Pc infecté Help Me
Résolu
moinele
Messages postés
138
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour a tous,
je viens d'effectuer un scan anti virus avec kaspersky online il m'a trouvé 4 virus et 21 fichiers infectés!
j'ai lancé hijackthis mais impossible de retrouvé le rapport!
quelqun pourrait il m'aider a me desinfecté!
j'utilise mon pc perso pour le taff
merci de m'aider
@+
je viens d'effectuer un scan anti virus avec kaspersky online il m'a trouvé 4 virus et 21 fichiers infectés!
j'ai lancé hijackthis mais impossible de retrouvé le rapport!
quelqun pourrait il m'aider a me desinfecté!
j'utilise mon pc perso pour le taff
merci de m'aider
@+
A voir également:
- Pc infecté Help Me
- Reinitialiser pc - Guide
- Pc lent - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
- Forcer demarrage pc - Guide
- Double ecran pc - Guide
148 réponses
re , sorry derrniere intrusion^^
peut tu me dire en MP comment interpreter combo stp
bizoux a vous et merci Philo , encore désolée de mon arrivée subite lol
kiss
peut tu me dire en MP comment interpreter combo stp
bizoux a vous et merci Philo , encore désolée de mon arrivée subite lol
kiss
ComboFix 07-08-14.4 - "Propri‚taire" 2007-08-22 21:43:24.6 - NTFSx86 MINIMAL
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.787 [GMT 2:00]
[i] ADS removed - C:\WINDOWS\system32\ntoskrnl.exe: Le fichier spécifié est introuvable. [/i]
((((((((((((((((((((((((( Files Created from 2007-07-22 to 2007-08-22 )))))))))))))))))))))))))))))))
2007-08-22 20:41 3,290 --a------ C:\WINDOWS\system32\gnc.exe
2007-08-22 19:36 <REP> d-------- C:\Program Files\Navilog1
2007-08-22 19:28 <REP> d-------- C:\Program Files\AxBx
2007-08-21 23:15 12 --a------ C:\WINDOWS\bthservsdp.dat
2007-08-21 01:52 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2007-08-21 01:52 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-08-21 01:52 28,160 --a--c--- C:\WINDOWS\system32\dllcache\irmon.dll
2007-08-21 01:52 28,160 --a------ C:\WINDOWS\system32\irmon.dll
2007-08-21 01:52 154,112 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
2007-08-21 01:52 154,112 --a------ C:\WINDOWS\system32\irftp.exe
2007-08-21 01:47 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bluetooth
2007-08-21 01:44 <REP> d-------- C:\Program Files\IVT Corporation
2007-08-21 01:35 <REP> d-------- C:\Program Files\CommentCaMarche
2007-08-18 18:08 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic
2007-08-18 17:48 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-08-18 17:02 11,776 --a------ C:\WINDOWS\system32\chkdsk.exe
2007-08-18 16:48 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-18 00:21 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-08-17 21:19 <REP> d-------- C:\Program Files\FileASSASSIN
2007-08-17 20:36 <REP> d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Comodo
2007-08-17 20:36 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-08-17 18:16 <REP> d-------- C:\WINDOWS\Internet Logs
2007-08-17 18:11 235,008 --a------ C:\WINDOWS\UNBOC.EXE
2007-08-17 18:11 208,896 --a------ C:\WINDOWS\CMDLIC.DLL
2007-08-17 18:11 <REP> d-------- C:\Program Files\Comodo
2007-08-17 18:08 <REP> d-------- C:\Program Files\RogueRemover FREE
2007-08-17 18:02 <REP> d-------- C:\DOCUME~1\PROPRI~1\.housecall6.6
2007-08-14 17:50 60,084 --a------ C:\WINDOWS\system32\drivers\srosa.sys
2007-08-08 20:15 <REP> d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Nokia Multimedia Player
2007-08-07 16:14 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite
2007-08-07 16:14 <REP> d-------- C:\Program Files\Fichiers communs\Nokia
2007-08-07 15:48 <REP> d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\ROUTE 66 Sync
2007-08-07 15:39 <REP> d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\AdobeAUM
2007-08-07 15:17 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
2007-08-03 18:56 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
2007-08-03 17:24 <REP> d-------- C:\Program Files\PC Connectivity Solution
2007-08-03 17:24 <REP> d-------- C:\Program Files\DIFX
2007-08-03 17:24 <REP> d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\PC Suite
2007-08-03 17:17 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
2007-07-30 17:21 <REP> d-------- C:\Program Files\Curious Labs
2007-07-30 16:54 <REP> d-------- C:\Program Files\Dark Basic Software
2007-07-29 16:52 2,322,176 --a------ C:\WINDOWS\system32\TUKernel.exe
2007-07-27 23:16 <REP> d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Joost
2007-07-27 19:59 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2007-07-27 19:59 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-07-27 19:59 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2007-07-27 19:59 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-07-27 19:59 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2007-07-27 19:59 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-07-27 02:16 <REP> d-------- C:\Program Files\Live_TV
2007-07-25 15:55 <REP> d-------- C:\Program Files\ItsLabel
2007-07-25 15:50 <REP> d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\ItsLabel
2007-07-24 19:56 <REP> d-------- C:\DJGateFirst
2007-07-24 19:55 73,216 --a------ C:\WINDOWS\ST5UNST.EXE
2007-07-22 19:39 3,107 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
2007-07-22 19:35 <REP> d-------- C:\Program Files\foobar2000
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-22 19:48 --------- d-------- C:\Program Files\a-squared Free
2007-08-22 04:20 --------- d-------- C:\Program Files\eMule
2007-08-18 17:45 --------- d-------- C:\Program Files\Sony
2007-08-18 17:43 --------- d-------- C:\Program Files\Windows Live Toolbar
2007-08-18 17:29 --------- d-------- C:\Program Files\Zylom Games
2007-08-18 17:25 --------- d-------- C:\Program Files\Opera
2007-08-18 17:21 --------- d-------- C:\Program Files\Hewlett-Packard
2007-08-18 17:20 --------- d-a------ C:\Program Files\Easy Internet signup
2007-08-18 17:19 --------- d-------- C:\Program Files\BeClean
2007-08-17 18:55 --------- d-------- C:\Program Files\SuperCopier2
2007-08-17 18:54 --------- d-------- C:\Program Files\MSN Messenger
2007-08-17 18:54 --------- d-------- C:\Program Files\Google
2007-08-14 20:32 --------- d-------- C:\Program Files\Online TV Player
2007-08-10 18:30 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Google
2007-08-07 20:04 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\AdobeUM
2007-08-07 16:14 --------- d-------- C:\Program Files\Nokia
2007-08-07 15:34 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Ulead Systems
2007-08-07 15:26 --------- d-------- C:\Program Files\Fichiers communs\Ulead Systems
2007-08-07 15:23 --------- d-------- C:\Program Files\Ulead Systems
2007-08-07 15:22 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-03 18:58 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Nokia
2007-07-30 19:19 92504 --a--c--- C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a--c--- C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a--c--- C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a--c--- C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a--c--- C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a--c--- C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a--c--- C:\WINDOWS\system32\dllcache\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-29 19:52 --------- d-------- C:\Program Files\eoRezo
2007-07-29 19:52 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\EoRezo
2007-07-29 17:06 --------- d-------- C:\Program Files\WebEye
2007-07-29 17:06 --------- d-------- C:\Program Files\TuneUp Utilities 2006
2007-07-29 17:06 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\teamspeak2
2007-07-29 17:06 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Skype
2007-07-29 17:06 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\OTVREG
2007-07-28 00:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-07-28 00:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-28 00:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-28 00:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-27 23:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-27 23:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-27 23:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-07-19 08:58 3583488 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-13 01:30 765952 --a--c--- C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-07 21:20 --------- d-------- C:\Program Files\Oak Systems
2007-07-07 16:17 --------- d-------- C:\Program Files\CCleaner
2007-07-06 04:13 --------- d-------- C:\Program Files\Audacity
2007-07-06 04:11 --------- d-------- C:\Program Files\PiloteContactV2
2007-07-06 04:11 --------- d-------- C:\Program Files\Fichiers communs\SONY Digital Images
2007-07-06 04:10 --------- d-------- C:\Program Files\PeerTV
2007-07-06 04:09 --------- d-a------ C:\Program Files\Microsoft AutoRoute
2007-07-06 04:09 --------- d-a------ C:\Program Files\InterVideo
2007-07-06 04:09 --------- d-------- C:\Program Files\Web TV
2007-07-06 04:09 --------- d-------- C:\Program Files\mp3cd
2007-07-06 03:16 --------- d-------- C:\Program Files\DivX
2007-07-06 03:01 --------- d-------- C:\Program Files\muvee Technologies
2007-07-06 03:01 --------- d-------- C:\Program Files\Fichiers communs\muvee Technologies
2007-07-03 02:32 --------- d-------- C:\Program Files\Magellan
2007-06-30 02:21 --------- d-------- C:\Program Files\Activision
2007-06-29 15:22 --------- d-------- C:\Program Files\Red Kawa
2007-06-27 15:24 823808 --a--c--- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 15:24 671232 --a--c--- C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 15:24 477696 --a--c--- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 15:24 232960 -----c--- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 15:24 193024 --a--c--- C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 15:24 1152000 --a--c--- C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 15:24 105984 -----c--- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 15:24 102400 -----c--- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 15:23 6058496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 15:23 52224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 15:23 459264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 15:23 44544 -----c--- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 15:23 27648 --a--c--- C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 15:23 267776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 15:22 384512 -----c--- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 15:22 383488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 15:22 230400 -----c--- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 15:22 153088 -----c--- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 15:22 132608 --a--c--- C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 15:22 124928 -----c--- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 10:28 625152 -----c--- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 10:27 63488 -----c--- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 10:27 13824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 09:00 161792 --a--c--- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 08:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 08:09 1104896 -----c--- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 15:32 282112 -----c--- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 15:22 1037312 --a------ C:\WINDOWS\explorer.exe
2007-06-13 15:22 1037312 -----c--- C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-11 23:51 10834944 --a--c--- C:\WINDOWS\system32\dllcache\wmp.dll
2007-06-08 08:11 831048 --a------ C:\WINDOWS\system32\WudfUpdate_01005.dll
2005-12-28 04:21:21 56 --sha-r C:\WINDOWS\system32\4D8204BC78.sys.vir
2006-02-20 21:56:52 8 --sha-r C:\WINDOWS\system32\928FA019FB.sys.vir
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-08-18 18:03]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 17:10 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-26 08:23]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-07-16 17:33:36]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"=00000000
"ForceActiveDesktop"=0 (0x0)
"NoActiveDesktopChanges"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hp psc 1000 series.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hp psc 1000 series.lnk
backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hpoddt01.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hpoddt01.exe.lnk
backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Acrobat.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Acrobat.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Acrobat.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide de Microsoft Office OneNote 2003.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide de Microsoft Office OneNote 2003.lnk
backup=C:\WINDOWS\pss\Lancement rapide de Microsoft Office OneNote 2003.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^SnagIt 8.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\SnagIt 8.lnk
backup=C:\WINDOWS\pss\SnagIt 8.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
"C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
ALCXMNTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
Ati2mdxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
"C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVPCC]
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /wait
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BOC-425]
C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Firewall Pro]
"C:\Program Files\Comodo\Firewall\CPF.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DaemonTools_WhenUSaveNow_Installer]
C:\Program Files\DaemonTools_WhenUSaveNow_Installer\DaemonTools_WhenUSaveNow_Installer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
C:\Program Files\eMule\emule.exe -AutoStart
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gegfxxqiqj]
c:\windows\system32\gegfxxqiqj.exe gegfxxqiqj
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\windows\system\hpsysdrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaDICO36]
C:\Program Files\Micro Application\36 Dictionnaires et Recueils de Correspondance\LanceMediaDICO36.exe Lancement
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
"C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
"c:\Program Files\Microsoft Money\System\mnyexpr.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\System32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]
rundll32.exe nview.dll,nViewLoadHook
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet /keeploaded /nodetect
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeGuard RegChecker]
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCS]
"C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
C:\WINDOWS\system32\ps2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
"C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowShifter TVTV EPG Daemon]
"C:\Program Files\Home Media Networks Limited\ShowShifter\TVTVD.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
"C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier2.exe]
C:\Program Files\SuperCopier2\SuperCopier2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\switp]
C:\WINDOWS\switpb.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINSOS VERIFY]
"C:\Program Files\Winsos\WINSOS.EXE" MINI
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC]
"C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
R0 a347bus;a347bus;C:\WINDOWS\system32\DRIVERS\a347bus.sys
R0 a347scsi;a347scsi;C:\WINDOWS\system32\Drivers\a347scsi.sys
S1 avgio;avgio;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys
S1 avipbb;avipbb;C:\WINDOWS\system32\DRIVERS\avipbb.sys
S1 ssmdrv;ssmdrv;C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
S2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys
S2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys
S2 SBKUPNT;SBKUPNT;\??\C:\WINDOWS\System32\Drivers\SBKUPNT.SYS
S2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 avgntflt;avgntflt;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys
S3 driverhardwarev2;driverhardwarev2;\??\C:\Program Files\HardwareDetection\driverhardwarev2.sys
S3 PAC7311;VGA SoC PC-Camer@;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys
S3 Tetris;Tetris driver;C:\WINDOWS\system32\Drivers\Tetris.sys
S3 USB28xxBGA;Pinnacle PCTV DVB-T USB Stick;C:\WINDOWS\system32\DRIVERS\emBDA.sys
S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
Contents of the 'Scheduled Tasks' folder
2006-02-12 04:18:51 C:\WINDOWS\Tasks\1-Click Maintenance.job
2006-02-12 04:18:44 C:\WINDOWS\Tasks\Connexion facile à Internet.job
2007-08-17 15:24:34 C:\WINDOWS\Tasks\Maintenance en 1 clic.job - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-22 21:51:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
Completion time: 2007-08-22 21:52:42
C:\ComboFix-quarantined-files.txt ... 2007-08-22 21:52
C:\ComboFix2.txt ... 2007-08-18 20:15
C:\ComboFix3.txt ... 2007-08-18 19:27
--- E O F ---
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.787 [GMT 2:00]
[i] ADS removed - C:\WINDOWS\system32\ntoskrnl.exe: Le fichier spécifié est introuvable. [/i]
((((((((((((((((((((((((( Files Created from 2007-07-22 to 2007-08-22 )))))))))))))))))))))))))))))))
2007-08-22 20:41 3,290 --a------ C:\WINDOWS\system32\gnc.exe
2007-08-22 19:36 <REP> d-------- C:\Program Files\Navilog1
2007-08-22 19:28 <REP> d-------- C:\Program Files\AxBx
2007-08-21 23:15 12 --a------ C:\WINDOWS\bthservsdp.dat
2007-08-21 01:52 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2007-08-21 01:52 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-08-21 01:52 28,160 --a--c--- C:\WINDOWS\system32\dllcache\irmon.dll
2007-08-21 01:52 28,160 --a------ C:\WINDOWS\system32\irmon.dll
2007-08-21 01:52 154,112 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
2007-08-21 01:52 154,112 --a------ C:\WINDOWS\system32\irftp.exe
2007-08-21 01:47 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bluetooth
2007-08-21 01:44 <REP> d-------- C:\Program Files\IVT Corporation
2007-08-21 01:35 <REP> d-------- C:\Program Files\CommentCaMarche
2007-08-18 18:08 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic
2007-08-18 17:48 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-08-18 17:02 11,776 --a------ C:\WINDOWS\system32\chkdsk.exe
2007-08-18 16:48 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-18 00:21 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-08-17 21:19 <REP> d-------- C:\Program Files\FileASSASSIN
2007-08-17 20:36 <REP> d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Comodo
2007-08-17 20:36 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-08-17 18:16 <REP> d-------- C:\WINDOWS\Internet Logs
2007-08-17 18:11 235,008 --a------ C:\WINDOWS\UNBOC.EXE
2007-08-17 18:11 208,896 --a------ C:\WINDOWS\CMDLIC.DLL
2007-08-17 18:11 <REP> d-------- C:\Program Files\Comodo
2007-08-17 18:08 <REP> d-------- C:\Program Files\RogueRemover FREE
2007-08-17 18:02 <REP> d-------- C:\DOCUME~1\PROPRI~1\.housecall6.6
2007-08-14 17:50 60,084 --a------ C:\WINDOWS\system32\drivers\srosa.sys
2007-08-08 20:15 <REP> d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Nokia Multimedia Player
2007-08-07 16:14 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite
2007-08-07 16:14 <REP> d-------- C:\Program Files\Fichiers communs\Nokia
2007-08-07 15:48 <REP> d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\ROUTE 66 Sync
2007-08-07 15:39 <REP> d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\AdobeAUM
2007-08-07 15:17 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
2007-08-03 18:56 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
2007-08-03 17:24 <REP> d-------- C:\Program Files\PC Connectivity Solution
2007-08-03 17:24 <REP> d-------- C:\Program Files\DIFX
2007-08-03 17:24 <REP> d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\PC Suite
2007-08-03 17:17 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
2007-07-30 17:21 <REP> d-------- C:\Program Files\Curious Labs
2007-07-30 16:54 <REP> d-------- C:\Program Files\Dark Basic Software
2007-07-29 16:52 2,322,176 --a------ C:\WINDOWS\system32\TUKernel.exe
2007-07-27 23:16 <REP> d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Joost
2007-07-27 19:59 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2007-07-27 19:59 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-07-27 19:59 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2007-07-27 19:59 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-07-27 19:59 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2007-07-27 19:59 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-07-27 02:16 <REP> d-------- C:\Program Files\Live_TV
2007-07-25 15:55 <REP> d-------- C:\Program Files\ItsLabel
2007-07-25 15:50 <REP> d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\ItsLabel
2007-07-24 19:56 <REP> d-------- C:\DJGateFirst
2007-07-24 19:55 73,216 --a------ C:\WINDOWS\ST5UNST.EXE
2007-07-22 19:39 3,107 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
2007-07-22 19:35 <REP> d-------- C:\Program Files\foobar2000
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-22 19:48 --------- d-------- C:\Program Files\a-squared Free
2007-08-22 04:20 --------- d-------- C:\Program Files\eMule
2007-08-18 17:45 --------- d-------- C:\Program Files\Sony
2007-08-18 17:43 --------- d-------- C:\Program Files\Windows Live Toolbar
2007-08-18 17:29 --------- d-------- C:\Program Files\Zylom Games
2007-08-18 17:25 --------- d-------- C:\Program Files\Opera
2007-08-18 17:21 --------- d-------- C:\Program Files\Hewlett-Packard
2007-08-18 17:20 --------- d-a------ C:\Program Files\Easy Internet signup
2007-08-18 17:19 --------- d-------- C:\Program Files\BeClean
2007-08-17 18:55 --------- d-------- C:\Program Files\SuperCopier2
2007-08-17 18:54 --------- d-------- C:\Program Files\MSN Messenger
2007-08-17 18:54 --------- d-------- C:\Program Files\Google
2007-08-14 20:32 --------- d-------- C:\Program Files\Online TV Player
2007-08-10 18:30 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Google
2007-08-07 20:04 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\AdobeUM
2007-08-07 16:14 --------- d-------- C:\Program Files\Nokia
2007-08-07 15:34 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Ulead Systems
2007-08-07 15:26 --------- d-------- C:\Program Files\Fichiers communs\Ulead Systems
2007-08-07 15:23 --------- d-------- C:\Program Files\Ulead Systems
2007-08-07 15:22 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-03 18:58 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Nokia
2007-07-30 19:19 92504 --a--c--- C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a--c--- C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a--c--- C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a--c--- C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a--c--- C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a--c--- C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a--c--- C:\WINDOWS\system32\dllcache\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-29 19:52 --------- d-------- C:\Program Files\eoRezo
2007-07-29 19:52 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\EoRezo
2007-07-29 17:06 --------- d-------- C:\Program Files\WebEye
2007-07-29 17:06 --------- d-------- C:\Program Files\TuneUp Utilities 2006
2007-07-29 17:06 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\teamspeak2
2007-07-29 17:06 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Skype
2007-07-29 17:06 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\OTVREG
2007-07-28 00:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-07-28 00:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-28 00:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-28 00:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-27 23:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-27 23:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-27 23:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-07-19 08:58 3583488 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-13 01:30 765952 --a--c--- C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-07 21:20 --------- d-------- C:\Program Files\Oak Systems
2007-07-07 16:17 --------- d-------- C:\Program Files\CCleaner
2007-07-06 04:13 --------- d-------- C:\Program Files\Audacity
2007-07-06 04:11 --------- d-------- C:\Program Files\PiloteContactV2
2007-07-06 04:11 --------- d-------- C:\Program Files\Fichiers communs\SONY Digital Images
2007-07-06 04:10 --------- d-------- C:\Program Files\PeerTV
2007-07-06 04:09 --------- d-a------ C:\Program Files\Microsoft AutoRoute
2007-07-06 04:09 --------- d-a------ C:\Program Files\InterVideo
2007-07-06 04:09 --------- d-------- C:\Program Files\Web TV
2007-07-06 04:09 --------- d-------- C:\Program Files\mp3cd
2007-07-06 03:16 --------- d-------- C:\Program Files\DivX
2007-07-06 03:01 --------- d-------- C:\Program Files\muvee Technologies
2007-07-06 03:01 --------- d-------- C:\Program Files\Fichiers communs\muvee Technologies
2007-07-03 02:32 --------- d-------- C:\Program Files\Magellan
2007-06-30 02:21 --------- d-------- C:\Program Files\Activision
2007-06-29 15:22 --------- d-------- C:\Program Files\Red Kawa
2007-06-27 15:24 823808 --a--c--- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 15:24 671232 --a--c--- C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 15:24 477696 --a--c--- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 15:24 232960 -----c--- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 15:24 193024 --a--c--- C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 15:24 1152000 --a--c--- C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 15:24 105984 -----c--- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 15:24 102400 -----c--- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 15:23 6058496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 15:23 52224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 15:23 459264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 15:23 44544 -----c--- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 15:23 27648 --a--c--- C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 15:23 267776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 15:22 384512 -----c--- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 15:22 383488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 15:22 230400 -----c--- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 15:22 153088 -----c--- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 15:22 132608 --a--c--- C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 15:22 124928 -----c--- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 10:28 625152 -----c--- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 10:27 63488 -----c--- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 10:27 13824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 09:00 161792 --a--c--- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 08:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 08:09 1104896 -----c--- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 15:32 282112 -----c--- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 15:22 1037312 --a------ C:\WINDOWS\explorer.exe
2007-06-13 15:22 1037312 -----c--- C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-11 23:51 10834944 --a--c--- C:\WINDOWS\system32\dllcache\wmp.dll
2007-06-08 08:11 831048 --a------ C:\WINDOWS\system32\WudfUpdate_01005.dll
2005-12-28 04:21:21 56 --sha-r C:\WINDOWS\system32\4D8204BC78.sys.vir
2006-02-20 21:56:52 8 --sha-r C:\WINDOWS\system32\928FA019FB.sys.vir
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-08-18 18:03]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 17:10 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-26 08:23]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-07-16 17:33:36]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"=00000000
"ForceActiveDesktop"=0 (0x0)
"NoActiveDesktopChanges"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hp psc 1000 series.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hp psc 1000 series.lnk
backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hpoddt01.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hpoddt01.exe.lnk
backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Acrobat.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Acrobat.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Acrobat.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide de Microsoft Office OneNote 2003.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide de Microsoft Office OneNote 2003.lnk
backup=C:\WINDOWS\pss\Lancement rapide de Microsoft Office OneNote 2003.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^SnagIt 8.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\SnagIt 8.lnk
backup=C:\WINDOWS\pss\SnagIt 8.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
"C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
ALCXMNTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
Ati2mdxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
"C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVPCC]
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /wait
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BOC-425]
C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Firewall Pro]
"C:\Program Files\Comodo\Firewall\CPF.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DaemonTools_WhenUSaveNow_Installer]
C:\Program Files\DaemonTools_WhenUSaveNow_Installer\DaemonTools_WhenUSaveNow_Installer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
C:\Program Files\eMule\emule.exe -AutoStart
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gegfxxqiqj]
c:\windows\system32\gegfxxqiqj.exe gegfxxqiqj
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\windows\system\hpsysdrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaDICO36]
C:\Program Files\Micro Application\36 Dictionnaires et Recueils de Correspondance\LanceMediaDICO36.exe Lancement
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
"C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
"c:\Program Files\Microsoft Money\System\mnyexpr.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\System32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]
rundll32.exe nview.dll,nViewLoadHook
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet /keeploaded /nodetect
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeGuard RegChecker]
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCS]
"C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
C:\WINDOWS\system32\ps2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
"C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowShifter TVTV EPG Daemon]
"C:\Program Files\Home Media Networks Limited\ShowShifter\TVTVD.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
"C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier2.exe]
C:\Program Files\SuperCopier2\SuperCopier2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\switp]
C:\WINDOWS\switpb.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINSOS VERIFY]
"C:\Program Files\Winsos\WINSOS.EXE" MINI
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC]
"C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
R0 a347bus;a347bus;C:\WINDOWS\system32\DRIVERS\a347bus.sys
R0 a347scsi;a347scsi;C:\WINDOWS\system32\Drivers\a347scsi.sys
S1 avgio;avgio;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys
S1 avipbb;avipbb;C:\WINDOWS\system32\DRIVERS\avipbb.sys
S1 ssmdrv;ssmdrv;C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
S2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys
S2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys
S2 SBKUPNT;SBKUPNT;\??\C:\WINDOWS\System32\Drivers\SBKUPNT.SYS
S2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 avgntflt;avgntflt;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys
S3 driverhardwarev2;driverhardwarev2;\??\C:\Program Files\HardwareDetection\driverhardwarev2.sys
S3 PAC7311;VGA SoC PC-Camer@;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys
S3 Tetris;Tetris driver;C:\WINDOWS\system32\Drivers\Tetris.sys
S3 USB28xxBGA;Pinnacle PCTV DVB-T USB Stick;C:\WINDOWS\system32\DRIVERS\emBDA.sys
S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
Contents of the 'Scheduled Tasks' folder
2006-02-12 04:18:51 C:\WINDOWS\Tasks\1-Click Maintenance.job
2006-02-12 04:18:44 C:\WINDOWS\Tasks\Connexion facile à Internet.job
2007-08-17 15:24:34 C:\WINDOWS\Tasks\Maintenance en 1 clic.job - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-22 21:51:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
Completion time: 2007-08-22 21:52:42
C:\ComboFix-quarantined-files.txt ... 2007-08-22 21:52
C:\ComboFix2.txt ... 2007-08-18 20:15
C:\ComboFix3.txt ... 2007-08-18 19:27
--- E O F ---
tiens...un espion!
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
ALCXMNTR.EXE
on va coller le signe - devant
copie /coller le texte ci dessous, enregistre le (avec notepad.exe ) sous sans les guillemets évidement !
"enlever_ALCXMNTR.reg"
-------------------------------------------
REGEDIT4
[-[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
ALCXMNTR.EXE
---------------------
double clic dessus
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
ALCXMNTR.EXE
on va coller le signe - devant
copie /coller le texte ci dessous, enregistre le (avec notepad.exe ) sous sans les guillemets évidement !
"enlever_ALCXMNTR.reg"
-------------------------------------------
REGEDIT4
[-[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
ALCXMNTR.EXE
---------------------
double clic dessus
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
faire ceci:
-----------------
Cliquer sur démarrer/panneau de configuration/outil/option des dossiers/affichage
Cocher « afficher les fichiers et dossiers cachés »
Décocher la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décocher « masquer les extensions dont le type est connu »
Puis faire «Ok» pour valider les changements.
---------------------------------------------------------------------
ensuite,
recherches ceci dans ton PC--->
ALCXMNTR.EXE
supprimes-le.
en cas de soucis de suppression.
Vérifies que le processus n'est pas lancé
https://leblogdeclaude.blogspot.com/2007/07/terminer-un-processus.html
ensuite si problème essayes en mode sans échec.
https://leblogdeclaude.blogspot.com/2007/04/informatique-rebooter-xp-en-mode-sans.html
si ça ne fonctionne pas, en dernier recours---->
https://leblogdeclaude.blogspot.com/2007/03/informatique-supprimer-un-programme.html
-----------------
Cliquer sur démarrer/panneau de configuration/outil/option des dossiers/affichage
Cocher « afficher les fichiers et dossiers cachés »
Décocher la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décocher « masquer les extensions dont le type est connu »
Puis faire «Ok» pour valider les changements.
---------------------------------------------------------------------
ensuite,
recherches ceci dans ton PC--->
ALCXMNTR.EXE
supprimes-le.
en cas de soucis de suppression.
Vérifies que le processus n'est pas lancé
https://leblogdeclaude.blogspot.com/2007/07/terminer-un-processus.html
ensuite si problème essayes en mode sans échec.
https://leblogdeclaude.blogspot.com/2007/04/informatique-rebooter-xp-en-mode-sans.html
si ça ne fonctionne pas, en dernier recours---->
https://leblogdeclaude.blogspot.com/2007/03/informatique-supprimer-un-programme.html
Wed Aug 22 03:49:11 2007
EliBagle v10.47 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Wed Aug 22 03:49:23 2007
EliBagle v10.47 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Thu Aug 23 19:44:58 2007
EliBagle v10.47 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Thu Aug 23 19:45:04 2007
EliBagle v10.47 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
EliBagle v10.47 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Wed Aug 22 03:49:23 2007
EliBagle v10.47 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Thu Aug 23 19:44:58 2007
EliBagle v10.47 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Thu Aug 23 19:45:04 2007
EliBagle v10.47 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\kbxwlipw
*******************
Script file located at: xfostyaq
Could not open script file! Error
Could not open script file! Status: 0xc000003b Abort!
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\kbxwlipw
*******************
Script file located at: xfostyaq
Could not open script file! Error
Could not open script file! Status: 0xc000003b Abort!
23/08/2007 a 20:05:31,43
*** Recherche des fichiers dans C:
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
*** Recherche des fichiers dans C:\Program Files
*** Fin du rapport !
*** Recherche des fichiers dans C:
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
*** Recherche des fichiers dans C:\Program Files
*** Fin du rapport !
quelque chose ne va pas dans ta manip.
Could not open script file! Status: 0xc000003b Abort!
fais la manip en mode sans échec, et vérifies que ton remove.txt est correct (clic sur propriété)
Could not open script file! Status: 0xc000003b Abort!
fais la manip en mode sans échec, et vérifies que ton remove.txt est correct (clic sur propriété)
Je l'ai fait en mode sans echec
j'ai utilisé remove.txt qui se trouve sur ton blog
faut il que je recomnce la manip depuis le debut?
j'ai utilisé remove.txt qui se trouve sur ton blog
faut il que je recomnce la manip depuis le debut?
Conclusion, il était caché dans un point de restauration !...et non dans le System. Hum! bonne leçon !
Seul un anti-virus peut détecter un point de restauration infecté.
F-secure /Bitdefender/Panda.
Fais un scan en ligne ici:
http://support.f-secure.fr/fra/home/ols.shtml
postes le rapport.
Seul un anti-virus peut détecter un point de restauration infecté.
F-secure /Bitdefender/Panda.
Fais un scan en ligne ici:
http://support.f-secure.fr/fra/home/ols.shtml
postes le rapport.
Scanning Report
Sunday, August 26, 2007 22:12:38 - 00:01:07
Computer name: PC-DE-MOINELE
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\
------------------------------------------------------------------------
Result: 8 malware found
Tracking Cookie
<http://cgi.f-secure.com/cgi-bin/websearch/vsearch.cgi?q=Tracking
Cookie&orig='disk'> (spyware)
* System (Disinfected)
* System
* System
* System
* System
* System
* System
* System
------------------------------------------------------------------------
Statistics
Scanned:
* Files: 91075
* System: 6549
* Not scanned: 11
Actions:
* Disinfected: 1
* Renamed: 0
* Deleted: 0
* None: 7
* Submitted: 0
Files not scanned:
* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\DTSCSI.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{B443B0FA-711F-4403-9B2F-295E44E83F5B}.BIN
------------------------------------------------------------------------
Options
Scanning engines:
* F-Secure Libra: 2.4.2, 2007-08-24
* F-Secure AVP: 7.0.171, 2007-08-26
* F-Secure Orion: 1.2.37, 2007-08-26
* F-Secure Blacklight: 1.0.64
* F-Secure Draco: 1.0.35, 0597-150-72
* F-Secure Pegasus: 1.19.0, 2007-07-20
Scanning options:
* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT
VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM
ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK
WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML
PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF
NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX
* Use Advanced heuristics
------------------------------------------------------------------------
Copyright © 1998-2006 Product support
<https://www.f-secure.com/en/home/support |Send virus sample to
F-Secure
<https://www.f-secure.com/en
F-Secure assumes no responsibility for material
created or published by third parties that F-Secure
World Wide Web pages have a link to. Unless you have
clearly stated otherwise, by submitting material to
any of our servers, for example by E-mail or via our
F-Secure's CGI E-mail, you agree that the material you
make available may be published in the F-Secure World
Wide Pages or hard-copy publications. You will reach
F-Secure public web site by clicking on underlined
links. While doing this, your access will be logged to
our private access statistics with your domain
name.This information will not be given to any third
party. You agree not to take action against us in
relation to material that you submit. Unless you have
clearly stated otherwise, by submitting material you
warrant that F-Secure may incorporate any concepts
described in it in the F-Secure products/publications
without liability.
Sunday, August 26, 2007 22:12:38 - 00:01:07
Computer name: PC-DE-MOINELE
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\
------------------------------------------------------------------------
Result: 8 malware found
Tracking Cookie
<http://cgi.f-secure.com/cgi-bin/websearch/vsearch.cgi?q=Tracking
Cookie&orig='disk'> (spyware)
* System (Disinfected)
* System
* System
* System
* System
* System
* System
* System
------------------------------------------------------------------------
Statistics
Scanned:
* Files: 91075
* System: 6549
* Not scanned: 11
Actions:
* Disinfected: 1
* Renamed: 0
* Deleted: 0
* None: 7
* Submitted: 0
Files not scanned:
* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\DTSCSI.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{B443B0FA-711F-4403-9B2F-295E44E83F5B}.BIN
------------------------------------------------------------------------
Options
Scanning engines:
* F-Secure Libra: 2.4.2, 2007-08-24
* F-Secure AVP: 7.0.171, 2007-08-26
* F-Secure Orion: 1.2.37, 2007-08-26
* F-Secure Blacklight: 1.0.64
* F-Secure Draco: 1.0.35, 0597-150-72
* F-Secure Pegasus: 1.19.0, 2007-07-20
Scanning options:
* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT
VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM
ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK
WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML
PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF
NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX
* Use Advanced heuristics
------------------------------------------------------------------------
Copyright © 1998-2006 Product support
<https://www.f-secure.com/en/home/support |Send virus sample to
F-Secure
<https://www.f-secure.com/en
F-Secure assumes no responsibility for material
created or published by third parties that F-Secure
World Wide Web pages have a link to. Unless you have
clearly stated otherwise, by submitting material to
any of our servers, for example by E-mail or via our
F-Secure's CGI E-mail, you agree that the material you
make available may be published in the F-Secure World
Wide Pages or hard-copy publications. You will reach
F-Secure public web site by clicking on underlined
links. While doing this, your access will be logged to
our private access statistics with your domain
name.This information will not be given to any third
party. You agree not to take action against us in
relation to material that you submit. Unless you have
clearly stated otherwise, by submitting material you
warrant that F-Secure may incorporate any concepts
described in it in the F-Secure products/publications
without liability.
