Ordinateur infecté, je fais quoi??!
véro2008
-
véro2008 -
véro2008 -
Bonjour,
Apparemment mon ordinateur est infecté par des spywares, j'ai essayé de les supprimer mais j'y arrive pas. Si quelqu'un peut m'aider qu'il n'hésite pas. Voila le rapport de Hijackthis et merci d'avance!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:49:15, on 29/12/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Windows\System32\wupeng.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Ferdaws\AppData\Local\nggefxxqqi.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [Winupdate Engine] C:\Windows\system32\wupeng.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Uninstall_CToolbar] "C:\Windows\Temp\CTun.exe" "/remove"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [nggefxxqqi] c:\users\ferdaws\appdata\local\nggefxxqqi.exe nggefxxqqi
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Widget_MTV.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk789MXTN
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/SmileyCentralFWBInitialSetup1.0.1.0.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6CCE3920-3183-4B3D-808A-B12EB769DE12} (CSS Web Installer Class) - http://ww11.commandondemand.com/eval/cod/cabs/cssweb.cab
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Apparemment mon ordinateur est infecté par des spywares, j'ai essayé de les supprimer mais j'y arrive pas. Si quelqu'un peut m'aider qu'il n'hésite pas. Voila le rapport de Hijackthis et merci d'avance!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:49:15, on 29/12/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Windows\System32\wupeng.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Ferdaws\AppData\Local\nggefxxqqi.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [Winupdate Engine] C:\Windows\system32\wupeng.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Uninstall_CToolbar] "C:\Windows\Temp\CTun.exe" "/remove"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [nggefxxqqi] c:\users\ferdaws\appdata\local\nggefxxqqi.exe nggefxxqqi
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Widget_MTV.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk789MXTN
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/SmileyCentralFWBInitialSetup1.0.1.0.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6CCE3920-3183-4B3D-808A-B12EB769DE12} (CSS Web Installer Class) - http://ww11.commandondemand.com/eval/cod/cabs/cssweb.cab
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
A voir également:
- Ordinateur infecté, je fais quoi??!
- Ordinateur qui rame - Guide
- Comment réinitialiser un ordinateur - Guide
- Clavier de l'ordinateur - Guide
- # Sur ordinateur - Guide
- Pad ordinateur bloqué - Guide
67 réponses
Et voila le rapport HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:48:59, on 02/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [Winupdate Engine] C:\Windows\system32\wupeng.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Widget_MTV.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/SmileyCentralFWBInitialSetup1.0.1.0.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6CCE3920-3183-4B3D-808A-B12EB769DE12} (CSS Web Installer Class) - http://ww11.commandondemand.com/eval/cod/cabs/cssweb.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB9C2F74-AA9A-45FA-82E0-0FE518926AE7}: NameServer = 193.95.93.77 193.95.122.40
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:48:59, on 02/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [Winupdate Engine] C:\Windows\system32\wupeng.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Widget_MTV.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/SmileyCentralFWBInitialSetup1.0.1.0.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6CCE3920-3183-4B3D-808A-B12EB769DE12} (CSS Web Installer Class) - http://ww11.commandondemand.com/eval/cod/cabs/cssweb.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB9C2F74-AA9A-45FA-82E0-0FE518926AE7}: NameServer = 193.95.93.77 193.95.122.40
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Re,
J'espere que tu en as pas marre, il en reste encore un peu.
Télécharge http://cluster1.easy-hebergement.net/ de Bibi26.
[*]Dézippe l'archive sur ton Bureau.
[*]Ouvre le dossier BTFix.
[*]Double clique sur BTFix.exe.
[*]Clique sur Rechercher.
[*]Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.
J'espere que tu en as pas marre, il en reste encore un peu.
Télécharge http://cluster1.easy-hebergement.net/ de Bibi26.
[*]Dézippe l'archive sur ton Bureau.
[*]Ouvre le dossier BTFix.
[*]Double clique sur BTFix.exe.
[*]Clique sur Rechercher.
[*]Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.
Salut,
A vrai dire je commence à avoir assez de tous ces virus!
Voila le rapport et s'il te plaît dis moi que c'est fini qu'il y en plus (°°)
BTFix 1.068 (par bibi26) - 03/01/2008 20:35:16 - Analyse
Lancé depuis C:\Users\Ferdaws\Desktop\BTFix\BTFix\BTFix.exe
---> Fichiers/Dossiers trouvés
- C:\Windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf
- C:\Users\Ferdaws\AppData\Roaming\WeatherDPA
- C:\ProgramData\Application Data\GamesBar
- C:\ProgramData\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar
---> Analyse terminée
A vrai dire je commence à avoir assez de tous ces virus!
Voila le rapport et s'il te plaît dis moi que c'est fini qu'il y en plus (°°)
BTFix 1.068 (par bibi26) - 03/01/2008 20:35:16 - Analyse
Lancé depuis C:\Users\Ferdaws\Desktop\BTFix\BTFix\BTFix.exe
---> Fichiers/Dossiers trouvés
- C:\Windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf
- C:\Users\Ferdaws\AppData\Roaming\WeatherDPA
- C:\ProgramData\Application Data\GamesBar
- C:\ProgramData\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar
---> Analyse terminée
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Si encore, desole.
[*]Ouvre BTFix.
[*]Clique sur ettoyer.
[*]Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.
[*]Ouvre BTFix.
[*]Clique sur ettoyer.
[*]Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.
BTFix 1.068 (par bibi26) - 04/01/2008 18:26:40 - Nettoyage - Mode sans échec
Lancé depuis C:\Users\Ferdaws\Desktop\BTFix\BTFix\BTFix.exe
---> Fichiers/dossiers supprimés
- Fichiers temporaires effacés
- C:\Windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf
- C:\Users\Ferdaws\AppData\Roaming\WeatherDPA
- C:\ProgramData\Application Data\GamesBar (erreur lors de la suppression)
- C:\ProgramData\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (erreur lors de la suppression)
- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar
---> Nettoyage terminé
Lancé depuis C:\Users\Ferdaws\Desktop\BTFix\BTFix\BTFix.exe
---> Fichiers/dossiers supprimés
- Fichiers temporaires effacés
- C:\Windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf
- C:\Users\Ferdaws\AppData\Roaming\WeatherDPA
- C:\ProgramData\Application Data\GamesBar (erreur lors de la suppression)
- C:\ProgramData\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (erreur lors de la suppression)
- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar
---> Nettoyage terminé
C'est le même rapport! J'ai ressayer plusieurs fois mais il y a toujours une erreur lors de la suppression de ces deux derniers.
BTFix 1.068 (par bibi26) - 05/01/2008 19:47:41 - Nettoyage - Mode sans échec
Lancé depuis C:\Users\Ferdaws\Desktop\BTFix\BTFix\BTFix.exe
---> Fichiers/dossiers supprimés
- Fichiers temporaires effacés
- C:\ProgramData\Application Data\GamesBar (erreur lors de la suppression)
- C:\ProgramData\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (erreur lors de la suppression)
---> Nettoyage terminé
BTFix 1.068 (par bibi26) - 05/01/2008 19:47:41 - Nettoyage - Mode sans échec
Lancé depuis C:\Users\Ferdaws\Desktop\BTFix\BTFix\BTFix.exe
---> Fichiers/dossiers supprimés
- Fichiers temporaires effacés
- C:\ProgramData\Application Data\GamesBar (erreur lors de la suppression)
- C:\ProgramData\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (erreur lors de la suppression)
---> Nettoyage terminé
Coucou Véro,
Bien dormie?
¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Winupdate Engine] C:\Windows\system32\wupeng.exe
Ferme Hijackthis.
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
Enregistre ce fichier sous le nom CFScript
[*]Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
[*]Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) ,tape 1puis valide.
[*]Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
[*]Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis
[*]Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
A+
Bien dormie?
¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Winupdate Engine] C:\Windows\system32\wupeng.exe
Ferme Hijackthis.
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File:: C:\Windows\system32\wupeng.ex Folder:: C:\ProgramData\Application Data\GamesBar C:\ProgramData\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
Enregistre ce fichier sous le nom CFScript
[*]Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
[*]Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) ,tape 1puis valide.
[*]Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
[*]Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis
[*]Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
A+
Salut Regis,
Voila le rapport:
ComboFix 08-01-04.1 - Ferdaws 2008-01-06 17:29:20.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.274 [GMT 1:00]
Running from: C:\Users\Ferdaws\Desktop\ComboFix.exe
Command switches used :: C:\Users\Ferdaws\Desktop\CFScript.txt
* Created a new restore point
FILE
C:\Windows\system32\wupeng.ex
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-06 to 2008-01-06 ))))))))))))))))))))))))))))))))))))
.
2008-01-05 16:22 . 2008-01-05 16:23 <REP> d-------- C:\Windows\System32\Harry Potter Screen Saver dir
2008-01-05 16:22 . 2008-01-05 16:22 3,729,363 --a------ C:\Users\Ferdaws\potter_ss_win.zip
2008-01-05 16:22 . 2008-01-05 16:22 201,728 --a------ C:\Windows\System32\Harry Potter Screen Saver.scr
2008-01-02 21:17 . 2008-01-02 21:17 <REP> d-------- C:\Backup Set 2007-12-28 000219
2008-01-02 21:12 . 2008-01-02 21:12 <REP> d-------- C:\Backup Files 2007-12-29 190015
2008-01-02 21:10 . 2007-12-28 00:15 205,585,177 --a------ C:\Backup files 3.zip
2008-01-02 21:10 . 2007-12-28 00:13 204,830,500 --a------ C:\Backup files 2.zip
2008-01-02 21:10 . 2007-12-28 00:18 203,938,105 --a------ C:\Backup files 4.zip
2008-01-02 21:09 . 2007-12-28 00:10 173,616,060 --a------ C:\Backup files 1.zip
2008-01-01 21:08 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2008-01-01 19:05 . 2008-01-01 19:05 3,252 --a------ C:\Windows\System32\tmp.reg
2008-01-01 19:04 . 2007-09-05 23:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe
2008-01-01 19:04 . 2006-04-27 16:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe
2008-01-01 19:04 . 2007-12-20 23:11 81,920 --a------ C:\Windows\System32\IEDFix.exe
2008-01-01 19:04 . 2003-06-05 20:13 53,248 --a------ C:\Windows\System32\Process.exe
2008-01-01 19:04 . 2004-07-31 17:50 51,200 --a------ C:\Windows\System32\dumphive.exe
2008-01-01 19:04 . 2007-10-03 23:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe
2008-01-01 18:17 . 2008-01-01 18:17 <REP> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-12-30 18:07 . 2007-12-30 18:07 63 --a------ C:\STRCDC.ini
2007-12-30 18:06 . 2008-01-05 16:45 54,156 --ah----- C:\Windows\QTFont.qfn
2007-12-30 18:06 . 2007-12-30 18:06 1,409 --a------ C:\Windows\QTFont.for
2007-12-30 15:39 . 2008-01-02 20:59 <REP> d-------- C:\Program Files\Navilog1
2007-12-30 14:01 . 2007-12-30 14:04 <REP> d-------- C:\Users\All Users\AntiVir PersonalEdition Classic
2007-12-30 14:01 . 2007-12-30 14:04 <REP> d-------- C:\ProgramData\AntiVir PersonalEdition Classic
2007-12-30 02:19 . 2007-12-30 02:19 <REP> d-------- C:\Users\Ferdaws\AppData\Roaming\Grisoft
2007-12-30 02:19 . 2007-05-30 13:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2007-12-30 00:43 . 2007-12-30 00:43 <REP> d-------- C:\VundoFix Backups
2007-12-29 19:58 . 2007-12-29 19:58 <REP> d-------- C:\Windows\BDOSCAN8
2007-12-27 16:22 . 2007-12-27 16:24 <REP> d-------- C:\Program Files\Microsoft Windows OneCare Live
2007-12-27 16:13 . 2007-12-29 19:32 <REP> d-------- C:\Users\Ferdaws\AppData\Roaming\Application Data
2007-12-27 16:13 . 2007-12-29 19:33 <REP> d-------- C:\Program Files\Spyware Terminator
2007-12-27 16:01 . 2007-12-27 16:01 <REP> d-------- C:\Program Files\Trend Micro
2007-12-27 14:48 . 2007-12-27 14:48 86,938 --a------ C:\Windows\System32\instdump.dmp
2007-12-27 14:48 . 2007-12-27 14:48 14,802 --a------ C:\Windows\System32\instdump.zip
2007-12-25 15:05 . 2007-12-25 15:05 <REP> d-------- C:\Users\Nesrine\AppData\Roaming\Grisoft
2007-12-24 13:38 . 2007-12-24 13:38 <REP> d-------- C:\Users\All Users\Oberon Games
2007-12-24 13:38 . 2007-12-24 13:38 <REP> d-------- C:\ProgramData\Oberon Games
2007-12-24 01:35 . 2007-12-27 18:42 <REP> d-------- C:\Users\All Users\GamesBar
2007-12-24 01:35 . 2007-12-27 18:42 <REP> d-------- C:\ProgramData\GamesBar
2007-12-24 01:34 . 2007-12-27 18:47 <REP> d-------- C:\Program Files\Gamenext
2007-12-23 21:55 . 2007-12-23 21:55 <REP> d-------- C:\Users\All Users\Grisoft
2007-12-23 21:55 . 2007-12-23 21:55 <REP> d-------- C:\ProgramData\Grisoft
2007-12-23 18:47 . 2007-12-23 18:51 <REP> d-------- C:\Users\All Users\Christmasville
2007-12-23 18:47 . 2007-12-23 18:51 <REP> d-------- C:\ProgramData\Christmasville
2007-12-23 13:17 . 2007-12-23 13:17 <REP> d-------- C:\Users\Ferdaws\AppData\Roaming\reparateurdesysteme
2007-12-23 13:12 . 2007-12-23 13:12 <REP> d-------- C:\Program Files\Common Files\ReparateurDeSysteme
2007-12-23 12:04 . 2007-12-23 12:04 <REP> d-------- C:\Users\Ferdaws\AppData\Roaming\PlayFirst
2007-12-23 12:03 . 2007-12-23 12:03 <REP> d-------- C:\Users\All Users\BOONTY
2007-12-23 12:03 . 2007-12-23 12:03 <REP> d-------- C:\ProgramData\BOONTY
2007-12-23 12:03 . 2007-12-23 12:03 <REP> d-------- C:\Program Files\Common Files\BOONTY Shared
2007-12-20 14:44 . 2007-12-20 14:44 <REP> d-------- C:\Program Files\Macrogaming
2007-12-19 11:06 . 2007-12-19 11:25 <REP> d-------- C:\Program Files\PhotoFiltre Studio
2007-12-19 11:06 . 2007-12-19 11:06 45 ---h----- C:\Windows\dhp17510.dat
2007-12-17 11:38 . 2007-12-17 11:38 <REP> d-------- C:\Users\Ferdaws\AppData\Roaming\Anthropics
2007-12-17 11:38 . 2007-12-27 16:38 <REP> d-a------ C:\Users\All Users\TEMP
2007-12-17 11:38 . 2007-12-27 16:38 <REP> d-a------ C:\ProgramData\TEMP
2007-12-17 11:38 . 2007-12-17 11:38 <REP> d-------- C:\Program Files\Portrait Professional 6
2007-12-17 11:23 . 2007-12-29 21:46 <REP> d-------- C:\Program Files\FuturixImager
2007-12-17 11:05 . 2007-12-17 11:05 150,604 --ah----- C:\Windows\System32\mlfcache.dat
2007-12-17 11:02 . 2007-12-17 11:03 69 --a------ C:\Windows\NeroDigital.ini
2007-12-17 11:00 . 2007-12-17 11:13 <REP> d-------- C:\Program Files\Picasa2
2007-12-16 15:41 . 2007-12-16 15:46 <REP> d-------- C:\Users\Ferdaws\wow
2007-12-15 19:32 . 2007-12-15 19:32 <REP> dr------- C:\Windows\System32\config\systemprofile\Music
2007-12-15 17:04 . 2007-12-15 17:04 <REP> d-------- C:\Users\All Users\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
2007-12-15 17:04 . 2007-12-15 17:04 <REP> d-------- C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
2007-12-15 10:52 . 2007-12-15 10:52 1,327,104 --a------ C:\Windows\System32\quartz.dll
2007-12-15 10:52 . 2007-12-15 10:52 223,232 --a------ C:\Windows\System32\WMASF.DLL
2007-12-15 10:52 . 2007-12-15 10:52 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2007-12-15 10:52 . 2007-12-15 10:52 2,048 --a------ C:\Windows\System32\asferror.dll
2007-12-15 10:49 . 2007-12-15 10:49 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe
2007-12-15 10:49 . 2007-12-15 10:49 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe
2007-12-15 10:49 . 2007-12-15 10:49 2,048 --a------ C:\Windows\System32\tzres.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-06 16:29 1,310,720 --sha-w C:\Users\Invité\NTUSER.DAT
2008-01-06 16:29 1,310,720 --sha-w C:\Users\Invité\NTUSER.DAT
2008-01-06 16:01 --------- d-----w C:\Users\Ferdaws\AppData\Roaming\Skype
2008-01-01 20:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-30 20:34 --------- d-----w C:\Program Files\TablEdit
2007-12-30 00:46 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-30 00:45 --------- d-----w C:\ProgramData\Symantec
2007-12-15 09:53 --------- d-----w C:\ProgramData\Microsoft Help
2007-12-15 09:51 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-15 09:51 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-15 09:51 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-15 09:51 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-15 09:51 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-15 09:51 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2007-12-15 09:51 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2007-12-09 22:01 --------- d-----w C:\ProgramData\Apple Computer
2007-12-05 13:18 --------- d-----w C:\Program Files\QuickTime
2007-11-29 20:10 174 --sha-w C:\Program Files\desktop.ini
2007-11-29 20:06 --------- d-----w C:\Program Files\Windows Calendar
2007-11-29 18:30 8,192 ----a-w C:\Windows\System32\riched32.dll
2007-11-29 18:30 77,824 ----a-w C:\Windows\System32\rascfg.dll
2007-11-29 18:30 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2007-11-29 18:30 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2007-11-29 18:30 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2007-11-29 18:30 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2007-11-29 18:30 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2007-11-29 18:30 33,280 ----a-w C:\Windows\System32\traffic.dll
2007-11-29 18:30 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2007-11-29 18:30 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2007-11-29 18:30 22,016 ----a-w C:\Windows\System32\rasser.dll
2007-11-29 18:30 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2007-11-29 18:30 13,824 ----a-w C:\Windows\System32\wshqos.dll
2007-11-29 18:30 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2007-11-29 18:29 694,784 ----a-w C:\Windows\System32\localspl.dll
2007-11-29 18:29 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2007-11-29 18:29 36,864 ----a-w C:\Windows\System32\cdd.dll
2007-11-29 18:29 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2007-11-29 18:29 134,656 ----a-w C:\Windows\System32\dps.dll
2007-11-29 18:25 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-11-29 18:23 88,576 ----a-w C:\Windows\System32\avifil32.dll
2007-11-29 18:23 82,944 ----a-w C:\Windows\System32\mciavi32.dll
2007-11-29 18:23 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
2007-11-29 18:23 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
2007-11-29 18:23 69,632 ----a-w C:\Windows\System32\sendmail.dll
2007-11-29 18:23 65,024 ----a-w C:\Windows\System32\avicap32.dll
2007-11-29 18:23 61,440 ----a-w C:\Windows\System32\ntprint.exe
2007-11-29 18:23 31,232 ----a-w C:\Windows\System32\msvidc32.dll
2007-11-29 18:23 269,824 ----a-w C:\Windows\System32\schannel.dll
2007-11-29 18:23 220,160 ----a-w C:\Windows\System32\ntprint.dll
2007-11-29 18:23 123,904 ----a-w C:\Windows\System32\msvfw32.dll
2007-11-29 18:23 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
2007-11-29 18:23 12,800 ----a-w C:\Windows\System32\msrle32.dll
2007-11-29 18:23 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
2007-11-29 18:23 1,984,512 ----a-w C:\Windows\System32\authui.dll
2007-11-29 18:22 --------- d-----w C:\Program Files\MSXML 4.0
2007-11-28 19:23 --------- d-----w C:\Program Files\Windows Live
2007-11-28 19:15 --------- d-----w C:\ProgramData\WLInstaller
2007-11-27 18:05 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-27 18:05 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-11-27 18:05 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-27 18:05 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-27 18:05 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-27 18:04 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-27 18:04 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-27 18:04 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-27 18:04 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-27 18:04 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-27 18:04 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-27 18:04 --------- d-----w C:\Program Files\Windows Mail
2007-11-25 10:50 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2007-11-25 10:50 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2007-11-25 10:50 39,936 ----a-w C:\Windows\System32\slcinst.dll
2007-11-25 10:50 351,232 ----a-w C:\Windows\System32\SLUI.exe
2007-11-25 10:50 33,280 ----a-w C:\Windows\System32\slwmi.dll
2007-11-25 10:50 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
2007-11-25 10:50 223,232 ----a-w C:\Windows\System32\SLC.dll
2007-11-25 10:50 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
2007-11-25 10:50 186,368 ----a-w C:\Windows\System32\SLLUA.exe
2007-11-22 18:33 --------- d-----w C:\ProgramData\NVIDIA
2007-11-19 20:13 --------- d-----w C:\Program Files\Google
2007-11-17 21:53 --------- d-s---w C:\Users\Invité\AppData\Roaming\Microsoft
2007-11-16 12:59 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2007-11-16 12:59 8,704 ----a-w C:\Windows\System32\hccoin.dll
2007-11-16 12:59 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2007-11-16 12:59 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2007-11-16 12:59 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2007-11-16 12:59 23,040 ----a-w C:\Windows\system32\drivers\usbuhci.sys
2007-11-16 12:59 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2007-11-16 12:59 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
2007-11-15 22:21 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-11 09:41 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-11-11 09:41 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-11-11 09:41 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-11-11 09:41 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2007-11-02 13:53 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2007-11-02 13:53 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2007-11-02 13:53 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2007-11-02 13:53 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2007-11-02 13:53 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2007-11-02 13:53 1,686,528 ----a-w C:\Windows\System32\gameux.dll
.
((((((((((((((((((((((((((((( snapshot@2008-01-01_21.14.07,00 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-01 17:26:55 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-01-06 15:39:52 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-01-01 19:42:03 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-01-06 16:20:40 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-01-01 17:29:57 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-01-06 15:44:06 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-01-06 15:44:06 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-01-01 18:05:20 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-01-06 16:21:06 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-01-01 20:13:36 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-01-06 16:32:01 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-01-06 16:32:01 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-01-01 17:29:27 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-06 15:43:31 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-01 17:29:27 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-06 15:43:31 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-01 17:29:27 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-06 15:43:31 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-01 20:10:09 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-01-06 16:29:12 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-01-06 16:29:12 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1
+ 2008-01-05 15:22:48 34,304 ----a-w C:\Windows\System32\Harry Potter Screen Saver dir\saver1.dll
+ 2008-01-05 15:22:48 18,192 ----a-w C:\Windows\System32\Harry Potter Screen Saver dir\saver2.dll
- 2008-01-01 17:31:08 8,542 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-738578626-2557111253-924463432-1001_UserData.bin
+ 2008-01-06 15:45:16 8,746 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-738578626-2557111253-924463432-1001_UserData.bin
- 2007-12-25 14:06:37 4,458 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-738578626-2557111253-924463432-1003_UserData.bin
+ 2008-01-05 10:44:00 5,096 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-738578626-2557111253-924463432-1003_UserData.bin
- 2008-01-01 17:31:06 59,944 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-01-06 15:45:14 61,044 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-01-01 17:30:58 46,786 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-01-06 15:45:06 47,110 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 13:35 1196032]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 16:15 221184]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-07-13 23:41 20034600]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-27 17:15 1006264]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 14:42 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 16:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2006-11-20 12:34 155648]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 11:39 151552]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-13 14:44 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-13 14:44 7766016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-13 14:44 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 15:46 4349952 C:\Windows\RtHDVCpl.exe]
"CCUTRAYICON"="FactoryMode" []
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43 286720]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2006-04-20 00:17 421888]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35 327720]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)
R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2006-09-03 09:32]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 17:44]
S2 IntelDHSvcConf;Intel DH Service;"C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe" [2006-05-10 08:13]
S2 MyWebSearchService;My Web Search Service;C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe []
S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2007-12-23 12:03]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ecd58d7-ab15-11dc-9a2b-001a92eb5a07}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\Sys.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-06 16:29:59 C:\Windows\Tasks\User_Feed_Synchronization-{6D042733-A78D-4BE4-8675-5C42500A042A}.job"
- C:\Windows\system32\msfeedssync.exe
"2008-01-05 18:52:21 C:\Windows\Tasks\User_Feed_Synchronization-{ADE5D517-1142-4618-A4FC-5C1359677E9D}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 17:32:10
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-06 17:33:09
ComboFix-quarantined-files.txt 2008-01-06 16:33:04
ComboFix2.txt 2008-01-01 20:14:44
.
2007-12-29 17:58:42 --- E O F ---
Voila le rapport:
ComboFix 08-01-04.1 - Ferdaws 2008-01-06 17:29:20.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.274 [GMT 1:00]
Running from: C:\Users\Ferdaws\Desktop\ComboFix.exe
Command switches used :: C:\Users\Ferdaws\Desktop\CFScript.txt
* Created a new restore point
FILE
C:\Windows\system32\wupeng.ex
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-06 to 2008-01-06 ))))))))))))))))))))))))))))))))))))
.
2008-01-05 16:22 . 2008-01-05 16:23 <REP> d-------- C:\Windows\System32\Harry Potter Screen Saver dir
2008-01-05 16:22 . 2008-01-05 16:22 3,729,363 --a------ C:\Users\Ferdaws\potter_ss_win.zip
2008-01-05 16:22 . 2008-01-05 16:22 201,728 --a------ C:\Windows\System32\Harry Potter Screen Saver.scr
2008-01-02 21:17 . 2008-01-02 21:17 <REP> d-------- C:\Backup Set 2007-12-28 000219
2008-01-02 21:12 . 2008-01-02 21:12 <REP> d-------- C:\Backup Files 2007-12-29 190015
2008-01-02 21:10 . 2007-12-28 00:15 205,585,177 --a------ C:\Backup files 3.zip
2008-01-02 21:10 . 2007-12-28 00:13 204,830,500 --a------ C:\Backup files 2.zip
2008-01-02 21:10 . 2007-12-28 00:18 203,938,105 --a------ C:\Backup files 4.zip
2008-01-02 21:09 . 2007-12-28 00:10 173,616,060 --a------ C:\Backup files 1.zip
2008-01-01 21:08 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2008-01-01 19:05 . 2008-01-01 19:05 3,252 --a------ C:\Windows\System32\tmp.reg
2008-01-01 19:04 . 2007-09-05 23:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe
2008-01-01 19:04 . 2006-04-27 16:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe
2008-01-01 19:04 . 2007-12-20 23:11 81,920 --a------ C:\Windows\System32\IEDFix.exe
2008-01-01 19:04 . 2003-06-05 20:13 53,248 --a------ C:\Windows\System32\Process.exe
2008-01-01 19:04 . 2004-07-31 17:50 51,200 --a------ C:\Windows\System32\dumphive.exe
2008-01-01 19:04 . 2007-10-03 23:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe
2008-01-01 18:17 . 2008-01-01 18:17 <REP> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-12-30 18:07 . 2007-12-30 18:07 63 --a------ C:\STRCDC.ini
2007-12-30 18:06 . 2008-01-05 16:45 54,156 --ah----- C:\Windows\QTFont.qfn
2007-12-30 18:06 . 2007-12-30 18:06 1,409 --a------ C:\Windows\QTFont.for
2007-12-30 15:39 . 2008-01-02 20:59 <REP> d-------- C:\Program Files\Navilog1
2007-12-30 14:01 . 2007-12-30 14:04 <REP> d-------- C:\Users\All Users\AntiVir PersonalEdition Classic
2007-12-30 14:01 . 2007-12-30 14:04 <REP> d-------- C:\ProgramData\AntiVir PersonalEdition Classic
2007-12-30 02:19 . 2007-12-30 02:19 <REP> d-------- C:\Users\Ferdaws\AppData\Roaming\Grisoft
2007-12-30 02:19 . 2007-05-30 13:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2007-12-30 00:43 . 2007-12-30 00:43 <REP> d-------- C:\VundoFix Backups
2007-12-29 19:58 . 2007-12-29 19:58 <REP> d-------- C:\Windows\BDOSCAN8
2007-12-27 16:22 . 2007-12-27 16:24 <REP> d-------- C:\Program Files\Microsoft Windows OneCare Live
2007-12-27 16:13 . 2007-12-29 19:32 <REP> d-------- C:\Users\Ferdaws\AppData\Roaming\Application Data
2007-12-27 16:13 . 2007-12-29 19:33 <REP> d-------- C:\Program Files\Spyware Terminator
2007-12-27 16:01 . 2007-12-27 16:01 <REP> d-------- C:\Program Files\Trend Micro
2007-12-27 14:48 . 2007-12-27 14:48 86,938 --a------ C:\Windows\System32\instdump.dmp
2007-12-27 14:48 . 2007-12-27 14:48 14,802 --a------ C:\Windows\System32\instdump.zip
2007-12-25 15:05 . 2007-12-25 15:05 <REP> d-------- C:\Users\Nesrine\AppData\Roaming\Grisoft
2007-12-24 13:38 . 2007-12-24 13:38 <REP> d-------- C:\Users\All Users\Oberon Games
2007-12-24 13:38 . 2007-12-24 13:38 <REP> d-------- C:\ProgramData\Oberon Games
2007-12-24 01:35 . 2007-12-27 18:42 <REP> d-------- C:\Users\All Users\GamesBar
2007-12-24 01:35 . 2007-12-27 18:42 <REP> d-------- C:\ProgramData\GamesBar
2007-12-24 01:34 . 2007-12-27 18:47 <REP> d-------- C:\Program Files\Gamenext
2007-12-23 21:55 . 2007-12-23 21:55 <REP> d-------- C:\Users\All Users\Grisoft
2007-12-23 21:55 . 2007-12-23 21:55 <REP> d-------- C:\ProgramData\Grisoft
2007-12-23 18:47 . 2007-12-23 18:51 <REP> d-------- C:\Users\All Users\Christmasville
2007-12-23 18:47 . 2007-12-23 18:51 <REP> d-------- C:\ProgramData\Christmasville
2007-12-23 13:17 . 2007-12-23 13:17 <REP> d-------- C:\Users\Ferdaws\AppData\Roaming\reparateurdesysteme
2007-12-23 13:12 . 2007-12-23 13:12 <REP> d-------- C:\Program Files\Common Files\ReparateurDeSysteme
2007-12-23 12:04 . 2007-12-23 12:04 <REP> d-------- C:\Users\Ferdaws\AppData\Roaming\PlayFirst
2007-12-23 12:03 . 2007-12-23 12:03 <REP> d-------- C:\Users\All Users\BOONTY
2007-12-23 12:03 . 2007-12-23 12:03 <REP> d-------- C:\ProgramData\BOONTY
2007-12-23 12:03 . 2007-12-23 12:03 <REP> d-------- C:\Program Files\Common Files\BOONTY Shared
2007-12-20 14:44 . 2007-12-20 14:44 <REP> d-------- C:\Program Files\Macrogaming
2007-12-19 11:06 . 2007-12-19 11:25 <REP> d-------- C:\Program Files\PhotoFiltre Studio
2007-12-19 11:06 . 2007-12-19 11:06 45 ---h----- C:\Windows\dhp17510.dat
2007-12-17 11:38 . 2007-12-17 11:38 <REP> d-------- C:\Users\Ferdaws\AppData\Roaming\Anthropics
2007-12-17 11:38 . 2007-12-27 16:38 <REP> d-a------ C:\Users\All Users\TEMP
2007-12-17 11:38 . 2007-12-27 16:38 <REP> d-a------ C:\ProgramData\TEMP
2007-12-17 11:38 . 2007-12-17 11:38 <REP> d-------- C:\Program Files\Portrait Professional 6
2007-12-17 11:23 . 2007-12-29 21:46 <REP> d-------- C:\Program Files\FuturixImager
2007-12-17 11:05 . 2007-12-17 11:05 150,604 --ah----- C:\Windows\System32\mlfcache.dat
2007-12-17 11:02 . 2007-12-17 11:03 69 --a------ C:\Windows\NeroDigital.ini
2007-12-17 11:00 . 2007-12-17 11:13 <REP> d-------- C:\Program Files\Picasa2
2007-12-16 15:41 . 2007-12-16 15:46 <REP> d-------- C:\Users\Ferdaws\wow
2007-12-15 19:32 . 2007-12-15 19:32 <REP> dr------- C:\Windows\System32\config\systemprofile\Music
2007-12-15 17:04 . 2007-12-15 17:04 <REP> d-------- C:\Users\All Users\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
2007-12-15 17:04 . 2007-12-15 17:04 <REP> d-------- C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
2007-12-15 10:52 . 2007-12-15 10:52 1,327,104 --a------ C:\Windows\System32\quartz.dll
2007-12-15 10:52 . 2007-12-15 10:52 223,232 --a------ C:\Windows\System32\WMASF.DLL
2007-12-15 10:52 . 2007-12-15 10:52 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2007-12-15 10:52 . 2007-12-15 10:52 2,048 --a------ C:\Windows\System32\asferror.dll
2007-12-15 10:49 . 2007-12-15 10:49 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe
2007-12-15 10:49 . 2007-12-15 10:49 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe
2007-12-15 10:49 . 2007-12-15 10:49 2,048 --a------ C:\Windows\System32\tzres.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-06 16:29 1,310,720 --sha-w C:\Users\Invité\NTUSER.DAT
2008-01-06 16:29 1,310,720 --sha-w C:\Users\Invité\NTUSER.DAT
2008-01-06 16:01 --------- d-----w C:\Users\Ferdaws\AppData\Roaming\Skype
2008-01-01 20:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-30 20:34 --------- d-----w C:\Program Files\TablEdit
2007-12-30 00:46 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-30 00:45 --------- d-----w C:\ProgramData\Symantec
2007-12-15 09:53 --------- d-----w C:\ProgramData\Microsoft Help
2007-12-15 09:51 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-15 09:51 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-15 09:51 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-15 09:51 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-15 09:51 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-15 09:51 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2007-12-15 09:51 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2007-12-09 22:01 --------- d-----w C:\ProgramData\Apple Computer
2007-12-05 13:18 --------- d-----w C:\Program Files\QuickTime
2007-11-29 20:10 174 --sha-w C:\Program Files\desktop.ini
2007-11-29 20:06 --------- d-----w C:\Program Files\Windows Calendar
2007-11-29 18:30 8,192 ----a-w C:\Windows\System32\riched32.dll
2007-11-29 18:30 77,824 ----a-w C:\Windows\System32\rascfg.dll
2007-11-29 18:30 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2007-11-29 18:30 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2007-11-29 18:30 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2007-11-29 18:30 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2007-11-29 18:30 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2007-11-29 18:30 33,280 ----a-w C:\Windows\System32\traffic.dll
2007-11-29 18:30 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2007-11-29 18:30 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2007-11-29 18:30 22,016 ----a-w C:\Windows\System32\rasser.dll
2007-11-29 18:30 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2007-11-29 18:30 13,824 ----a-w C:\Windows\System32\wshqos.dll
2007-11-29 18:30 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2007-11-29 18:29 694,784 ----a-w C:\Windows\System32\localspl.dll
2007-11-29 18:29 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2007-11-29 18:29 36,864 ----a-w C:\Windows\System32\cdd.dll
2007-11-29 18:29 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2007-11-29 18:29 134,656 ----a-w C:\Windows\System32\dps.dll
2007-11-29 18:25 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-11-29 18:23 88,576 ----a-w C:\Windows\System32\avifil32.dll
2007-11-29 18:23 82,944 ----a-w C:\Windows\System32\mciavi32.dll
2007-11-29 18:23 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
2007-11-29 18:23 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
2007-11-29 18:23 69,632 ----a-w C:\Windows\System32\sendmail.dll
2007-11-29 18:23 65,024 ----a-w C:\Windows\System32\avicap32.dll
2007-11-29 18:23 61,440 ----a-w C:\Windows\System32\ntprint.exe
2007-11-29 18:23 31,232 ----a-w C:\Windows\System32\msvidc32.dll
2007-11-29 18:23 269,824 ----a-w C:\Windows\System32\schannel.dll
2007-11-29 18:23 220,160 ----a-w C:\Windows\System32\ntprint.dll
2007-11-29 18:23 123,904 ----a-w C:\Windows\System32\msvfw32.dll
2007-11-29 18:23 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
2007-11-29 18:23 12,800 ----a-w C:\Windows\System32\msrle32.dll
2007-11-29 18:23 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
2007-11-29 18:23 1,984,512 ----a-w C:\Windows\System32\authui.dll
2007-11-29 18:22 --------- d-----w C:\Program Files\MSXML 4.0
2007-11-28 19:23 --------- d-----w C:\Program Files\Windows Live
2007-11-28 19:15 --------- d-----w C:\ProgramData\WLInstaller
2007-11-27 18:05 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-27 18:05 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-11-27 18:05 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-27 18:05 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-27 18:05 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-27 18:04 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-27 18:04 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-27 18:04 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-27 18:04 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-27 18:04 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-27 18:04 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-27 18:04 --------- d-----w C:\Program Files\Windows Mail
2007-11-25 10:50 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2007-11-25 10:50 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2007-11-25 10:50 39,936 ----a-w C:\Windows\System32\slcinst.dll
2007-11-25 10:50 351,232 ----a-w C:\Windows\System32\SLUI.exe
2007-11-25 10:50 33,280 ----a-w C:\Windows\System32\slwmi.dll
2007-11-25 10:50 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
2007-11-25 10:50 223,232 ----a-w C:\Windows\System32\SLC.dll
2007-11-25 10:50 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
2007-11-25 10:50 186,368 ----a-w C:\Windows\System32\SLLUA.exe
2007-11-22 18:33 --------- d-----w C:\ProgramData\NVIDIA
2007-11-19 20:13 --------- d-----w C:\Program Files\Google
2007-11-17 21:53 --------- d-s---w C:\Users\Invité\AppData\Roaming\Microsoft
2007-11-16 12:59 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2007-11-16 12:59 8,704 ----a-w C:\Windows\System32\hccoin.dll
2007-11-16 12:59 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2007-11-16 12:59 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2007-11-16 12:59 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2007-11-16 12:59 23,040 ----a-w C:\Windows\system32\drivers\usbuhci.sys
2007-11-16 12:59 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2007-11-16 12:59 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
2007-11-15 22:21 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-11 09:41 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-11-11 09:41 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-11-11 09:41 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-11-11 09:41 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2007-11-02 13:53 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2007-11-02 13:53 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2007-11-02 13:53 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2007-11-02 13:53 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2007-11-02 13:53 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2007-11-02 13:53 1,686,528 ----a-w C:\Windows\System32\gameux.dll
.
((((((((((((((((((((((((((((( snapshot@2008-01-01_21.14.07,00 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-01 17:26:55 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-01-06 15:39:52 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-01-01 19:42:03 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-01-06 16:20:40 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-01-01 17:29:57 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-01-06 15:44:06 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-01-06 15:44:06 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-01-01 18:05:20 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-01-06 16:21:06 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-01-01 20:13:36 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-01-06 16:32:01 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-01-06 16:32:01 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-01-01 17:29:27 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-06 15:43:31 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-01 17:29:27 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-06 15:43:31 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-01 17:29:27 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-06 15:43:31 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-01 20:10:09 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-01-06 16:29:12 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-01-06 16:29:12 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1
+ 2008-01-05 15:22:48 34,304 ----a-w C:\Windows\System32\Harry Potter Screen Saver dir\saver1.dll
+ 2008-01-05 15:22:48 18,192 ----a-w C:\Windows\System32\Harry Potter Screen Saver dir\saver2.dll
- 2008-01-01 17:31:08 8,542 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-738578626-2557111253-924463432-1001_UserData.bin
+ 2008-01-06 15:45:16 8,746 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-738578626-2557111253-924463432-1001_UserData.bin
- 2007-12-25 14:06:37 4,458 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-738578626-2557111253-924463432-1003_UserData.bin
+ 2008-01-05 10:44:00 5,096 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-738578626-2557111253-924463432-1003_UserData.bin
- 2008-01-01 17:31:06 59,944 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-01-06 15:45:14 61,044 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-01-01 17:30:58 46,786 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-01-06 15:45:06 47,110 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 13:35 1196032]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 16:15 221184]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-07-13 23:41 20034600]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-27 17:15 1006264]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 14:42 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 16:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2006-11-20 12:34 155648]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 11:39 151552]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-13 14:44 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-13 14:44 7766016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-13 14:44 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 15:46 4349952 C:\Windows\RtHDVCpl.exe]
"CCUTRAYICON"="FactoryMode" []
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43 286720]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2006-04-20 00:17 421888]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35 327720]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)
R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2006-09-03 09:32]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 17:44]
S2 IntelDHSvcConf;Intel DH Service;"C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe" [2006-05-10 08:13]
S2 MyWebSearchService;My Web Search Service;C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe []
S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2007-12-23 12:03]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ecd58d7-ab15-11dc-9a2b-001a92eb5a07}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\Sys.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-06 16:29:59 C:\Windows\Tasks\User_Feed_Synchronization-{6D042733-A78D-4BE4-8675-5C42500A042A}.job"
- C:\Windows\system32\msfeedssync.exe
"2008-01-05 18:52:21 C:\Windows\Tasks\User_Feed_Synchronization-{ADE5D517-1142-4618-A4FC-5C1359677E9D}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 17:32:10
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-06 17:33:09
ComboFix-quarantined-files.txt 2008-01-06 16:33:04
ComboFix2.txt 2008-01-01 20:14:44
.
2007-12-29 17:58:42 --- E O F ---
Re,
[*]Télécharge http://cluster1.easy-hebergement.net/
[*]Dézippe l'archive sur ton Bureau.
[*]Ouvre le dossier BTFix.
[*]Double clique sur BTFix.exe.
[*]Clique sur Rechercher.
[*]Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.
[*]Télécharge http://cluster1.easy-hebergement.net/
[*]Dézippe l'archive sur ton Bureau.
[*]Ouvre le dossier BTFix.
[*]Double clique sur BTFix.exe.
[*]Clique sur Rechercher.
[*]Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.
BTFix 1.068 (par bibi26) - 06/01/2008 22:50:15 - Analyse
Lancé depuis C:\Users\Ferdaws\Desktop\BTFix\BTFix\BTFix.exe
---> Fichiers/Dossiers trouvés
- C:\ProgramData\Application Data\GamesBar
- C:\ProgramData\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
---> Analyse terminée
Lancé depuis C:\Users\Ferdaws\Desktop\BTFix\BTFix\BTFix.exe
---> Fichiers/Dossiers trouvés
- C:\ProgramData\Application Data\GamesBar
- C:\ProgramData\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
---> Analyse terminée
Bonsoir,
Bah je ne sais!
Le rapport dit qu'il y a eu une erreur de la suppression. Pourquoi?? J'en sais trop rien!
Bah je ne sais!
Le rapport dit qu'il y a eu une erreur de la suppression. Pourquoi?? J'en sais trop rien!
Ok
Le controle de l'UAC est toujours désactivé?
télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
A+
Le controle de l'UAC est toujours désactivé?
télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
C:\Users\All Users\GamesBar C:\ProgramData\GamesBar C:\ProgramData\Application Data\GamesBar
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
A+
C:\Users\All Users\GamesBar moved successfully.
File/Folder C:\ProgramData\GamesBar not found.
File/Folder C:\ProgramData\Application Data\GamesBar not found.
Created on 01/10/2008 19:30:07
File/Folder C:\ProgramData\GamesBar not found.
File/Folder C:\ProgramData\Application Data\GamesBar not found.
Created on 01/10/2008 19:30:07
