\Sony
2007-08-18 17:43 --------- d-------- C:\Program Files\Windows Live Toolbar
2007-08-18 17:29 --------- d-------- C:\Program Files\Zylom Games
2007-08-18 17:25 --------- d-------- C:\Program Files\Opera
2007-08-18 17:21 --------- d-------- C:\Program Files\Hewlett-Packard
2007-08-18 17:20 --------- d-a------ C:\Program Files\Easy Internet signup
2007-08-18 17:19 --------- d-------- C:\Program Files\BeClean
2007-08-17 23:19 --------- d-------- C:\Program Files\a-squared Free
2007-08-17 20:50 --------- d-------- C:\Program Files\eMule
2007-08-17 18:55 --------- d-------- C:\Program Files\SuperCopier2
2007-08-17 18:54 --------- d-------- C:\Program Files\MSN Messenger
2007-08-17 18:54 --------- d-------- C:\Program Files\Google
2007-08-14 20:32 --------- d-------- C:\Program Files\Online TV Player
2007-08-10 18:30 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Google
2007-08-07 20:04 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\AdobeUM
2007-08-07 16:14 --------- d-------- C:\Program Files\Nokia
2007-08-07 15:34 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Ulead Systems
2007-08-07 15:26 --------- d-------- C:\Program Files\Fichiers communs\Ulead Systems
2007-08-07 15:23 --------- d-------- C:\Program Files\Ulead Systems
2007-08-07 15:22 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-03 18:58 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Nokia
2007-08-03 00:13 --------- d-------- C:\Program Files\PartyGaming
2007-07-29 19:52 --------- d-------- C:\Program Files\eoRezo
2007-07-29 19:52 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\EoRezo
2007-07-29 17:06 --------- d-------- C:\Program Files\WebEye
2007-07-29 17:06 --------- d-------- C:\Program Files\TuneUp Utilities 2006
2007-07-29 17:06 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\teamspeak2
2007-07-29 17:06 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Skype
2007-07-29 17:06 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\OTVREG
2007-07-28 00:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-07-28 00:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-28 00:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-28 00:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-27 23:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-27 23:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-27 23:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-07-22 19:39 413048 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2007-07-19 08:58 3583488 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-13 01:30 765952 --a--c--- C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-07 21:20 --------- d-------- C:\Program Files\Oak Systems
2007-07-07 16:17 --------- d-------- C:\Program Files\CCleaner
2007-07-06 04:13 --------- d-------- C:\Program Files\Audacity
2007-07-06 04:11 --------- d-------- C:\Program Files\PiloteContactV2
2007-07-06 04:11 --------- d-------- C:\Program Files\Fichiers communs\SONY Digital Images
2007-07-06 04:10 --------- d-------- C:\Program Files\PeerTV
2007-07-06 04:09 --------- d-a------ C:\Program Files\Microsoft AutoRoute
2007-07-06 04:09 --------- d-a------ C:\Program Files\InterVideo
2007-07-06 04:09 --------- d-------- C:\Program Files\Web TV
2007-07-06 04:09 --------- d-------- C:\Program Files\mp3cd
2007-07-06 03:16 --------- d-------- C:\Program Files\DivX
2007-07-06 03:01 --------- d-------- C:\Program Files\muvee Technologies
2007-07-06 03:01 --------- d-------- C:\Program Files\Fichiers communs\muvee Technologies
2007-07-03 02:32 --------- d-------- C:\Program Files\Magellan
2007-06-30 02:21 --------- d-------- C:\Program Files\Activision
2007-06-29 15:22 --------- d-------- C:\Program Files\Red Kawa
2007-06-27 15:24 823808 --a--c--- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 15:24 671232 --a--c--- C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 15:24 477696 --a--c--- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 15:24 232960 -----c--- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 15:24 193024 --a--c--- C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 15:24 1152000 --a--c--- C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 15:24 105984 -----c--- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 15:24 102400 -----c--- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 15:23 6058496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 15:23 52224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 15:23 459264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 15:23 44544 -----c--- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 15:23 27648 --a--c--- C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 15:23 267776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 15:22 384512 -----c--- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 15:22 383488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 15:22 230400 -----c--- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 15:22 153088 -----c--- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 15:22 132608 --a--c--- C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 15:22 124928 -----c--- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 10:28 625152 -----c--- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 10:27 63488 -----c--- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 10:27 13824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 09:00 161792 --a--c--- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 08:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 08:09 1104896 -----c--- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-20 01:35 --------- d-------- C:\Program Files\Winamp
2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 15:32 282112 -----c--- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 15:22 1037312 --a------ C:\WINDOWS\explorer.exe
2007-06-13 15:22 1037312 -----c--- C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-11 23:51 10834944 --a--c--- C:\WINDOWS\system32\dllcache\wmp.dll
2007-06-08 08:11 831048 --a------ C:\WINDOWS\system32\WudfUpdate_01005.dll
2006-12-11 22:40 278528 --a------ C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2006-05-09 16:59 76 --ah----- C:\Program Files\Desktop.ini
2006-02-18 03:17 36868 --a------ C:\Program Files\uninst-shine.exe
2006-01-30 00:18 231 --a------ C:\Program Files\INSTALL.LOG
--------- C:\Program Files\Hijackthis Version Française
2005-12-28 04:21:21 56 --sh--r C:\WINDOWS\system32\4D8204BC78.sys
2006-02-20 21:56:52 8 --sh--r C:\WINDOWS\system32\928FA019FB.sys
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-08-18 18:03]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"=00000000
"ForceActiveDesktop"=0 (0x0)
"NoActiveDesktopChanges"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hp psc 1000 series.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hp psc 1000 series.lnk
backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hpoddt01.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hpoddt01.exe.lnk
backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Acrobat.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Acrobat.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Acrobat.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide de Microsoft Office OneNote 2003.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide de Microsoft Office OneNote 2003.lnk
backup=C:\WINDOWS\pss\Lancement rapide de Microsoft Office OneNote 2003.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^SnagIt 8.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\SnagIt 8.lnk
backup=C:\WINDOWS\pss\SnagIt 8.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
"C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
ALCXMNTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
Ati2mdxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
"C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVPCC]
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /wait
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BOC-425]
C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Firewall Pro]
"C:\Program Files\Comodo\Firewall\CPF.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DaemonTools_WhenUSaveNow_Installer]
C:\Program Files\DaemonTools_WhenUSaveNow_Installer\DaemonTools_WhenUSaveNow_Installer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
C:\Program Files\eMule\emule.exe -AutoStart
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gegfxxqiqj]
c:\windows\system32\gegfxxqiqj.exe gegfxxqiqj
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\windows\system\hpsysdrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaDICO36]
C:\Program Files\Micro Application\36 Dictionnaires et Recueils de Correspondance\LanceMediaDICO36.exe Lancement
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
"C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
"c:\Program Files\Microsoft Money\System\mnyexpr.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\System32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]
rundll32.exe nview.dll,nViewLoadHook
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet /keeploaded /nodetect
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeGuard RegChecker]
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCS]
"C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
C:\WINDOWS\system32\ps2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
"C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowShifter TVTV EPG Daemon]
"C:\Program Files\Home Media Networks Limited\ShowShifter\TVTVD.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
"C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier2.exe]
C:\Program Files\SuperCopier2\SuperCopier2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\switp]
C:\WINDOWS\switpb.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINSOS VERIFY]
"C:\Program Files\Winsos\WINSOS.EXE" MINI
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC]
"C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
R0 a347bus;a347bus;C:\WINDOWS\system32\DRIVERS\a347bus.sys
R0 a347scsi;a347scsi;C:\WINDOWS\system32\Drivers\a347scsi.sys
R1 avgio;avgio;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys
R1 avipbb;avipbb;C:\WINDOWS\system32\DRIVERS\avipbb.sys
R1 ssmdrv;ssmdrv;C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys
R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys
R2 SBKUPNT;SBKUPNT;\??\C:\WINDOWS\System32\Drivers\SBKUPNT.SYS
R2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 avgntflt;avgntflt;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys
R3 PAC7311;VGA SoC PC-Camer@;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 driverhardwarev2;driverhardwarev2;\??\C:\Program Files\HardwareDetection\driverhardwarev2.sys
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys
S3 Tetris;Tetris driver;C:\WINDOWS\system32\Drivers\Tetris.sys
S3 USB28xxBGA;Pinnacle PCTV DVB-T USB Stick;C:\WINDOWS\system32\DRIVERS\emBDA.sys
S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
Contents of the 'Scheduled Tasks' folder
2006-02-12 04:18:51 C:\WINDOWS\Tasks\1-Click Maintenance.job
2006-02-12 04:18:44 C:\WINDOWS\Tasks\Connexion facile à Internet.job
2007-08-17 15:24:34 C:\WINDOWS\Tasks\Maintenance en 1 clic.job - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-18 19:21:31
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
Completion time: 2007-08-18 19:27:38 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-18 19:27
--- E O F ---
Sgrunt: Réglages utilisateur (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-708563631-2690782565-4058356187-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sgrunt.biz\*!=W
=4
CoolWWWSearch: Domain settings (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-708563631-2690782565-4058356187-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\coolwwwsearch.
com\*!=W=4
CoolWWWSearch.BadZoneMap: Réglages (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-708563631-2690782565-4058356187-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\coolwebsearch.c
om\*!=W=4
CoolWWWSearch.BadZoneMap: Réglages (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-708563631-2690782565-4058356187-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmeup.com
\*!=W=4
CoolWWWSearch.BadZoneMap: Réglages (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-708563631-2690782565-4058356187-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ysbweb.com\*!=
W=4
CoolWWWSearch.BadZoneMap: Réglages (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-708563631-2690782565-4058356187-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net\*
!=W=4
CoolWWWSearch.BadZoneMap: Réglages (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-708563631-2690782565-4058356187-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mt-download.co
m\*!=W=4
CoolWWWSearch.BadZoneMap: Réglages (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-708563631-2690782565-4058356187-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmiracle.co
m\*!=W=4
MediaMotor: Réglages utilisateur (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-708563631-2690782565-4058356187-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\elitemediagroup.
net\*!=W=4
MediaMotor: Réglages utilisateur (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-708563631-2690782565-4058356187-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\media-motor.net
\*!=W=4
MediaMotor: Réglages utilisateur (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-708563631-2690782565-4058356187-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mmohsix.com\*!
=W=4
Smitfraud-C.: Réglages (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-708563631-2690782565-4058356187-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\asdbiz.biz\*!=W
=4
XPreload: Réglages utilisateur (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-708563631-2690782565-4058356187-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sxload.com\*!=
W=4
BlueStreak: Cookie traceur (Internet Explorer: Propriétaire) (Cookie, nothing done)
HitsLink: Cookie traceur (Firefox: default) (Cookie, nothing done)
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-08-18 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-05-23 advcheck.dll (1.5.3.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-07-31 Tools.dll (2.1.2.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-08-15 Includes\Cookies.sbi (*)
2007-07-25 Includes\Dialer.sbi (*)
2007-08-15 Includes\DialerC.sbi (*)
2007-07-11 Includes\Hijackers.sbi (*)
2007-08-15 Includes\HijackersC.sbi (*)
2007-07-25 Includes\Keyloggers.sbi (*)
2007-08-15 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-08-01 Includes\Malware.sbi (*)
2007-08-15 Includes\MalwareC.sbi (*)
2007-08-08 Includes\PUPS.sbi (*)
2007-08-15 Includes\PUPSC.sbi (*)
2007-08-15 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-08-15 Includes\SecurityC.sbi (*)
2007-08-01 Includes\Spybots.sbi (*)
2007-08-15 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-08-01 Includes\Trojans.sbi (*)
2007-08-15 Includes\TrojansC.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll
HKEY_USERS\S-1-5-21-708563631-2690782565-4058356187-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sgrunt.biz\*!=W
=4
CoolWWWSearch: Domain settings (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-708563631-2690782565-4058356187-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\coolwwwsearch.
com\*!=W=4
CoolWWWSearch.BadZoneMap: Réglages (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-708563631-2690782565-4058356187-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\coolwebsearch.c
om\*!=W=4
CoolWWWSearch.BadZoneMap: Réglages (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-708563631-2690782565-4058356187-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmeup.com
\*!=W=4
CoolWWWSearch.BadZoneMap: Réglages (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-708563631-2690782565-4058356187-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ysbweb.com\*!=
W=4
CoolWWWSearch.BadZoneMap: Réglages (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-708563631-2690782565-4058356187-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net\*
!=W=4
CoolWWWSearch.BadZoneMap: Réglages (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-708563631-2690782565-4058356187-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mt-download.co
m\*!=W=4
CoolWWWSearch.BadZoneMap: Réglages (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-708563631-2690782565-4058356187-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmiracle.co
m\*!=W=4
MediaMotor: Réglages utilisateur (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-708563631-2690782565-4058356187-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\elitemediagroup.
net\*!=W=4
MediaMotor: Réglages utilisateur (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-708563631-2690782565-4058356187-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\media-motor.net
\*!=W=4
MediaMotor: Réglages utilisateur (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-708563631-2690782565-4058356187-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mmohsix.com\*!
=W=4
Smitfraud-C.: Réglages (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-708563631-2690782565-4058356187-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\asdbiz.biz\*!=W
=4
XPreload: Réglages utilisateur (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-708563631-2690782565-4058356187-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sxload.com\*!=
W=4
BlueStreak: Cookie traceur (Internet Explorer: Propriétaire) (Cookie, nothing done)
HitsLink: Cookie traceur (Firefox: default) (Cookie, nothing done)
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-08-18 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-05-23 advcheck.dll (1.5.3.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-07-31 Tools.dll (2.1.2.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-08-15 Includes\Cookies.sbi (*)
2007-07-25 Includes\Dialer.sbi (*)
2007-08-15 Includes\DialerC.sbi (*)
2007-07-11 Includes\Hijackers.sbi (*)
2007-08-15 Includes\HijackersC.sbi (*)
2007-07-25 Includes\Keyloggers.sbi (*)
2007-08-15 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-08-01 Includes\Malware.sbi (*)
2007-08-15 Includes\MalwareC.sbi (*)
2007-08-08 Includes\PUPS.sbi (*)
2007-08-15 Includes\PUPSC.sbi (*)
2007-08-15 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-08-15 Includes\SecurityC.sbi (*)
2007-08-01 Includes\Spybots.sbi (*)
2007-08-15 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-08-01 Includes\Trojans.sbi (*)
2007-08-15 Includes\TrojansC.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
ComboFix 07-08-14.4 - "Propri‚taire" 2007-08-18 20:12:45.5 - NTFSx86 MINIMAL
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.751 [GMT 2:00]
Command switches used :: /wow
[i] ADS removed - C:\WINDOWS\system32\ntoskrnl.exe: Le fichier spécifié est introuvable. [/i]
((((((((((((((((((((((((( Files Created from 2007-07-18 to 2007-08-18 )))))))))))))))))))))))))))))))
2007-08-18 18:08 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic
2007-08-18 17:48 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-08-18 17:02 11,776 --a------ C:\WINDOWS\system32\chkdsk.exe
2007-08-18 16:48 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-18 00:21 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-08-17 21:19 <REP> d-------- C:\Program Files\FileASSASSIN
2007-08-17 20:36 <REP> d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Comodo
2007-08-17 20:36 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-08-17 18:16 <REP> d-------- C:\WINDOWS\Internet Logs
2007-08-17 18:11 235,008 --a------ C:\WINDOWS\UNBOC.EXE
2007-08-17 18:11 208,896 --a------ C:\WINDOWS\CMDLIC.DLL
2007-08-17 18:11 <REP> d-------- C:\Program Files\Comodo
2007-08-17 18:08 <REP> d-------- C:\Program Files\RogueRemover FREE
2007-08-17 18:02 <REP> d-------- C:\DOCUME~1\PROPRI~1\.housecall6.6
2007-08-14 17:50 60,084 --a------ C:\WINDOWS\system32\drivers\srosa.sys
2007-08-13 09:05 54,452 --a------ C:\WINDOWS\system32\drivers\pci32.sys
2007-08-09 16:34 272,794 --a------ C:\WINDOWS\system32\trusted.exe
2007-08-09 16:34 <REP> d-------- C:\WINDOWS\exefnd
2007-08-08 20:15 <REP> d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Nokia Multimedia Player
2007-08-07 16:14 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite
2007-08-07 16:14 <REP> d-------- C:\Program Files\Fichiers communs\Nokia
2007-08-07 15:48 <REP> d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\ROUTE 66 Sync
2007-08-07 15:39 <REP> d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\AdobeAUM
2007-08-07 15:17 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
2007-08-03 18:56 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
2007-08-03 17:24 <REP> d-------- C:\Program Files\PC Connectivity Solution
2007-08-03 17:24 <REP> d-------- C:\Program Files\DIFX
2007-08-03 17:24 <REP> d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\PC Suite
2007-08-03 17:17 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
2007-07-30 17:21 <REP> d-------- C:\Program Files\Curious Labs
2007-07-30 16:54 <REP> d-------- C:\Program Files\Dark Basic Software
2007-07-29 16:52 2,322,176 --a------ C:\WINDOWS\system32\TUKernel.exe
2007-07-27 23:16 <REP> d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Joost
2007-07-27 19:59 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2007-07-27 19:59 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-07-27 19:59 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2007-07-27 19:59 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-07-27 19:59 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2007-07-27 19:59 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-07-27 02:16 <REP> d-------- C:\Program Files\Live_TV
2007-07-25 15:55 <REP> d-------- C:\Program Files\ItsLabel
2007-07-25 15:50 <REP> d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\ItsLabel
2007-07-24 19:56 <REP> d-------- C:\DJGateFirst
2007-07-24 19:55 73,216 --a------ C:\WINDOWS\ST5UNST.EXE
2007-07-22 19:39 3,107 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
2007-07-22 19:35 <REP> d-------- C:\Program Files\foobar2000
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-18 17:45 --------- d-------- C:\Program Files\Sony
2007-08-18 17:43 --------- d-------- C:\Program Files\Windows Live Toolbar
2007-08-18 17:29 --------- d-------- C:\Program Files\Zylom Games
2007-08-18 17:25 --------- d-------- C:\Program Files\Opera
2007-08-18 17:21 --------- d-------- C:\Program Files\Hewlett-Packard
2007-08-18 17:20 --------- d-a------ C:\Program Files\Easy Internet signup
2007-08-18 17:19 --------- d-------- C:\Program Files\BeClean
2007-08-17 23:19 --------- d-------- C:\Program Files\a-squared Free
2007-08-17 20:50 --------- d-------- C:\Program Files\eMule
2007-08-17 18:55 --------- d-------- C:\Program Files\SuperCopier2
2007-08-17 18:54 --------- d-------- C:\Program Files\MSN Messenger
2007-08-17 18:54 --------- d-------- C:\Program Files\Google
2007-08-14 20:32 --------- d-------- C:\Program Files\Online TV Player
2007-08-10 18:30 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Google
2007-08-07 20:04 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\AdobeUM
2007-08-07 16:14 --------- d-------- C:\Program Files\Nokia
2007-08-07 15:34 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Ulead Systems
2007-08-07 15:26 --------- d-------- C:\Program Files\Fichiers communs\Ulead Systems
2007-08-07 15:23 --------- d-------- C:\Program Files\Ulead Systems
2007-08-07 15:22 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-03 18:58 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Nokia
2007-08-03 00:13 --------- d-------- C:\Program Files\PartyGaming
2007-07-29 19:52 --------- d-------- C:\Program Files\eoRezo
2007-07-29 19:52 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\EoRezo
2007-07-29 17:06 --------- d-------- C:\Program Files\WebEye
2007-07-29 17:06 --------- d-------- C:\Program Files\TuneUp Utilities 2006
2007-07-29 17:06 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\teamspeak2
2007-07-29 17:06 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Skype
2007-07-29 17:06 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\OTVREG
2007-07-28 00:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-07-28 00:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-28 00:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-28 00:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-27 23:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-27 23:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-27 23:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-07-22 19:39 413048 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2007-07-19 08:58 3583488 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-13 01:30 765952 --a--c--- C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-07 21:20 --------- d-------- C:\Program Files\Oak Systems
2007-07-07 16:17 --------- d-------- C:\Program Files\CCleaner
2007-07-06 04:13 --------- d-------- C:\Program Files\Audacity
2007-07-06 04:11 --------- d-------- C:\Program Files\PiloteContactV2
2007-07-06 04:11 --------- d-------- C:\Program Files\Fichiers communs\SONY Digital Images
2007-07-06 04:10 --------- d-------- C:\Program Files\PeerTV
2007-07-06 04:09 --------- d-a------ C:\Program Files\Microsoft AutoRoute
2007-07-06 04:09 --------- d-a------ C:\Program Files\InterVideo
2007-07-06 04:09 --------- d-------- C:\Program Files\Web TV
2007-07-06 04:09 --------- d-------- C:\Program Files\mp3cd
2007-07-06 03:16 --------- d-------- C:\Program Files\DivX
2007-07-06 03:01 --------- d-------- C:\Program Files\muvee Technologies
2007-07-06 03:01 --------- d-------- C:\Program Files\Fichiers communs\muvee Technologies
2007-07-03 02:32 --------- d-------- C:\Program Files\Magellan
2007-06-30 02:21 --------- d-------- C:\Program Files\Activision
2007-06-29 15:22 --------- d-------- C:\Program Files\Red Kawa
2007-06-27 15:24 823808 --a--c--- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 15:24 671232 --a--c--- C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 15:24 477696 --a--c--- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 15:24 232960 -----c--- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 15:24 193024 --a--c--- C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 15:24 1152000 --a--c--- C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 15:24 105984 -----c--- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 15:24 102400 -----c--- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 15:23 6058496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 15:23 52224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 15:23 459264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 15:23 44544 -----c--- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 15:23 27648 --a--c--- C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 15:23 267776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 15:22 384512 -----c--- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 15:22 383488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 15:22 230400 -----c--- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 15:22 153088 -----c--- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 15:22 132608 --a--c--- C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 15:22 124928 -----c--- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 10:28 625152 -----c--- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 10:27 63488 -----c--- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 10:27 13824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 09:00 161792 --a--c--- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 08:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 08:09 1104896 -----c--- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-20 01:35 --------- d-------- C:\Program Files\Winamp
2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 15:32 282112 -----c--- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 15:22 1037312 --a------ C:\WINDOWS\explorer.exe
2007-06-13 15:22 1037312 -----c--- C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-11 23:51 10834944 --a--c--- C:\WINDOWS\system32\dllcache\wmp.dll
2007-06-08 08:11 831048 --a------ C:\WINDOWS\system32\WudfUpdate_01005.dll
2006-12-11 22:40 278528 --a------ C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2006-05-09 16:59 76 --ah----- C:\Program Files\Desktop.ini
2006-02-18 03:17 36868 --a------ C:\Program Files\uninst-shine.exe
2006-01-30 00:18 231 --a------ C:\Program Files\INSTALL.LOG
--------- C:\Program Files\Hijackthis Version Française
2005-12-28 04:21:21 56 --sh--r C:\WINDOWS\system32\4D8204BC78.sys
2006-02-20 21:56:52 8 --sh--r C:\WINDOWS\system32\928FA019FB.sys
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-08-18 18:03]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-26 08:23]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"=00000000
"ForceActiveDesktop"=0 (0x0)
"NoActiveDesktopChanges"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hp psc 1000 series.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hp psc 1000 series.lnk
backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hpoddt01.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hpoddt01.exe.lnk
backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Acrobat.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Acrobat.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Acrobat.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide de Microsoft Office OneNote 2003.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide de Microsoft Office OneNote 2003.lnk
backup=C:\WINDOWS\pss\Lancement rapide de Microsoft Office OneNote 2003.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^SnagIt 8.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\SnagIt 8.lnk
backup=C:\WINDOWS\pss\SnagIt 8.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
"C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
ALCXMNTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
Ati2mdxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
"C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVPCC]
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /wait
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BOC-425]
C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Firewall Pro]
"C:\Program Files\Comodo\Firewall\CPF.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DaemonTools_WhenUSaveNow_Installer]
C:\Program Files\DaemonTools_WhenUSaveNow_Installer\DaemonTools_WhenUSaveNow_Installer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
C:\Program Files\eMule\emule.exe -AutoStart
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gegfxxqiqj]
c:\windows\system32\gegfxxqiqj.exe gegfxxqiqj
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\windows\system\hpsysdrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaDICO36]
C:\Program Files\Micro Application\36 Dictionnaires et Recueils de Correspondance\LanceMediaDICO36.exe Lancement
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
"C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
"c:\Program Files\Microsoft Money\System\mnyexpr.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\System32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]
rundll32.exe nview.dll,nViewLoadHook
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet /keeploaded /nodetect
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeGuard RegChecker]
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCS]
"C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
C:\WINDOWS\system32\ps2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
"C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowShifter TVTV EPG Daemon]
"C:\Program Files\Home Media Networks Limited\ShowShifter\TVTVD.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
"C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier2.exe]
C:\Program Files\SuperCopier2\SuperCopier2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\switp]
C:\WINDOWS\switpb.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINSOS VERIFY]
"C:\Program Files\Winsos\WINSOS.EXE" MINI
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC]
"C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
R0 a347bus;a347bus;C:\WINDOWS\system32\DRIVERS\a347bus.sys
R0 a347scsi;a347scsi;C:\WINDOWS\system32\Drivers\a347scsi.sys
S1 avgio;avgio;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys
S1 avipbb;avipbb;C:\WINDOWS\system32\DRIVERS\avipbb.sys
S1 ssmdrv;ssmdrv;C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
S2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys
S2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys
S2 SBKUPNT;SBKUPNT;\??\C:\WINDOWS\System32\Drivers\SBKUPNT.SYS
S2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 avgntflt;avgntflt;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys
S3 driverhardwarev2;driverhardwarev2;\??\C:\Program Files\HardwareDetection\driverhardwarev2.sys
S3 PAC7311;VGA SoC PC-Camer@;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys
S3 Tetris;Tetris driver;C:\WINDOWS\system32\Drivers\Tetris.sys
S3 USB28xxBGA;Pinnacle PCTV DVB-T USB Stick;C:\WINDOWS\system32\DRIVERS\emBDA.sys
S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
Contents of the 'Scheduled Tasks' folder
2006-02-12 04:18:51 C:\WINDOWS\Tasks\1-Click Maintenance.job
2006-02-12 04:18:44 C:\WINDOWS\Tasks\Connexion facile à Internet.job
2007-08-17 15:24:34 C:\WINDOWS\Tasks\Maintenance en 1 clic.job - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-18 20:13:48
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
Completion time: 2007-08-18 20:15:05
C:\ComboFix-quarantined-files.txt ... 2007-08-18 20:14
C:\ComboFix2.txt ... 2007-08-18 19:27
--- E O F ---
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.751 [GMT 2:00]
Command switches used :: /wow
[i] ADS removed - C:\WINDOWS\system32\ntoskrnl.exe: Le fichier spécifié est introuvable. [/i]
((((((((((((((((((((((((( Files Created from 2007-07-18 to 2007-08-18 )))))))))))))))))))))))))))))))
2007-08-18 18:08 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic
2007-08-18 17:48 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-08-18 17:02 11,776 --a------ C:\WINDOWS\system32\chkdsk.exe
2007-08-18 16:48 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-18 00:21 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-08-17 21:19 <REP> d-------- C:\Program Files\FileASSASSIN
2007-08-17 20:36 <REP> d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Comodo
2007-08-17 20:36 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-08-17 18:16 <REP> d-------- C:\WINDOWS\Internet Logs
2007-08-17 18:11 235,008 --a------ C:\WINDOWS\UNBOC.EXE
2007-08-17 18:11 208,896 --a------ C:\WINDOWS\CMDLIC.DLL
2007-08-17 18:11 <REP> d-------- C:\Program Files\Comodo
2007-08-17 18:08 <REP> d-------- C:\Program Files\RogueRemover FREE
2007-08-17 18:02 <REP> d-------- C:\DOCUME~1\PROPRI~1\.housecall6.6
2007-08-14 17:50 60,084 --a------ C:\WINDOWS\system32\drivers\srosa.sys
2007-08-13 09:05 54,452 --a------ C:\WINDOWS\system32\drivers\pci32.sys
2007-08-09 16:34 272,794 --a------ C:\WINDOWS\system32\trusted.exe
2007-08-09 16:34 <REP> d-------- C:\WINDOWS\exefnd
2007-08-08 20:15 <REP> d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Nokia Multimedia Player
2007-08-07 16:14 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite
2007-08-07 16:14 <REP> d-------- C:\Program Files\Fichiers communs\Nokia
2007-08-07 15:48 <REP> d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\ROUTE 66 Sync
2007-08-07 15:39 <REP> d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\AdobeAUM
2007-08-07 15:17 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
2007-08-03 18:56 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
2007-08-03 17:24 <REP> d-------- C:\Program Files\PC Connectivity Solution
2007-08-03 17:24 <REP> d-------- C:\Program Files\DIFX
2007-08-03 17:24 <REP> d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\PC Suite
2007-08-03 17:17 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
2007-07-30 17:21 <REP> d-------- C:\Program Files\Curious Labs
2007-07-30 16:54 <REP> d-------- C:\Program Files\Dark Basic Software
2007-07-29 16:52 2,322,176 --a------ C:\WINDOWS\system32\TUKernel.exe
2007-07-27 23:16 <REP> d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Joost
2007-07-27 19:59 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2007-07-27 19:59 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-07-27 19:59 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2007-07-27 19:59 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-07-27 19:59 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2007-07-27 19:59 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-07-27 02:16 <REP> d-------- C:\Program Files\Live_TV
2007-07-25 15:55 <REP> d-------- C:\Program Files\ItsLabel
2007-07-25 15:50 <REP> d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\ItsLabel
2007-07-24 19:56 <REP> d-------- C:\DJGateFirst
2007-07-24 19:55 73,216 --a------ C:\WINDOWS\ST5UNST.EXE
2007-07-22 19:39 3,107 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
2007-07-22 19:35 <REP> d-------- C:\Program Files\foobar2000
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-18 17:45 --------- d-------- C:\Program Files\Sony
2007-08-18 17:43 --------- d-------- C:\Program Files\Windows Live Toolbar
2007-08-18 17:29 --------- d-------- C:\Program Files\Zylom Games
2007-08-18 17:25 --------- d-------- C:\Program Files\Opera
2007-08-18 17:21 --------- d-------- C:\Program Files\Hewlett-Packard
2007-08-18 17:20 --------- d-a------ C:\Program Files\Easy Internet signup
2007-08-18 17:19 --------- d-------- C:\Program Files\BeClean
2007-08-17 23:19 --------- d-------- C:\Program Files\a-squared Free
2007-08-17 20:50 --------- d-------- C:\Program Files\eMule
2007-08-17 18:55 --------- d-------- C:\Program Files\SuperCopier2
2007-08-17 18:54 --------- d-------- C:\Program Files\MSN Messenger
2007-08-17 18:54 --------- d-------- C:\Program Files\Google
2007-08-14 20:32 --------- d-------- C:\Program Files\Online TV Player
2007-08-10 18:30 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Google
2007-08-07 20:04 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\AdobeUM
2007-08-07 16:14 --------- d-------- C:\Program Files\Nokia
2007-08-07 15:34 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Ulead Systems
2007-08-07 15:26 --------- d-------- C:\Program Files\Fichiers communs\Ulead Systems
2007-08-07 15:23 --------- d-------- C:\Program Files\Ulead Systems
2007-08-07 15:22 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-03 18:58 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Nokia
2007-08-03 00:13 --------- d-------- C:\Program Files\PartyGaming
2007-07-29 19:52 --------- d-------- C:\Program Files\eoRezo
2007-07-29 19:52 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\EoRezo
2007-07-29 17:06 --------- d-------- C:\Program Files\WebEye
2007-07-29 17:06 --------- d-------- C:\Program Files\TuneUp Utilities 2006
2007-07-29 17:06 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\teamspeak2
2007-07-29 17:06 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Skype
2007-07-29 17:06 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\OTVREG
2007-07-28 00:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-07-28 00:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-28 00:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-28 00:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-27 23:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-27 23:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-27 23:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-07-22 19:39 413048 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2007-07-19 08:58 3583488 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-13 01:30 765952 --a--c--- C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-07 21:20 --------- d-------- C:\Program Files\Oak Systems
2007-07-07 16:17 --------- d-------- C:\Program Files\CCleaner
2007-07-06 04:13 --------- d-------- C:\Program Files\Audacity
2007-07-06 04:11 --------- d-------- C:\Program Files\PiloteContactV2
2007-07-06 04:11 --------- d-------- C:\Program Files\Fichiers communs\SONY Digital Images
2007-07-06 04:10 --------- d-------- C:\Program Files\PeerTV
2007-07-06 04:09 --------- d-a------ C:\Program Files\Microsoft AutoRoute
2007-07-06 04:09 --------- d-a------ C:\Program Files\InterVideo
2007-07-06 04:09 --------- d-------- C:\Program Files\Web TV
2007-07-06 04:09 --------- d-------- C:\Program Files\mp3cd
2007-07-06 03:16 --------- d-------- C:\Program Files\DivX
2007-07-06 03:01 --------- d-------- C:\Program Files\muvee Technologies
2007-07-06 03:01 --------- d-------- C:\Program Files\Fichiers communs\muvee Technologies
2007-07-03 02:32 --------- d-------- C:\Program Files\Magellan
2007-06-30 02:21 --------- d-------- C:\Program Files\Activision
2007-06-29 15:22 --------- d-------- C:\Program Files\Red Kawa
2007-06-27 15:24 823808 --a--c--- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 15:24 671232 --a--c--- C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 15:24 477696 --a--c--- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 15:24 232960 -----c--- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 15:24 193024 --a--c--- C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 15:24 1152000 --a--c--- C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 15:24 105984 -----c--- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 15:24 102400 -----c--- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 15:23 6058496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 15:23 52224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 15:23 459264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 15:23 44544 -----c--- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 15:23 27648 --a--c--- C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 15:23 267776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 15:22 384512 -----c--- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 15:22 383488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 15:22 230400 -----c--- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 15:22 153088 -----c--- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 15:22 132608 --a--c--- C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 15:22 124928 -----c--- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 10:28 625152 -----c--- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 10:27 63488 -----c--- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 10:27 13824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 09:00 161792 --a--c--- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 08:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 08:09 1104896 -----c--- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-20 01:35 --------- d-------- C:\Program Files\Winamp
2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 15:32 282112 -----c--- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 15:22 1037312 --a------ C:\WINDOWS\explorer.exe
2007-06-13 15:22 1037312 -----c--- C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-11 23:51 10834944 --a--c--- C:\WINDOWS\system32\dllcache\wmp.dll
2007-06-08 08:11 831048 --a------ C:\WINDOWS\system32\WudfUpdate_01005.dll
2006-12-11 22:40 278528 --a------ C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2006-05-09 16:59 76 --ah----- C:\Program Files\Desktop.ini
2006-02-18 03:17 36868 --a------ C:\Program Files\uninst-shine.exe
2006-01-30 00:18 231 --a------ C:\Program Files\INSTALL.LOG
--------- C:\Program Files\Hijackthis Version Française
2005-12-28 04:21:21 56 --sh--r C:\WINDOWS\system32\4D8204BC78.sys
2006-02-20 21:56:52 8 --sh--r C:\WINDOWS\system32\928FA019FB.sys
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-08-18 18:03]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-26 08:23]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"=00000000
"ForceActiveDesktop"=0 (0x0)
"NoActiveDesktopChanges"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hp psc 1000 series.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hp psc 1000 series.lnk
backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hpoddt01.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hpoddt01.exe.lnk
backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Acrobat.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Acrobat.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Acrobat.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide de Microsoft Office OneNote 2003.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide de Microsoft Office OneNote 2003.lnk
backup=C:\WINDOWS\pss\Lancement rapide de Microsoft Office OneNote 2003.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^SnagIt 8.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\SnagIt 8.lnk
backup=C:\WINDOWS\pss\SnagIt 8.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
"C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
ALCXMNTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
Ati2mdxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
"C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVPCC]
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /wait
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BOC-425]
C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Firewall Pro]
"C:\Program Files\Comodo\Firewall\CPF.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DaemonTools_WhenUSaveNow_Installer]
C:\Program Files\DaemonTools_WhenUSaveNow_Installer\DaemonTools_WhenUSaveNow_Installer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
C:\Program Files\eMule\emule.exe -AutoStart
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gegfxxqiqj]
c:\windows\system32\gegfxxqiqj.exe gegfxxqiqj
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\windows\system\hpsysdrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaDICO36]
C:\Program Files\Micro Application\36 Dictionnaires et Recueils de Correspondance\LanceMediaDICO36.exe Lancement
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
"C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
"c:\Program Files\Microsoft Money\System\mnyexpr.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\System32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]
rundll32.exe nview.dll,nViewLoadHook
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet /keeploaded /nodetect
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeGuard RegChecker]
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCS]
"C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
C:\WINDOWS\system32\ps2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
"C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowShifter TVTV EPG Daemon]
"C:\Program Files\Home Media Networks Limited\ShowShifter\TVTVD.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
"C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier2.exe]
C:\Program Files\SuperCopier2\SuperCopier2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\switp]
C:\WINDOWS\switpb.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINSOS VERIFY]
"C:\Program Files\Winsos\WINSOS.EXE" MINI
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC]
"C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
R0 a347bus;a347bus;C:\WINDOWS\system32\DRIVERS\a347bus.sys
R0 a347scsi;a347scsi;C:\WINDOWS\system32\Drivers\a347scsi.sys
S1 avgio;avgio;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys
S1 avipbb;avipbb;C:\WINDOWS\system32\DRIVERS\avipbb.sys
S1 ssmdrv;ssmdrv;C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
S2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys
S2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys
S2 SBKUPNT;SBKUPNT;\??\C:\WINDOWS\System32\Drivers\SBKUPNT.SYS
S2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 avgntflt;avgntflt;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys
S3 driverhardwarev2;driverhardwarev2;\??\C:\Program Files\HardwareDetection\driverhardwarev2.sys
S3 PAC7311;VGA SoC PC-Camer@;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys
S3 Tetris;Tetris driver;C:\WINDOWS\system32\Drivers\Tetris.sys
S3 USB28xxBGA;Pinnacle PCTV DVB-T USB Stick;C:\WINDOWS\system32\DRIVERS\emBDA.sys
S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
Contents of the 'Scheduled Tasks' folder
2006-02-12 04:18:51 C:\WINDOWS\Tasks\1-Click Maintenance.job
2006-02-12 04:18:44 C:\WINDOWS\Tasks\Connexion facile à Internet.job
2007-08-17 15:24:34 C:\WINDOWS\Tasks\Maintenance en 1 clic.job - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-18 20:13:48
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
Completion time: 2007-08-18 20:15:05
C:\ComboFix-quarantined-files.txt ... 2007-08-18 20:14
C:\ComboFix2.txt ... 2007-08-18 19:27
--- E O F ---
Apres analyse par Virus total:
pour C:\WINDOWS\system32\4D8204BC78.sys 0/32 0%
pour C:\WINDOWS\system32\928FA019FB.sys 0/32 0%
pour C:\WINDOWS\system32\4D8204BC78.sys 0/32 0%
pour C:\WINDOWS\system32\928FA019FB.sys 0/32 0%
curieux quand-m^me !
renommes-les en :
pour C:\WINDOWS\system32\4D8204BC78.sys.vir
pour C:\WINDOWS\system32\928FA019FB.sys.vir
je me méfie, google ne connait pas et dans ce cas la méfiance est de rigeur...
renommes-les en :
pour C:\WINDOWS\system32\4D8204BC78.sys.vir
pour C:\WINDOWS\system32\928FA019FB.sys.vir
je me méfie, google ne connait pas et dans ce cas la méfiance est de rigeur...
20/08/2007 a 11:03:42,50
*** Recherche des fichiers dans C:
*** Recherche des fichiers dans C:\WINDOWS\
C:\WINDOWS\ALCXMNTR.EXE FOUND
*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\kernel???.exe FOUND
C:\WINDOWS\system32\kernel??.exe FOUND
C:\WINDOWS\system32\kernel?.exe FOUND
C:\WINDOWS\system32\SpoonUninstall.exe FOUND
*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll" FOUND
"C:\Program Files\PartyGaming\" FOUND
*** Fin du rapport !
*** Recherche des fichiers dans C:
*** Recherche des fichiers dans C:\WINDOWS\
C:\WINDOWS\ALCXMNTR.EXE FOUND
*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\kernel???.exe FOUND
C:\WINDOWS\system32\kernel??.exe FOUND
C:\WINDOWS\system32\kernel?.exe FOUND
C:\WINDOWS\system32\SpoonUninstall.exe FOUND
*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll" FOUND
"C:\Program Files\PartyGaming\" FOUND
*** Fin du rapport !
Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 20/08/2007 a 15:06:17,04
Microsoft Windows XP [version 5.1.2600]
*** Suppression des fichiers dans C:
*** Suppression des fichiers dans C:\WINDOWS\
tentative de suppression de C:\WINDOWS\ALCXMNTR.EXE
*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\kernel???.exe
tentative de suppression de C:\WINDOWS\system32\SpoonUninstall.exe
*** Suppression des fichiers dans C:\Program Files
tentative de suppression de "C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll"
tentative de suppression de "C:\Program Files\PartyGaming\"
*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 20/08/2007 a 15:06:17,04
Microsoft Windows XP [version 5.1.2600]
*** Suppression des fichiers dans C:
*** Suppression des fichiers dans C:\WINDOWS\
tentative de suppression de C:\WINDOWS\ALCXMNTR.EXE
*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\kernel???.exe
tentative de suppression de C:\WINDOWS\system32\SpoonUninstall.exe
*** Suppression des fichiers dans C:\Program Files
tentative de suppression de "C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll"
tentative de suppression de "C:\Program Files\PartyGaming\"
*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
En mode Normal
20/08/2007 a 20:57:48,03
*** Recherche des fichiers dans C:
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
*** Recherche des fichiers dans C:\Program Files
*** Fin du rapport !
20/08/2007 a 20:57:48,03
*** Recherche des fichiers dans C:
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
*** Recherche des fichiers dans C:\Program Files
*** Fin du rapport !
autrement Phylo que penses-tu de ma protection Antivir en AV et Comodo Firewall?
j'effectue regulierement des nettoyage avec spybot et c clean y a t'il d'autre manip a faire regulierement?
dois-je mettre maintenant probleme resolu?
encore Merci de ton aide
j'effectue regulierement des nettoyage avec spybot et c clean y a t'il d'autre manip a faire regulierement?
dois-je mettre maintenant probleme resolu?
encore Merci de ton aide
Allo Moinele !
Je suis de retour brièvement ,
J'ai fais un petit voyage de dépaysement !
Fait du bien .
Écoutes, si Claude te dis que ton log est clean, alors je ne doute pas qu'il l'est.
Et si tel est le cas,
Ok pour spybot, vas dans mode/avancé/ résident et tea timer actives les 2.
Il installera une icone prés de l'horloge et si il y a la moindre activité suspecte , il t'avisera.
NB juste un petit bug , l'affichage de Spybot.
Mais c simple, carré de gauche = accepter et droite refuser.Voilà.
Pareil pour Comodo le fantôme...
Et superantispyware est léger en mode surveillance mais efficace surtout pour conserver ta page Firefox ou INTER PAS NET "
De plus, il n'y a absolument aucun conflict avec ceux-ci.
Juste pour te donner une idée de mes protections que j,ai sur ma machine, et elle n'y sont pas toutes...
Regarde dans mon profil et tu verras.
Malgré toutes mes protections : Entre l'ouverture du bonton de ma machine et l'affichage de Google Firefox, 1: Min 05 Sec .
Et je me promène en terrain très dangeureux...
Donc avec un bon mix de protections éprouvées et testées , aucun ralentissement significatif mais surtout, jamais aucun spyware ou virus !
Et même au-delà, j'ai fais aussi tous les tests de Rootkits et aucune trace.
Yen a qui me pense parano, peut-être...
Mais je n'ai pas encore demandé d'aide.
Jal
Je suis de retour brièvement ,
J'ai fais un petit voyage de dépaysement !
Fait du bien .
Écoutes, si Claude te dis que ton log est clean, alors je ne doute pas qu'il l'est.
Et si tel est le cas,
Ok pour spybot, vas dans mode/avancé/ résident et tea timer actives les 2.
Il installera une icone prés de l'horloge et si il y a la moindre activité suspecte , il t'avisera.
NB juste un petit bug , l'affichage de Spybot.
Mais c simple, carré de gauche = accepter et droite refuser.Voilà.
Pareil pour Comodo le fantôme...
Et superantispyware est léger en mode surveillance mais efficace surtout pour conserver ta page Firefox ou INTER PAS NET "
De plus, il n'y a absolument aucun conflict avec ceux-ci.
Juste pour te donner une idée de mes protections que j,ai sur ma machine, et elle n'y sont pas toutes...
Regarde dans mon profil et tu verras.
Malgré toutes mes protections : Entre l'ouverture du bonton de ma machine et l'affichage de Google Firefox, 1: Min 05 Sec .
Et je me promène en terrain très dangeureux...
Donc avec un bon mix de protections éprouvées et testées , aucun ralentissement significatif mais surtout, jamais aucun spyware ou virus !
Et même au-delà, j'ai fais aussi tous les tests de Rootkits et aucune trace.
Yen a qui me pense parano, peut-être...
Mais je n'ai pas encore demandé d'aide.
Jal
re j'ai trouver l'outil ideal pour ton virus bagle
fais cette manip
~Télécharge Elibagla sur cette page :
http://www.zonavirus.com/buscador-google-404.asp?cx=partner-pub-7877711713240415:ggberw-87et&cof=FORID:10&ie=windows-1252&q=%20des&sa=Buscar [...] ibagla.asp
Tu trouveras le programme à télécharger tout en bas de la page :,
clique sur escargar Elibagla 10.47
Enregistre ce fichier sur le bureau
Va sur ton bureau et double-clic sur Elibagla.exe
La case "eliminar ficheros automaticamente" doit être cochée
Clique sur"explorar" et laisse-le travailler
~Poste le rapport final qui sera dans c:\infosat.txt
fais cette manip
~Télécharge Elibagla sur cette page :
http://www.zonavirus.com/buscador-google-404.asp?cx=partner-pub-7877711713240415:ggberw-87et&cof=FORID:10&ie=windows-1252&q=%20des&sa=Buscar [...] ibagla.asp
Tu trouveras le programme à télécharger tout en bas de la page :,
clique sur escargar Elibagla 10.47
Enregistre ce fichier sur le bureau
Va sur ton bureau et double-clic sur Elibagla.exe
La case "eliminar ficheros automaticamente" doit être cochée
Clique sur"explorar" et laisse-le travailler
~Poste le rapport final qui sera dans c:\infosat.txt
