Pub spyware secure
Résolu
linus94
Messages postés
15
Statut
Membre
-
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité -
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité -
Bonjour,
j'ai de la pub spyware secure et des simulations de scan
il me propose egalement de faire un telechargement
je pense qu'il a ete installe avec internet games
pourriez vous m'aider à virer ça s'il vous plait?
j'ai de la pub spyware secure et des simulations de scan
il me propose egalement de faire un telechargement
je pense qu'il a ete installe avec internet games
pourriez vous m'aider à virer ça s'il vous plait?
A voir également:
- Pub spyware secure
- Supprimer pub youtube - Accueil - Streaming
- Stop pub gratuit - Télécharger - Divers Utilitaires
- Spyware doctor - Télécharger - Antivirus & Antimalwares
- Freewifi secure sans sim ✓ - Forum Réseau
- Fichier .pub ✓ - Forum Logiciels
28 réponses
Re,
il prend beaucoup de temps à s'executer le logiciel?
j'ai coché tous les boutons, j'ai cliqué sur restaurer mais je ne vois rien venir
quand je vais dans le gestionnaire de tache ,je vois pas de reponse
j'ai relancé une fois,c'est pareil
faut peut etre attendre
il prend beaucoup de temps à s'executer le logiciel?
j'ai coché tous les boutons, j'ai cliqué sur restaurer mais je ne vois rien venir
quand je vais dans le gestionnaire de tache ,je vois pas de reponse
j'ai relancé une fois,c'est pareil
faut peut etre attendre
non SmitfraudFix ne marche pas
une fois que je selectionne le 1, il passe à un autre ecran
plein de ligne d'accés refusé et la fenetre se ferme seule
même quand je lance hijackthis, j'ai des messages d'erreur
Logfile of HijackThis v1.99.1
Scan saved at 19:34:30, on 10/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Client\Bureau\hijackthis_199\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F8172DB-A5B1-4291-8E8D-686DAB68DB06}: NameServer = 213.36.80.1,0.0.0.0
O17 - HKLM\System\CS1\Services\Tcpip\..\{8F8172DB-A5B1-4291-8E8D-686DAB68DB06}: NameServer = 213.36.80.1,0.0.0.0
O17 - HKLM\System\CS2\Services\Tcpip\..\{8F8172DB-A5B1-4291-8E8D-686DAB68DB06}: NameServer = 213.36.80.1,0.0.0.0
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
une fois que je selectionne le 1, il passe à un autre ecran
plein de ligne d'accés refusé et la fenetre se ferme seule
même quand je lance hijackthis, j'ai des messages d'erreur
Logfile of HijackThis v1.99.1
Scan saved at 19:34:30, on 10/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Client\Bureau\hijackthis_199\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F8172DB-A5B1-4291-8E8D-686DAB68DB06}: NameServer = 213.36.80.1,0.0.0.0
O17 - HKLM\System\CS1\Services\Tcpip\..\{8F8172DB-A5B1-4291-8E8D-686DAB68DB06}: NameServer = 213.36.80.1,0.0.0.0
O17 - HKLM\System\CS2\Services\Tcpip\..\{8F8172DB-A5B1-4291-8E8D-686DAB68DB06}: NameServer = 213.36.80.1,0.0.0.0
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
Re,
télécharge combofix (par sUBs)ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
2 double-clique sur combofix.exe et suis les instructions
3 à la fin, il va produire un rapport C:\ComboFix.txt
4 copie/colle ce rapport dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
télécharge combofix (par sUBs)ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
2 double-clique sur combofix.exe et suis les instructions
3 à la fin, il va produire un rapport C:\ComboFix.txt
4 copie/colle ce rapport dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Bonjour,
voici le rapport Combofix (j'ai executé le logiciel en tant qu'admin)
ComboFix 07-12-09.1 - gaga 11/12/2007 11:52:55.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.54 [GMT 1:00]
Running from: C:\Documents and Settings\Client\Bureau\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Client\Application Data\ShoppingReport
C:\Documents and Settings\Client\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Client\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Client\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Client\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Client\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Client\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Client\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Documents and Settings\Invité\Bureau\internetgamebox.lnk
C:\Documents and Settings\Invité\Local Settings\Application Data\dpubwfn.dat
C:\Documents and Settings\Invité\Local Settings\Application Data\dpubwfn.exe
C:\Documents and Settings\Invité\Local Settings\Application Data\dpubwfn_nav.dat
C:\Documents and Settings\Invité\Local Settings\Application Data\dpubwfn_navps.dat
C:\Documents and Settings\Invité\Menu Démarrer\Programmes\InternetGameBox
C:\Documents and Settings\Invité\Menu Démarrer\Programmes\InternetGameBox\Conditions générales.lnk
C:\Documents and Settings\Invité\Menu Démarrer\Programmes\InternetGameBox\Confidentialité.lnk
C:\Documents and Settings\Invité\Menu Démarrer\Programmes\InternetGameBox\InternetGameBox.lnk
C:\Documents and Settings\Invité\Menu Démarrer\Programmes\InternetGameBox\Website.lnk
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés 2007-11-11 to 2007-12-11 ))))))))))))))))))))))))))))))))))))
.
2007-12-10 16:06 . 05/09/2007 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-12-10 16:06 . 05/06/2003 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-12-10 16:06 . 03/10/2007 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-10 13:44 . 10/12/2007 13:44 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-10 13:28 . 10/12/2007 13:28 <REP> d---s---- C:\Documents and Settings\Client\UserData
2007-12-09 13:18 . 09/12/2007 13:18 <REP> d-------- C:\Documents and Settings\Client\Application Data\Zango
2007-12-09 11:21 . 05/08/2004 13:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-12-08 18:33 . 10/12/2007 18:19 <REP> d-------- C:\Documents and Settings\Client\Contacts
2007-12-08 18:05 . 05/11/2007 15:16 <REP> d--h----- C:\Documents and Settings\Client\Voisinage réseau
2007-12-08 18:05 . 05/11/2007 15:16 <REP> d--h----- C:\Documents and Settings\Client\Voisinage d'impression
2007-12-08 18:05 . 05/11/2007 14:23 <REP> d--h----- C:\Documents and Settings\Client\Modèles
2007-12-08 18:05 . 08/12/2007 18:34 <REP> dr------- C:\Documents and Settings\Client\Mes documents
2007-12-08 18:05 . 05/11/2007 15:16 <REP> dr------- C:\Documents and Settings\Client\Menu Démarrer
2007-12-08 18:05 . 10/12/2007 13:40 <REP> dr------- C:\Documents and Settings\Client\Favoris
2007-12-08 18:05 . 11/12/2007 11:51 <REP> d-------- C:\Documents and Settings\Client\Bureau
2007-12-08 18:05 . 08/12/2007 18:05 <REP> d-------- C:\Documents and Settings\Client\Application Data\Grisoft
2007-12-08 17:45 . 08/12/2007 17:45 863,687 --a------ C:\upload_moi_gaga-58D91C2AF.tar.gz
2007-12-08 17:40 . 08/12/2007 17:40 <REP> d-------- C:\Documents and Settings\Invité\Application Data\Grisoft
2007-12-08 16:16 . 08/12/2007 16:16 <REP> d-------- C:\Documents and Settings\gaga\Application Data\Grisoft
2007-12-08 16:15 . 08/12/2007 16:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-08 16:15 . 30/05/2007 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-08 15:49 . 08/12/2007 16:12 <REP> d-------- C:\Program Files\CCleaner
2007-12-08 15:31 . 08/12/2007 15:31 <REP> d-------- C:\Program Files\Trend Micro
2007-12-08 13:01 . 10/12/2007 16:08 2,350 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-08 12:59 . 27/04/2006 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-12-08 12:59 . 31/07/2004 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-12-08 12:23 . 10/12/2007 12:29 <REP> d-------- C:\Program Files\Navilog1
2007-12-07 19:00 . 08/12/2007 18:04 <REP> d-------- C:\Documents and Settings\Invité\Application Data\OpenOffice.org2
2007-12-06 15:50 . 05/11/2007 15:16 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2007-12-06 15:50 . 05/11/2007 15:16 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-12-06 15:50 . 05/11/2007 14:23 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2007-12-06 15:50 . 08/12/2007 10:47 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2007-12-06 15:50 . 05/11/2007 15:16 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2007-12-06 15:50 . 05/11/2007 15:16 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2007-12-06 15:50 . 08/12/2007 10:48 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2007-12-05 17:53 . 05/12/2007 17:54 <REP> d-------- C:\Program Files\OpenOffice.org 2.3
2007-12-05 17:53 . 08/12/2007 16:06 <REP> d-------- C:\Program Files\Java
2007-12-05 17:53 . 05/12/2007 17:53 <REP> d-------- C:\Program Files\Fichiers communs\Java
2007-12-05 17:53 . 24/09/2007 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-05 15:59 . 05/12/2007 15:59 268 --ah----- C:\sqmdata01.sqm
2007-12-05 15:59 . 05/12/2007 15:59 244 --ah----- C:\sqmnoopt01.sqm
2007-12-05 15:40 . 05/12/2007 15:40 <REP> d-------- C:\WINDOWS\report
2007-12-05 15:40 . 05/12/2007 15:40 <REP> d-------- C:\WINDOWS\AU_Backup
2007-12-05 15:40 . 05/12/2007 15:40 39,854,973 --a------ C:\WINDOWS\VPTNFILE.863
2007-12-05 15:40 . 05/12/2007 15:40 39,854,973 --a------ C:\WINDOWS\LPT$VPN.863
2007-12-05 15:40 . 05/12/2007 15:40 1,902,547 --a------ C:\WINDOWS\tsc.ptn
2007-12-05 15:40 . 05/12/2007 15:40 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2007-12-05 15:40 . 05/12/2007 15:40 267,845 --a------ C:\WINDOWS\tsc.exe
2007-12-05 15:40 . 05/12/2007 15:40 86,094 --a------ C:\WINDOWS\BPMNT.dll
2007-12-05 15:40 . 05/12/2007 15:40 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2007-12-05 15:40 . 05/12/2007 15:56 823 --a------ C:\WINDOWS\tsc.ini
2007-12-05 15:37 . 05/12/2007 15:40 <REP> d-------- C:\WINDOWS\AU_Temp
2007-12-05 15:37 . 05/12/2007 15:37 <REP> d-------- C:\WINDOWS\AU_Log
2007-12-05 15:37 . 05/12/2007 15:37 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2007-12-05 15:37 . 05/12/2007 15:37 286,720 --a------ C:\WINDOWS\PATCH.EXE
2007-12-05 15:37 . 05/12/2007 15:37 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2007-12-05 15:37 . 05/12/2007 15:37 170 --a------ C:\WINDOWS\GetServer.ini
2007-12-05 15:12 . 18/01/2007 13:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-12-04 19:16 . 04/12/2007 19:16 268 --ah----- C:\sqmdata00.sqm
2007-12-04 19:16 . 04/12/2007 19:16 244 --ah----- C:\sqmnoopt00.sqm
2007-11-27 13:22 . 27/11/2007 13:22 <REP> d-------- C:\Documents and Settings\Invité\Application Data\Yahoo!
2007-11-24 11:02 . 24/11/2007 11:02 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-23 18:09 . 05/12/2007 16:41 <REP> d-------- C:\Documents and Settings\gaga\Contacts
2007-11-23 18:08 . 23/11/2007 18:08 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-11-23 18:08 . 23/11/2007 18:08 <REP> d-------- C:\Program Files\MSN Messenger
2007-11-23 12:56 . 30/07/2007 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-11-23 12:56 . 30/07/2007 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-11-23 12:56 . 30/07/2007 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-11-22 19:12 . 22/11/2007 19:12 <REP> d-------- C:\Program Files\Windows Live
2007-11-22 19:12 . 22/11/2007 19:12 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-11-22 19:12 . 22/11/2007 19:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-22 19:04 . 24/11/2007 11:05 <REP> d--h----- C:\WINDOWS\$hf_mig$
2007-11-22 19:04 . 28/06/2005 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-11-22 18:24 . 05/12/2007 17:33 <REP> d-------- C:\logiciels
2007-11-20 18:36 . 20/11/2007 18:36 <REP> d-------- C:\Documents and Settings\Invité\Application Data\MSNInstaller
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-05 15:12 --------- d-----w C:\Program Files\Alwil Software
2007-11-05 14:34 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2007-11-05 14:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-05 14:33 --------- d-----w C:\Program Files\Logitech
2007-11-05 14:33 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-11-05 14:19 --------- d-----w C:\Program Files\EPSON
2007-11-05 14:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\UDL
2007-11-05 14:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-05 14:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-11-05 14:09 --------- d-----w C:\Program Files\Yahoo!
2007-11-05 14:05 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-11-05 13:58 --------- d-----w C:\Documents and Settings\gaga\Application Data\MSNInstaller
2007-11-05 13:27 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-05 13:25 --------- d-----w C:\Program Files\Services en ligne
2007-11-05 13:24 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-11-01 14:41 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-11-01 14:41 --------- d-----w C:\Program Files\Fichiers communs\ODBC
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [05/08/2004 13:00]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [30/08/2007 17:43]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 12:55]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 19:51]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [14/12/2004 18:19]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [14/12/2004 18:57]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [14/12/2004 18:51]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [06/09/2007 12:06]
"SoundMan"="SOUNDMAN.EXE" [22/09/2005 17:42 C:\WINDOWS\SOUNDMAN.EXE]
"VTTimer"="VTTimer.exe" [08/03/2005 04:33 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [11/03/2005 18:33 C:\WINDOWS\system32\VTTrayp.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11]
"!AVG Anti-Spyware"="C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 10:25]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [05/08/2004 13:00]
C:\Documents and Settings\Invit‚\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL
\Shell\Open\command - Boot.exe e
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
**************************************************************************
catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-11 11:54:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 11/12/2007 11:54:39
.
--- E O F ---
voici le rapport Combofix (j'ai executé le logiciel en tant qu'admin)
ComboFix 07-12-09.1 - gaga 11/12/2007 11:52:55.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.54 [GMT 1:00]
Running from: C:\Documents and Settings\Client\Bureau\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Client\Application Data\ShoppingReport
C:\Documents and Settings\Client\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Client\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Client\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Client\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Client\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Client\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Client\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Documents and Settings\Invité\Bureau\internetgamebox.lnk
C:\Documents and Settings\Invité\Local Settings\Application Data\dpubwfn.dat
C:\Documents and Settings\Invité\Local Settings\Application Data\dpubwfn.exe
C:\Documents and Settings\Invité\Local Settings\Application Data\dpubwfn_nav.dat
C:\Documents and Settings\Invité\Local Settings\Application Data\dpubwfn_navps.dat
C:\Documents and Settings\Invité\Menu Démarrer\Programmes\InternetGameBox
C:\Documents and Settings\Invité\Menu Démarrer\Programmes\InternetGameBox\Conditions générales.lnk
C:\Documents and Settings\Invité\Menu Démarrer\Programmes\InternetGameBox\Confidentialité.lnk
C:\Documents and Settings\Invité\Menu Démarrer\Programmes\InternetGameBox\InternetGameBox.lnk
C:\Documents and Settings\Invité\Menu Démarrer\Programmes\InternetGameBox\Website.lnk
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés 2007-11-11 to 2007-12-11 ))))))))))))))))))))))))))))))))))))
.
2007-12-10 16:06 . 05/09/2007 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-12-10 16:06 . 05/06/2003 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-12-10 16:06 . 03/10/2007 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-10 13:44 . 10/12/2007 13:44 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-10 13:28 . 10/12/2007 13:28 <REP> d---s---- C:\Documents and Settings\Client\UserData
2007-12-09 13:18 . 09/12/2007 13:18 <REP> d-------- C:\Documents and Settings\Client\Application Data\Zango
2007-12-09 11:21 . 05/08/2004 13:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-12-08 18:33 . 10/12/2007 18:19 <REP> d-------- C:\Documents and Settings\Client\Contacts
2007-12-08 18:05 . 05/11/2007 15:16 <REP> d--h----- C:\Documents and Settings\Client\Voisinage réseau
2007-12-08 18:05 . 05/11/2007 15:16 <REP> d--h----- C:\Documents and Settings\Client\Voisinage d'impression
2007-12-08 18:05 . 05/11/2007 14:23 <REP> d--h----- C:\Documents and Settings\Client\Modèles
2007-12-08 18:05 . 08/12/2007 18:34 <REP> dr------- C:\Documents and Settings\Client\Mes documents
2007-12-08 18:05 . 05/11/2007 15:16 <REP> dr------- C:\Documents and Settings\Client\Menu Démarrer
2007-12-08 18:05 . 10/12/2007 13:40 <REP> dr------- C:\Documents and Settings\Client\Favoris
2007-12-08 18:05 . 11/12/2007 11:51 <REP> d-------- C:\Documents and Settings\Client\Bureau
2007-12-08 18:05 . 08/12/2007 18:05 <REP> d-------- C:\Documents and Settings\Client\Application Data\Grisoft
2007-12-08 17:45 . 08/12/2007 17:45 863,687 --a------ C:\upload_moi_gaga-58D91C2AF.tar.gz
2007-12-08 17:40 . 08/12/2007 17:40 <REP> d-------- C:\Documents and Settings\Invité\Application Data\Grisoft
2007-12-08 16:16 . 08/12/2007 16:16 <REP> d-------- C:\Documents and Settings\gaga\Application Data\Grisoft
2007-12-08 16:15 . 08/12/2007 16:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-08 16:15 . 30/05/2007 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-08 15:49 . 08/12/2007 16:12 <REP> d-------- C:\Program Files\CCleaner
2007-12-08 15:31 . 08/12/2007 15:31 <REP> d-------- C:\Program Files\Trend Micro
2007-12-08 13:01 . 10/12/2007 16:08 2,350 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-08 12:59 . 27/04/2006 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-12-08 12:59 . 31/07/2004 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-12-08 12:23 . 10/12/2007 12:29 <REP> d-------- C:\Program Files\Navilog1
2007-12-07 19:00 . 08/12/2007 18:04 <REP> d-------- C:\Documents and Settings\Invité\Application Data\OpenOffice.org2
2007-12-06 15:50 . 05/11/2007 15:16 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2007-12-06 15:50 . 05/11/2007 15:16 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-12-06 15:50 . 05/11/2007 14:23 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2007-12-06 15:50 . 08/12/2007 10:47 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2007-12-06 15:50 . 05/11/2007 15:16 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2007-12-06 15:50 . 05/11/2007 15:16 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2007-12-06 15:50 . 08/12/2007 10:48 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2007-12-05 17:53 . 05/12/2007 17:54 <REP> d-------- C:\Program Files\OpenOffice.org 2.3
2007-12-05 17:53 . 08/12/2007 16:06 <REP> d-------- C:\Program Files\Java
2007-12-05 17:53 . 05/12/2007 17:53 <REP> d-------- C:\Program Files\Fichiers communs\Java
2007-12-05 17:53 . 24/09/2007 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-05 15:59 . 05/12/2007 15:59 268 --ah----- C:\sqmdata01.sqm
2007-12-05 15:59 . 05/12/2007 15:59 244 --ah----- C:\sqmnoopt01.sqm
2007-12-05 15:40 . 05/12/2007 15:40 <REP> d-------- C:\WINDOWS\report
2007-12-05 15:40 . 05/12/2007 15:40 <REP> d-------- C:\WINDOWS\AU_Backup
2007-12-05 15:40 . 05/12/2007 15:40 39,854,973 --a------ C:\WINDOWS\VPTNFILE.863
2007-12-05 15:40 . 05/12/2007 15:40 39,854,973 --a------ C:\WINDOWS\LPT$VPN.863
2007-12-05 15:40 . 05/12/2007 15:40 1,902,547 --a------ C:\WINDOWS\tsc.ptn
2007-12-05 15:40 . 05/12/2007 15:40 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2007-12-05 15:40 . 05/12/2007 15:40 267,845 --a------ C:\WINDOWS\tsc.exe
2007-12-05 15:40 . 05/12/2007 15:40 86,094 --a------ C:\WINDOWS\BPMNT.dll
2007-12-05 15:40 . 05/12/2007 15:40 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2007-12-05 15:40 . 05/12/2007 15:56 823 --a------ C:\WINDOWS\tsc.ini
2007-12-05 15:37 . 05/12/2007 15:40 <REP> d-------- C:\WINDOWS\AU_Temp
2007-12-05 15:37 . 05/12/2007 15:37 <REP> d-------- C:\WINDOWS\AU_Log
2007-12-05 15:37 . 05/12/2007 15:37 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2007-12-05 15:37 . 05/12/2007 15:37 286,720 --a------ C:\WINDOWS\PATCH.EXE
2007-12-05 15:37 . 05/12/2007 15:37 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2007-12-05 15:37 . 05/12/2007 15:37 170 --a------ C:\WINDOWS\GetServer.ini
2007-12-05 15:12 . 18/01/2007 13:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-12-04 19:16 . 04/12/2007 19:16 268 --ah----- C:\sqmdata00.sqm
2007-12-04 19:16 . 04/12/2007 19:16 244 --ah----- C:\sqmnoopt00.sqm
2007-11-27 13:22 . 27/11/2007 13:22 <REP> d-------- C:\Documents and Settings\Invité\Application Data\Yahoo!
2007-11-24 11:02 . 24/11/2007 11:02 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-23 18:09 . 05/12/2007 16:41 <REP> d-------- C:\Documents and Settings\gaga\Contacts
2007-11-23 18:08 . 23/11/2007 18:08 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-11-23 18:08 . 23/11/2007 18:08 <REP> d-------- C:\Program Files\MSN Messenger
2007-11-23 12:56 . 30/07/2007 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-11-23 12:56 . 30/07/2007 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-11-23 12:56 . 30/07/2007 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-11-22 19:12 . 22/11/2007 19:12 <REP> d-------- C:\Program Files\Windows Live
2007-11-22 19:12 . 22/11/2007 19:12 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-11-22 19:12 . 22/11/2007 19:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-22 19:04 . 24/11/2007 11:05 <REP> d--h----- C:\WINDOWS\$hf_mig$
2007-11-22 19:04 . 28/06/2005 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-11-22 18:24 . 05/12/2007 17:33 <REP> d-------- C:\logiciels
2007-11-20 18:36 . 20/11/2007 18:36 <REP> d-------- C:\Documents and Settings\Invité\Application Data\MSNInstaller
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-05 15:12 --------- d-----w C:\Program Files\Alwil Software
2007-11-05 14:34 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2007-11-05 14:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-05 14:33 --------- d-----w C:\Program Files\Logitech
2007-11-05 14:33 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-11-05 14:19 --------- d-----w C:\Program Files\EPSON
2007-11-05 14:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\UDL
2007-11-05 14:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-05 14:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-11-05 14:09 --------- d-----w C:\Program Files\Yahoo!
2007-11-05 14:05 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-11-05 13:58 --------- d-----w C:\Documents and Settings\gaga\Application Data\MSNInstaller
2007-11-05 13:27 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-05 13:25 --------- d-----w C:\Program Files\Services en ligne
2007-11-05 13:24 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-11-01 14:41 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-11-01 14:41 --------- d-----w C:\Program Files\Fichiers communs\ODBC
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [05/08/2004 13:00]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [30/08/2007 17:43]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 12:55]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 19:51]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [14/12/2004 18:19]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [14/12/2004 18:57]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [14/12/2004 18:51]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [06/09/2007 12:06]
"SoundMan"="SOUNDMAN.EXE" [22/09/2005 17:42 C:\WINDOWS\SOUNDMAN.EXE]
"VTTimer"="VTTimer.exe" [08/03/2005 04:33 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [11/03/2005 18:33 C:\WINDOWS\system32\VTTrayp.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11]
"!AVG Anti-Spyware"="C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 10:25]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [05/08/2004 13:00]
C:\Documents and Settings\Invit‚\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL
\Shell\Open\command - Boot.exe e
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
**************************************************************************
catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-11 11:54:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 11/12/2007 11:54:39
.
--- E O F ---
