"windows\system32\rundll 32.exe " a disp
Résolu
alias59
Messages postés
77
Date d'inscription
Statut
Membre
Dernière intervention
-
mlr972 -
mlr972 -
Bonjour,
mon pc me signal que "windows\system32\rundll 32.exe " a disparu
que faire ??
j'ai du le supprimer en effacant des lignes que l'anti virus me demandé de supprimer j'ai du faire une betise
help svp
merci
mon pc me signal que "windows\system32\rundll 32.exe " a disparu
que faire ??
j'ai du le supprimer en effacant des lignes que l'anti virus me demandé de supprimer j'ai du faire une betise
help svp
merci
A voir également:
- "windows\system32\rundll 32.exe " a disp
- Power iso 32 bit - Télécharger - Gravure
- 32 bits - Guide
- Télécharger windows 7 32 bits usb - Télécharger - Systèmes d'exploitation
- .Exe - Télécharger - Divers Utilitaires
- Clé windows 8 - Guide
106 réponses
Re
Tu l'as utilisé plus haut un rond rouge avec une croix blanche sur ton Bureau ;)
Sinon, télécharge le sur ton Bureau, a partir d'ici
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
@ suivre
Tu l'as utilisé plus haut un rond rouge avec une croix blanche sur ton Bureau ;)
Sinon, télécharge le sur ton Bureau, a partir d'ici
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
@ suivre
premier rapport
[code]
Ran on 05/01/2008 - 1:19:25,14
[/code]
je me deconnecte je reviens des que combofix a emis son rapport
a plus
[code]
Ran on 05/01/2008 - 1:19:25,14
[/code]
je me deconnecte je reviens des que combofix a emis son rapport
a plus
hello me revoilà avec le fameux rapport
ComboFix 08-01-04.1 - HiyamZ 2008-01-05 1:25:39.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.108 [GMT 1:00]
Running from: C:\Documents and Settings\HiyamZ\Bureau\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ghkmp.ini
C:\WINDOWS\system32\ghkmp.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pmkhg.dll
C:\WINDOWS\system32\pmkhg.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-05 to 2008-01-05 ))))))))))))))))))))))))))))))))))))
.
2008-01-05 01:23 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-05 00:50 . 2008-01-02 12:52 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-05 00:50 . 2008-01-02 12:52 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2008-01-04 14:46 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-01-04 14:44 . 2008-01-04 14:44 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-01-04 03:38 . 2008-01-04 03:42 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-04 03:31 . 2008-01-04 03:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-01-04 03:29 . 2008-01-05 01:35 <REP> d-------- C:\Program Files\MessengerPlus! 3
2008-01-02 18:07 . 2008-01-02 18:07 <REP> d-------- C:\WINDOWS\ERUNT
2008-01-02 17:59 . 2008-01-02 17:59 38,468 --a------ C:\WINDOWS\Administrateur.acl
2008-01-02 17:22 . 2008-01-02 17:22 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Application Data\Talkback
2008-01-02 17:19 . 2006-06-28 23:46 <REP> d--h----- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Voisinage r‚seau
2008-01-02 17:19 . 2006-06-28 23:46 <REP> d--h----- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Voisinage d'impression
2008-01-02 17:19 . 2006-06-28 22:50 <REP> d--h----- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\ModŠles
2008-01-02 17:19 . 2008-01-02 17:58 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Mes documents
2008-01-02 17:19 . 2006-06-28 23:46 <REP> dr------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Menu D‚marrer
2008-01-02 17:19 . 2006-06-28 23:46 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Favoris
2008-01-02 17:19 . 2008-01-02 17:57 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Bureau
2008-01-02 02:31 . 2008-01-02 02:31 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-01-02 02:30 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-31 03:21 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-31 03:09 . 2008-01-02 02:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-31 02:39 . 2007-12-31 02:39 <REP> d-------- C:\Program Files\Trend Micro
2007-12-30 20:10 . 2007-12-30 20:10 <REP> d-------- C:\Program Files\Picasa2
2007-12-30 20:03 . 2007-12-30 20:10 <REP> d-------- C:\Documents and Settings\Administrateur\ModŠles
2007-12-29 16:16 . 2008-01-02 10:31 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-29 16:16 . 2008-01-02 10:31 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-29 16:13 . 2008-01-05 01:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-29 16:13 . 2008-01-05 01:36 2,576,928 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-29 16:13 . 2008-01-05 01:36 108,832 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-29 16:13 . 2008-01-05 01:34 37,628 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-29 16:13 . 2008-01-05 01:34 13,316 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-29 15:56 . 2007-12-29 15:56 <REP> d-------- C:\WINDOWS\43D1F052544F468E99443791243FF672.TMP
2007-12-29 15:53 . 2007-12-29 15:53 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-12-29 15:52 . 2008-01-01 22:15 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-29 15:42 . 2007-12-29 15:42 <REP> d-------- C:\Program Files\Dcads Games Collection
2007-12-29 15:42 . 2007-12-29 15:43 80,097 --a------ C:\WINDOWS\system32\dcads-remove.exe
2007-12-29 15:42 . 2007-12-29 15:43 77,360 --a------ C:\WINDOWS\system32\dcads_sidebar_uninstall.exe
2007-12-29 15:42 . 2007-12-29 15:43 40,734 --a------ C:\WINDOWS\system32\superiorads-uninst.exe
2007-12-28 15:22 . 2007-12-28 15:22 <REP> d-------- C:\Program Files\Datel
2007-12-28 13:34 . 2007-12-28 13:34 319,488 --a------ C:\WINDOWS\system32\dcads_sidebar.dll
2007-12-28 11:24 . 2007-12-28 11:24 <REP> d-------- C:\Program Files\Compedia
2007-12-28 11:24 . 2007-12-28 11:24 131 --a------ C:\WINDOWS\compedia.ini
2007-12-27 11:22 . 2008-01-03 21:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping
2007-12-26 23:53 . 2007-12-26 23:54 1,359,872 --a------ C:\WINDOWS\outlook.pst
2007-12-26 23:53 . 2007-12-26 23:53 9,346 --a------ C:\WINDOWS\extend.dat
2007-12-25 11:41 . 2008-01-05 01:09 <REP> d-------- C:\Program Files\iTunes
2007-12-25 11:30 . 2007-12-25 11:30 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2007-12-25 09:29 . 2007-12-25 09:29 <REP> d-------- C:\Documents and Settings\HiyamZ\Application Data\Apple Computer
2007-12-25 09:28 . 2007-12-25 11:41 <REP> d-------- C:\Program Files\iPod
2007-12-25 09:28 . 2004-12-18 20:32 38,229 --------- C:\WINDOWS\system32\drivers\StMp3Rec.sys
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-09 13:35 . 2007-12-09 13:35 <REP> d--hs---- C:\WINDOWS\ftpcache
2007-12-09 13:34 . 2007-12-09 13:34 <REP> d-------- C:\Program Files\Defenseurs Di-Gata - Kellogs
2007-12-09 13:34 . 2007-12-09 13:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 00:10 --------- d-----w C:\Program Files\Messager Wanadoo
2008-01-04 23:50 --------- d-----w C:\Program Files\QuickTime
2008-01-04 21:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-04 13:58 --------- d-----w C:\Program Files\Windows Live
2008-01-02 01:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-31 00:04 --------- d-----w C:\Program Files\Google
2007-12-30 19:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-12-29 14:59 --------- d-----w C:\Program Files\Network Associates
2007-12-29 14:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Network Associates
2007-12-29 13:15 --------- d-----w C:\Program Files\DivX
2007-12-28 10:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-27 10:20 --------- d-----w C:\Program Files\MSN Messenger
2007-12-26 10:37 --------- d-----w C:\Documents and Settings\HiyamZ\Application Data\LimeWire
2007-12-25 10:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-10 20:27 --------- d-----w C:\Program Files\Java
2007-12-01 14:39 --------- d-----w C:\Program Files\PhotoDeluxe HE 3.1
2007-11-30 06:03 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-30 06:03 --------- d-----w C:\Program Files\Windows Live Favorites
2007-11-23 13:16 --------- d-----w C:\Program Files\Apple Software Update
2007-11-23 13:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-11-13 10:25 20,480 ----a-r C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 13:12 --------- d-----w C:\Program Files\Wanadoo
2007-11-10 12:46 --------- d-----w C:\Documents and Settings\TEMP\Application Data\Talkback
2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
.
[code]<pre>
------w 218,376 2008-01-02 19:58:51 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
----a-w 662,016 2007-12-31 01:14:51 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 23:35:23 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 19:55:37 C:\Program Files\QuickTime\QTTask .exe
</pre>[/code]
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
2007-12-28 13:34 319488 --a------ C:\WINDOWS\system32\dcads_sidebar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917}]
C:\WINDOWS\system32\byxxvst.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E015787-B1E3-404a-95DE-3E71E1FA0305}]
C:\WINDOWS\system32\spads.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-02 12:52 15360]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [ ]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2004-09-01 09:28 53248 C:\WINDOWS\system32\VTTimer.exe]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [ ]
"SecuUFD"="" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask .exe" [ ]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe" [2008-01-02 20:58 218376]
"f856e254"="C:\WINDOWS\system32\adrqbamp.dll" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [ ]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917}"= C:\WINDOWS\system32\byxxvst.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxxvst]
R1 ATMhelpr;ATMhelpr;C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 03:00]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S2 avp ;avp ;"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe" [2008-01-02 20:58]
S2 SampleScanner;USB-Flachbettscanner;C:\WINDOWS\system32\DRIVERS\ArtecGT.sys []
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-04 18:08]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-04 18:11]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-04 18:11]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-04 18:13]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-04 18:15]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-29 15:11:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-04 23:40:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
ComboFix 08-01-04.1 - HiyamZ 2008-01-05 1:25:39.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.108 [GMT 1:00]
Running from: C:\Documents and Settings\HiyamZ\Bureau\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ghkmp.ini
C:\WINDOWS\system32\ghkmp.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pmkhg.dll
C:\WINDOWS\system32\pmkhg.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-05 to 2008-01-05 ))))))))))))))))))))))))))))))))))))
.
2008-01-05 01:23 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-05 00:50 . 2008-01-02 12:52 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-05 00:50 . 2008-01-02 12:52 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2008-01-04 14:46 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-01-04 14:44 . 2008-01-04 14:44 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-01-04 03:38 . 2008-01-04 03:42 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-04 03:31 . 2008-01-04 03:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-01-04 03:29 . 2008-01-05 01:35 <REP> d-------- C:\Program Files\MessengerPlus! 3
2008-01-02 18:07 . 2008-01-02 18:07 <REP> d-------- C:\WINDOWS\ERUNT
2008-01-02 17:59 . 2008-01-02 17:59 38,468 --a------ C:\WINDOWS\Administrateur.acl
2008-01-02 17:22 . 2008-01-02 17:22 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Application Data\Talkback
2008-01-02 17:19 . 2006-06-28 23:46 <REP> d--h----- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Voisinage r‚seau
2008-01-02 17:19 . 2006-06-28 23:46 <REP> d--h----- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Voisinage d'impression
2008-01-02 17:19 . 2006-06-28 22:50 <REP> d--h----- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\ModŠles
2008-01-02 17:19 . 2008-01-02 17:58 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Mes documents
2008-01-02 17:19 . 2006-06-28 23:46 <REP> dr------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Menu D‚marrer
2008-01-02 17:19 . 2006-06-28 23:46 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Favoris
2008-01-02 17:19 . 2008-01-02 17:57 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Bureau
2008-01-02 02:31 . 2008-01-02 02:31 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-01-02 02:30 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-31 03:21 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-31 03:09 . 2008-01-02 02:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-31 02:39 . 2007-12-31 02:39 <REP> d-------- C:\Program Files\Trend Micro
2007-12-30 20:10 . 2007-12-30 20:10 <REP> d-------- C:\Program Files\Picasa2
2007-12-30 20:03 . 2007-12-30 20:10 <REP> d-------- C:\Documents and Settings\Administrateur\ModŠles
2007-12-29 16:16 . 2008-01-02 10:31 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-29 16:16 . 2008-01-02 10:31 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-29 16:13 . 2008-01-05 01:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-29 16:13 . 2008-01-05 01:36 2,576,928 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-29 16:13 . 2008-01-05 01:36 108,832 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-29 16:13 . 2008-01-05 01:34 37,628 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-29 16:13 . 2008-01-05 01:34 13,316 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-29 15:56 . 2007-12-29 15:56 <REP> d-------- C:\WINDOWS\43D1F052544F468E99443791243FF672.TMP
2007-12-29 15:53 . 2007-12-29 15:53 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-12-29 15:52 . 2008-01-01 22:15 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-29 15:42 . 2007-12-29 15:42 <REP> d-------- C:\Program Files\Dcads Games Collection
2007-12-29 15:42 . 2007-12-29 15:43 80,097 --a------ C:\WINDOWS\system32\dcads-remove.exe
2007-12-29 15:42 . 2007-12-29 15:43 77,360 --a------ C:\WINDOWS\system32\dcads_sidebar_uninstall.exe
2007-12-29 15:42 . 2007-12-29 15:43 40,734 --a------ C:\WINDOWS\system32\superiorads-uninst.exe
2007-12-28 15:22 . 2007-12-28 15:22 <REP> d-------- C:\Program Files\Datel
2007-12-28 13:34 . 2007-12-28 13:34 319,488 --a------ C:\WINDOWS\system32\dcads_sidebar.dll
2007-12-28 11:24 . 2007-12-28 11:24 <REP> d-------- C:\Program Files\Compedia
2007-12-28 11:24 . 2007-12-28 11:24 131 --a------ C:\WINDOWS\compedia.ini
2007-12-27 11:22 . 2008-01-03 21:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping
2007-12-26 23:53 . 2007-12-26 23:54 1,359,872 --a------ C:\WINDOWS\outlook.pst
2007-12-26 23:53 . 2007-12-26 23:53 9,346 --a------ C:\WINDOWS\extend.dat
2007-12-25 11:41 . 2008-01-05 01:09 <REP> d-------- C:\Program Files\iTunes
2007-12-25 11:30 . 2007-12-25 11:30 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2007-12-25 09:29 . 2007-12-25 09:29 <REP> d-------- C:\Documents and Settings\HiyamZ\Application Data\Apple Computer
2007-12-25 09:28 . 2007-12-25 11:41 <REP> d-------- C:\Program Files\iPod
2007-12-25 09:28 . 2004-12-18 20:32 38,229 --------- C:\WINDOWS\system32\drivers\StMp3Rec.sys
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-09 13:35 . 2007-12-09 13:35 <REP> d--hs---- C:\WINDOWS\ftpcache
2007-12-09 13:34 . 2007-12-09 13:34 <REP> d-------- C:\Program Files\Defenseurs Di-Gata - Kellogs
2007-12-09 13:34 . 2007-12-09 13:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 00:10 --------- d-----w C:\Program Files\Messager Wanadoo
2008-01-04 23:50 --------- d-----w C:\Program Files\QuickTime
2008-01-04 21:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-04 13:58 --------- d-----w C:\Program Files\Windows Live
2008-01-02 01:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-31 00:04 --------- d-----w C:\Program Files\Google
2007-12-30 19:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-12-29 14:59 --------- d-----w C:\Program Files\Network Associates
2007-12-29 14:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Network Associates
2007-12-29 13:15 --------- d-----w C:\Program Files\DivX
2007-12-28 10:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-27 10:20 --------- d-----w C:\Program Files\MSN Messenger
2007-12-26 10:37 --------- d-----w C:\Documents and Settings\HiyamZ\Application Data\LimeWire
2007-12-25 10:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-10 20:27 --------- d-----w C:\Program Files\Java
2007-12-01 14:39 --------- d-----w C:\Program Files\PhotoDeluxe HE 3.1
2007-11-30 06:03 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-30 06:03 --------- d-----w C:\Program Files\Windows Live Favorites
2007-11-23 13:16 --------- d-----w C:\Program Files\Apple Software Update
2007-11-23 13:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-11-13 10:25 20,480 ----a-r C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 13:12 --------- d-----w C:\Program Files\Wanadoo
2007-11-10 12:46 --------- d-----w C:\Documents and Settings\TEMP\Application Data\Talkback
2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
.
[code]<pre>
------w 218,376 2008-01-02 19:58:51 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
----a-w 662,016 2007-12-31 01:14:51 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 23:35:23 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 19:55:37 C:\Program Files\QuickTime\QTTask .exe
</pre>[/code]
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
2007-12-28 13:34 319488 --a------ C:\WINDOWS\system32\dcads_sidebar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917}]
C:\WINDOWS\system32\byxxvst.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E015787-B1E3-404a-95DE-3E71E1FA0305}]
C:\WINDOWS\system32\spads.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-02 12:52 15360]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [ ]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2004-09-01 09:28 53248 C:\WINDOWS\system32\VTTimer.exe]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [ ]
"SecuUFD"="" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask .exe" [ ]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe" [2008-01-02 20:58 218376]
"f856e254"="C:\WINDOWS\system32\adrqbamp.dll" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [ ]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917}"= C:\WINDOWS\system32\byxxvst.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxxvst]
R1 ATMhelpr;ATMhelpr;C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 03:00]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S2 avp ;avp ;"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe" [2008-01-02 20:58]
S2 SampleScanner;USB-Flachbettscanner;C:\WINDOWS\system32\DRIVERS\ArtecGT.sys []
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-04 18:08]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-04 18:11]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-04 18:11]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-04 18:13]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-04 18:15]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-29 15:11:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-04 23:40:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Re
Fais ce qui suit" d'un bloc" sans revenir sur le net avant d avoir fini la manip dans son intégralité stp.
Je te conseille d'enregistrer la page en sélectionnant toutes les lignes puis de copier cette sélection dans un fichier texte sur ton PC pour pouvoir appliquer la procédure correctement.
Il faut exécuter toutes les étapes, sans interruption, dans l'ordre exact indiqué ci-dessous.
Si un élément te paraît obscure, demande des explications avant de commencer la désinfection.
1) RenV.exe d'sUBs
Crée un nouveau document texte :
Clic droit de souris sur le bureau, "Nouveau"> "Document Texte". Ouvre-le et copie-colle dedans de ce qui est en citation ci-dessous, (copie tout d'un trait) :
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
C:\Program Files\QuickTime\QTTask .exe
* Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>
* Choisis "Enregistrer sous" et choisis "Bureau"
* Dans le champs "Nom du fichier" en bas de page donne le nom suivant : Log.txt
* Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"
* ferme ce fichier txt nouvellement crée.
Puis fait un glisser/déposer de ce fichier Log.txt sur le fichier RenV.exe
Une fois le scan achevé, un rapport va s'afficher, tu posteras son contenu en fin de manip.
2) ComboFix avec CFScript :
* Sélectionne le texte suivant (en gras) dans son intégralité :
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E015787-B1E3-404a-95DE-3E71E1FA0305}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxxvst]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"f856e254"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917}"=-
File::
C:\WINDOWS\system32\dcads-remove.exe
C:\WINDOWS\system32\dcads_sidebar_uninstall.exe
C:\WINDOWS\system32\superiorads-uninst.exe
C:\WINDOWS\system32\dcads_sidebar.dll
C:\WINDOWS\43D1F052544F468E99443791243FF672.TMP
Folder::
C:\Program Files\Dcads Games Collection
C:\Documents and Settings\All Users\Application Data\Trymedia
* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe ( sur ton bureau)
* Une fenêtre bleue va apparaître: au message qui apparaît Type 1 to continue, or 2 to abort , tape 1 puis valide.
* Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher, sauvegarde le sur ton Bureau
( Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt )
3) Rapports
Poste ces deux rapports en réponse ainsi qu'un nouveau rapport Hijackthis.
@ suivre
Fais ce qui suit" d'un bloc" sans revenir sur le net avant d avoir fini la manip dans son intégralité stp.
Je te conseille d'enregistrer la page en sélectionnant toutes les lignes puis de copier cette sélection dans un fichier texte sur ton PC pour pouvoir appliquer la procédure correctement.
Il faut exécuter toutes les étapes, sans interruption, dans l'ordre exact indiqué ci-dessous.
Si un élément te paraît obscure, demande des explications avant de commencer la désinfection.
1) RenV.exe d'sUBs
Crée un nouveau document texte :
Clic droit de souris sur le bureau, "Nouveau"> "Document Texte". Ouvre-le et copie-colle dedans de ce qui est en citation ci-dessous, (copie tout d'un trait) :
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
C:\Program Files\QuickTime\QTTask .exe
* Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>
* Choisis "Enregistrer sous" et choisis "Bureau"
* Dans le champs "Nom du fichier" en bas de page donne le nom suivant : Log.txt
* Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"
* ferme ce fichier txt nouvellement crée.
Puis fait un glisser/déposer de ce fichier Log.txt sur le fichier RenV.exe
Une fois le scan achevé, un rapport va s'afficher, tu posteras son contenu en fin de manip.
2) ComboFix avec CFScript :
* Sélectionne le texte suivant (en gras) dans son intégralité :
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E015787-B1E3-404a-95DE-3E71E1FA0305}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxxvst]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"f856e254"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917}"=-
File::
C:\WINDOWS\system32\dcads-remove.exe
C:\WINDOWS\system32\dcads_sidebar_uninstall.exe
C:\WINDOWS\system32\superiorads-uninst.exe
C:\WINDOWS\system32\dcads_sidebar.dll
C:\WINDOWS\43D1F052544F468E99443791243FF672.TMP
Folder::
C:\Program Files\Dcads Games Collection
C:\Documents and Settings\All Users\Application Data\Trymedia
* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe ( sur ton bureau)
* Une fenêtre bleue va apparaître: au message qui apparaît Type 1 to continue, or 2 to abort , tape 1 puis valide.
* Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher, sauvegarde le sur ton Bureau
( Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt )
3) Rapports
Poste ces deux rapports en réponse ainsi qu'un nouveau rapport Hijackthis.
@ suivre
premier rapport RenV.exe
[code]
Ran on 2008-01-05 - 2:13:19.48
deuxieme rapport combofix
ComboFix 08-01-04.1 - HiyamZ 2008-01-05 2:18:53.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.124 [GMT 1:00]
Running from: C:\Documents and Settings\HiyamZ\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\HiyamZ\Bureau\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\43D1F052544F468E99443791243FF672.TMP
C:\WINDOWS\system32\dcads-remove.exe
C:\WINDOWS\system32\dcads_sidebar.dll
C:\WINDOWS\system32\dcads_sidebar_uninstall.exe
C:\WINDOWS\system32\superiorads-uninst.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Trymedia
C:\Documents and Settings\All Users\Application Data\Trymedia\data\{21A5A37B-DEFC-1958-9AD2-106BE9C392BF}
C:\Documents and Settings\All Users\Application Data\Trymedia\data\{5D6C9B1F-C300-4742-396F-A2A471DE7A2C}
C:\Documents and Settings\All Users\Application Data\Trymedia\data\{6C592F62-B01C-0F9C-28CE-72E5FC9A7862}
C:\Documents and Settings\All Users\Application Data\Trymedia\data\{967BC3E1-E3E7-B100-C7BB-F3114790063F}
C:\Program Files\Dcads Games Collection
C:\Program Files\Dcads Games Collection\BattlesOfHelicopters.exe
C:\Program Files\Dcads Games Collection\BobAndBill.exe
C:\Program Files\Dcads Games Collection\CrazyBlocks.exe
C:\Program Files\Dcads Games Collection\Lines.exe
C:\Program Files\Dcads Games Collection\uninstall.exe
C:\Program Files\Dcads Games Collection\VideoPool.exe
C:\WINDOWS\system32\dcads-remove.exe
C:\WINDOWS\system32\dcads_sidebar.dll
C:\WINDOWS\system32\dcads_sidebar_uninstall.exe
C:\WINDOWS\system32\superiorads-uninst.exe
.
---- Previous Run -------
.
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ghkmp.ini
C:\WINDOWS\system32\ghkmp.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pmkhg.dll
C:\WINDOWS\system32\pmkhg.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-05 to 2008-01-05 ))))))))))))))))))))))))))))))))))))
.
2008-01-05 01:23 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-05 00:50 . 2008-01-02 12:52 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-05 00:50 . 2008-01-02 12:52 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2008-01-04 14:46 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-01-04 14:44 . 2008-01-04 14:44 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-01-04 03:38 . 2008-01-04 03:42 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-04 03:31 . 2008-01-04 03:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-01-04 03:29 . 2008-01-05 01:35 <REP> d-------- C:\Program Files\MessengerPlus! 3
2008-01-02 18:07 . 2008-01-02 18:07 <REP> d-------- C:\WINDOWS\ERUNT
2008-01-02 17:59 . 2008-01-02 17:59 38,468 --a------ C:\WINDOWS\Administrateur.acl
2008-01-02 17:22 . 2008-01-02 17:22 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Application Data\Talkback
2008-01-02 17:19 . 2006-06-28 23:46 <REP> d--h----- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Voisinage réseau
2008-01-02 17:19 . 2006-06-28 23:46 <REP> d--h----- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Voisinage d'impression
2008-01-02 17:19 . 2006-06-28 22:50 <REP> d--h----- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Modèles
2008-01-02 17:19 . 2008-01-02 17:58 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Mes documents
2008-01-02 17:19 . 2006-06-28 23:46 <REP> dr------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Menu Démarrer
2008-01-02 17:19 . 2006-06-28 23:46 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Favoris
2008-01-02 17:19 . 2008-01-02 17:57 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Bureau
2008-01-02 02:31 . 2008-01-02 02:31 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-01-02 02:30 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-31 03:21 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-31 03:09 . 2008-01-02 02:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-31 02:39 . 2007-12-31 02:39 <REP> d-------- C:\Program Files\Trend Micro
2007-12-30 20:10 . 2007-12-30 20:10 <REP> d-------- C:\Program Files\Picasa2
2007-12-30 20:03 . 2007-12-30 20:10 <REP> d-------- C:\Documents and Settings\Administrateur\Modèles
2007-12-29 16:16 . 2008-01-02 10:31 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-29 16:16 . 2008-01-02 10:31 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-29 16:13 . 2008-01-05 01:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-29 16:13 . 2008-01-05 02:23 2,609,184 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-29 16:13 . 2008-01-05 02:23 110,368 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-29 16:13 . 2008-01-05 01:34 37,628 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-29 16:13 . 2008-01-05 01:34 13,316 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-29 15:56 . 2007-12-29 15:56 <REP> d-------- C:\WINDOWS\43D1F052544F468E99443791243FF672.TMP
2007-12-29 15:53 . 2007-12-29 15:53 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-12-29 15:52 . 2008-01-01 22:15 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-28 15:22 . 2007-12-28 15:22 <REP> d-------- C:\Program Files\Datel
2007-12-28 11:24 . 2007-12-28 11:24 <REP> d-------- C:\Program Files\Compedia
2007-12-28 11:24 . 2007-12-28 11:24 131 --a------ C:\WINDOWS\compedia.ini
2007-12-27 11:22 . 2008-01-03 21:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping
2007-12-26 23:53 . 2007-12-26 23:54 1,359,872 --a------ C:\WINDOWS\outlook.pst
2007-12-26 23:53 . 2007-12-26 23:53 9,346 --a------ C:\WINDOWS\extend.dat
2007-12-25 11:41 . 2008-01-05 01:09 <REP> d-------- C:\Program Files\iTunes
2007-12-25 11:30 . 2007-12-25 11:30 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2007-12-25 09:29 . 2007-12-25 09:29 <REP> d-------- C:\Documents and Settings\HiyamZ\Application Data\Apple Computer
2007-12-25 09:28 . 2007-12-25 11:41 <REP> d-------- C:\Program Files\iPod
2007-12-25 09:28 . 2004-12-18 20:32 38,229 --------- C:\WINDOWS\system32\drivers\StMp3Rec.sys
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-09 13:35 . 2007-12-09 13:35 <REP> d--hs---- C:\WINDOWS\ftpcache
2007-12-09 13:34 . 2007-12-09 13:34 <REP> d-------- C:\Program Files\Defenseurs Di-Gata - Kellogs
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 00:10 --------- d-----w C:\Program Files\Messager Wanadoo
2008-01-04 23:50 --------- d-----w C:\Program Files\QuickTime
2008-01-04 21:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-04 13:58 --------- d-----w C:\Program Files\Windows Live
2008-01-02 01:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-31 00:04 --------- d-----w C:\Program Files\Google
2007-12-30 19:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-12-29 14:59 --------- d-----w C:\Program Files\Network Associates
2007-12-29 14:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Network Associates
2007-12-29 13:15 --------- d-----w C:\Program Files\DivX
2007-12-28 10:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-27 10:20 --------- d-----w C:\Program Files\MSN Messenger
2007-12-26 10:37 --------- d-----w C:\Documents and Settings\HiyamZ\Application Data\LimeWire
2007-12-25 10:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-10 20:27 --------- d-----w C:\Program Files\Java
2007-12-01 14:39 --------- d-----w C:\Program Files\PhotoDeluxe HE 3.1
2007-11-30 06:03 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-30 06:03 --------- d-----w C:\Program Files\Windows Live Favorites
2007-11-23 13:16 --------- d-----w C:\Program Files\Apple Software Update
2007-11-23 13:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-11-13 10:25 20,480 ----a-r C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 13:12 --------- d-----w C:\Program Files\Wanadoo
2007-11-10 12:46 --------- d-----w C:\Documents and Settings\TEMP\Application Data\Talkback
2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\quartz.dll
2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
.
[code]<pre>
------w 218,376 2008-01-02 19:58:51 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
----a-w 662,016 2007-12-31 01:14:51 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 23:35:23 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 19:55:37 C:\Program Files\QuickTime\QTTask .exe
</pre>[/code]
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-02 12:52 15360]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [ ]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2004-09-01 09:28 53248 C:\WINDOWS\system32\VTTimer.exe]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [ ]
"SecuUFD"="" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask .exe" [ ]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe" [2008-01-02 20:58 218376]
"f856e254"="C:\WINDOWS\system32\adrqbamp.dll" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [ ]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage d'Office.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1997-08-28 23:00:00]
Gestionnaire Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE [1997-08-28 23:00:00]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26]
Microsoft Recherche acc‚l‚r‚e.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1997-08-28 23:00:00]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-06-28 23:06:15]
R1 ATMhelpr;ATMhelpr;C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 03:00]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S2 avp ;avp ;"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe" [2008-01-02 20:58]
S2 SampleScanner;USB-Flachbettscanner;C:\WINDOWS\system32\DRIVERS\ArtecGT.sys []
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-04 18:08]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-04 18:11]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-04 18:11]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-04 18:13]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-04 18:15]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-29 15:11:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-05 00:40:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 02:23:43
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-05 2:25:18
ComboFix-quarantined-files.txt 2008-01-05 01:25:10
.
2008-01-04 15:52:34 --- E O F ---
enfin le rapport hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:26:47, on 05/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe"
O4 - HKLM\..\Run: [f856e254] rundll32.exe "C:\WINDOWS\system32\adrqbamp.dll",b
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Gestionnaire Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D3D0E7BC-170E-11D0-B2D1-00AA00B92B50} (FireEvent Control) - http://sfr.fr.web.ftmd.musiwave.com/dlm/ax/fireev.1.0.0.4.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe (file missing)
O23 - Service: avp - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
[code]
Ran on 2008-01-05 - 2:13:19.48
deuxieme rapport combofix
ComboFix 08-01-04.1 - HiyamZ 2008-01-05 2:18:53.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.124 [GMT 1:00]
Running from: C:\Documents and Settings\HiyamZ\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\HiyamZ\Bureau\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\43D1F052544F468E99443791243FF672.TMP
C:\WINDOWS\system32\dcads-remove.exe
C:\WINDOWS\system32\dcads_sidebar.dll
C:\WINDOWS\system32\dcads_sidebar_uninstall.exe
C:\WINDOWS\system32\superiorads-uninst.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Trymedia
C:\Documents and Settings\All Users\Application Data\Trymedia\data\{21A5A37B-DEFC-1958-9AD2-106BE9C392BF}
C:\Documents and Settings\All Users\Application Data\Trymedia\data\{5D6C9B1F-C300-4742-396F-A2A471DE7A2C}
C:\Documents and Settings\All Users\Application Data\Trymedia\data\{6C592F62-B01C-0F9C-28CE-72E5FC9A7862}
C:\Documents and Settings\All Users\Application Data\Trymedia\data\{967BC3E1-E3E7-B100-C7BB-F3114790063F}
C:\Program Files\Dcads Games Collection
C:\Program Files\Dcads Games Collection\BattlesOfHelicopters.exe
C:\Program Files\Dcads Games Collection\BobAndBill.exe
C:\Program Files\Dcads Games Collection\CrazyBlocks.exe
C:\Program Files\Dcads Games Collection\Lines.exe
C:\Program Files\Dcads Games Collection\uninstall.exe
C:\Program Files\Dcads Games Collection\VideoPool.exe
C:\WINDOWS\system32\dcads-remove.exe
C:\WINDOWS\system32\dcads_sidebar.dll
C:\WINDOWS\system32\dcads_sidebar_uninstall.exe
C:\WINDOWS\system32\superiorads-uninst.exe
.
---- Previous Run -------
.
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ghkmp.ini
C:\WINDOWS\system32\ghkmp.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pmkhg.dll
C:\WINDOWS\system32\pmkhg.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-05 to 2008-01-05 ))))))))))))))))))))))))))))))))))))
.
2008-01-05 01:23 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-05 00:50 . 2008-01-02 12:52 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-05 00:50 . 2008-01-02 12:52 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2008-01-04 14:46 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-01-04 14:44 . 2008-01-04 14:44 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-01-04 03:38 . 2008-01-04 03:42 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-04 03:31 . 2008-01-04 03:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-01-04 03:29 . 2008-01-05 01:35 <REP> d-------- C:\Program Files\MessengerPlus! 3
2008-01-02 18:07 . 2008-01-02 18:07 <REP> d-------- C:\WINDOWS\ERUNT
2008-01-02 17:59 . 2008-01-02 17:59 38,468 --a------ C:\WINDOWS\Administrateur.acl
2008-01-02 17:22 . 2008-01-02 17:22 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Application Data\Talkback
2008-01-02 17:19 . 2006-06-28 23:46 <REP> d--h----- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Voisinage réseau
2008-01-02 17:19 . 2006-06-28 23:46 <REP> d--h----- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Voisinage d'impression
2008-01-02 17:19 . 2006-06-28 22:50 <REP> d--h----- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Modèles
2008-01-02 17:19 . 2008-01-02 17:58 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Mes documents
2008-01-02 17:19 . 2006-06-28 23:46 <REP> dr------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Menu Démarrer
2008-01-02 17:19 . 2006-06-28 23:46 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Favoris
2008-01-02 17:19 . 2008-01-02 17:57 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Bureau
2008-01-02 02:31 . 2008-01-02 02:31 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-01-02 02:30 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-31 03:21 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-31 03:09 . 2008-01-02 02:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-31 02:39 . 2007-12-31 02:39 <REP> d-------- C:\Program Files\Trend Micro
2007-12-30 20:10 . 2007-12-30 20:10 <REP> d-------- C:\Program Files\Picasa2
2007-12-30 20:03 . 2007-12-30 20:10 <REP> d-------- C:\Documents and Settings\Administrateur\Modèles
2007-12-29 16:16 . 2008-01-02 10:31 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-29 16:16 . 2008-01-02 10:31 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-29 16:13 . 2008-01-05 01:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-29 16:13 . 2008-01-05 02:23 2,609,184 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-29 16:13 . 2008-01-05 02:23 110,368 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-29 16:13 . 2008-01-05 01:34 37,628 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-29 16:13 . 2008-01-05 01:34 13,316 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-29 15:56 . 2007-12-29 15:56 <REP> d-------- C:\WINDOWS\43D1F052544F468E99443791243FF672.TMP
2007-12-29 15:53 . 2007-12-29 15:53 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-12-29 15:52 . 2008-01-01 22:15 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-28 15:22 . 2007-12-28 15:22 <REP> d-------- C:\Program Files\Datel
2007-12-28 11:24 . 2007-12-28 11:24 <REP> d-------- C:\Program Files\Compedia
2007-12-28 11:24 . 2007-12-28 11:24 131 --a------ C:\WINDOWS\compedia.ini
2007-12-27 11:22 . 2008-01-03 21:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping
2007-12-26 23:53 . 2007-12-26 23:54 1,359,872 --a------ C:\WINDOWS\outlook.pst
2007-12-26 23:53 . 2007-12-26 23:53 9,346 --a------ C:\WINDOWS\extend.dat
2007-12-25 11:41 . 2008-01-05 01:09 <REP> d-------- C:\Program Files\iTunes
2007-12-25 11:30 . 2007-12-25 11:30 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2007-12-25 09:29 . 2007-12-25 09:29 <REP> d-------- C:\Documents and Settings\HiyamZ\Application Data\Apple Computer
2007-12-25 09:28 . 2007-12-25 11:41 <REP> d-------- C:\Program Files\iPod
2007-12-25 09:28 . 2004-12-18 20:32 38,229 --------- C:\WINDOWS\system32\drivers\StMp3Rec.sys
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-09 13:35 . 2007-12-09 13:35 <REP> d--hs---- C:\WINDOWS\ftpcache
2007-12-09 13:34 . 2007-12-09 13:34 <REP> d-------- C:\Program Files\Defenseurs Di-Gata - Kellogs
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 00:10 --------- d-----w C:\Program Files\Messager Wanadoo
2008-01-04 23:50 --------- d-----w C:\Program Files\QuickTime
2008-01-04 21:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-04 13:58 --------- d-----w C:\Program Files\Windows Live
2008-01-02 01:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-31 00:04 --------- d-----w C:\Program Files\Google
2007-12-30 19:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-12-29 14:59 --------- d-----w C:\Program Files\Network Associates
2007-12-29 14:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Network Associates
2007-12-29 13:15 --------- d-----w C:\Program Files\DivX
2007-12-28 10:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-27 10:20 --------- d-----w C:\Program Files\MSN Messenger
2007-12-26 10:37 --------- d-----w C:\Documents and Settings\HiyamZ\Application Data\LimeWire
2007-12-25 10:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-10 20:27 --------- d-----w C:\Program Files\Java
2007-12-01 14:39 --------- d-----w C:\Program Files\PhotoDeluxe HE 3.1
2007-11-30 06:03 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-30 06:03 --------- d-----w C:\Program Files\Windows Live Favorites
2007-11-23 13:16 --------- d-----w C:\Program Files\Apple Software Update
2007-11-23 13:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-11-13 10:25 20,480 ----a-r C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 13:12 --------- d-----w C:\Program Files\Wanadoo
2007-11-10 12:46 --------- d-----w C:\Documents and Settings\TEMP\Application Data\Talkback
2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\quartz.dll
2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
.
[code]<pre>
------w 218,376 2008-01-02 19:58:51 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
----a-w 662,016 2007-12-31 01:14:51 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 23:35:23 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 19:55:37 C:\Program Files\QuickTime\QTTask .exe
</pre>[/code]
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-02 12:52 15360]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [ ]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2004-09-01 09:28 53248 C:\WINDOWS\system32\VTTimer.exe]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [ ]
"SecuUFD"="" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask .exe" [ ]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe" [2008-01-02 20:58 218376]
"f856e254"="C:\WINDOWS\system32\adrqbamp.dll" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [ ]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage d'Office.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1997-08-28 23:00:00]
Gestionnaire Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE [1997-08-28 23:00:00]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26]
Microsoft Recherche acc‚l‚r‚e.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1997-08-28 23:00:00]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-06-28 23:06:15]
R1 ATMhelpr;ATMhelpr;C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 03:00]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S2 avp ;avp ;"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe" [2008-01-02 20:58]
S2 SampleScanner;USB-Flachbettscanner;C:\WINDOWS\system32\DRIVERS\ArtecGT.sys []
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-04 18:08]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-04 18:11]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-04 18:11]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-04 18:13]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-04 18:15]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-29 15:11:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-05 00:40:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 02:23:43
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-05 2:25:18
ComboFix-quarantined-files.txt 2008-01-05 01:25:10
.
2008-01-04 15:52:34 --- E O F ---
enfin le rapport hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:26:47, on 05/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe"
O4 - HKLM\..\Run: [f856e254] rundll32.exe "C:\WINDOWS\system32\adrqbamp.dll",b
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Gestionnaire Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D3D0E7BC-170E-11D0-B2D1-00AA00B92B50} (FireEvent Control) - http://sfr.fr.web.ftmd.musiwave.com/dlm/ax/fireev.1.0.0.4.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe (file missing)
O23 - Service: avp - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Re
Bien joué, je vérifie ton rapport, mais ça "s'accroche" encore, il reste du boulot ;) je te file une autre manip sous peu.
@ plus
Bien joué, je vérifie ton rapport, mais ça "s'accroche" encore, il reste du boulot ;) je te file une autre manip sous peu.
@ plus
Re
Je te conseille d'enregistrer la page en sélectionnant toutes les lignes puis de copier cette sélection dans un fichier texte sur ton PC pour pouvoir appliquer la procédure correctement.
Il faut exécuter toutes les étapes, sans interruption, dans l'ordre exact indiqué ci-dessous.
Si un élément te paraît obscure, demande des explications avant de commencer la désinfection
Déconnecte toi du net et désactive ton antivirus le temps de la manip
1) RenV.exe d'sUBs
Crée un nouveau document texte :
Clic droit de souris sur le bureau, "Nouveau"> "Document Texte". Ouvre-le et copie-colle dedans de ce qui est en citation ci-dessous, (copie tout d'un trait) :
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
C:\Program Files\QuickTime\QTTask .exe
* Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>
* Choisis "Enregistrer sous" et choisis "Bureau"
* Dans le champs "Nom du fichier" en bas de page donne le nom suivant : Log.txt
* Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"
* ferme ce fichier txt nouvellement crée.
Puis fait un glisser/déposer de ce fichier Log.txt sur le fichier RenV.exe
Une fois le scan achevé, un rapport va s'afficher, tu posteras son contenu en fin de manip.
2) ComboFix avec CFScript :
* Sélectionne le texte suivant (en gras) dans son intégralité :
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"f856e254"=-
"QuickTime Task"=-
File::
C:\WINDOWS\system32\adrqbamp.dll
C:\WINDOWS\43D1F052544F468E99443791243FF672.TMP
Folder::
"C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping"
* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe ( sur ton bureau)
* Une fenêtre bleue va apparaître: au message qui apparaît Type 1 to continue, or 2 to abort , tape 1 puis valide.
* Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher, sauvegarde le sur ton Bureau
( Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt )
3) Rapports
Poste ces deux rapports en réponse ainsi qu'un nouveau rapport Hijackthis.
@ suivre
Je te conseille d'enregistrer la page en sélectionnant toutes les lignes puis de copier cette sélection dans un fichier texte sur ton PC pour pouvoir appliquer la procédure correctement.
Il faut exécuter toutes les étapes, sans interruption, dans l'ordre exact indiqué ci-dessous.
Si un élément te paraît obscure, demande des explications avant de commencer la désinfection
Déconnecte toi du net et désactive ton antivirus le temps de la manip
1) RenV.exe d'sUBs
Crée un nouveau document texte :
Clic droit de souris sur le bureau, "Nouveau"> "Document Texte". Ouvre-le et copie-colle dedans de ce qui est en citation ci-dessous, (copie tout d'un trait) :
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
C:\Program Files\QuickTime\QTTask .exe
* Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>
* Choisis "Enregistrer sous" et choisis "Bureau"
* Dans le champs "Nom du fichier" en bas de page donne le nom suivant : Log.txt
* Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"
* ferme ce fichier txt nouvellement crée.
Puis fait un glisser/déposer de ce fichier Log.txt sur le fichier RenV.exe
Une fois le scan achevé, un rapport va s'afficher, tu posteras son contenu en fin de manip.
2) ComboFix avec CFScript :
* Sélectionne le texte suivant (en gras) dans son intégralité :
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"f856e254"=-
"QuickTime Task"=-
File::
C:\WINDOWS\system32\adrqbamp.dll
C:\WINDOWS\43D1F052544F468E99443791243FF672.TMP
Folder::
"C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping"
* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe ( sur ton bureau)
* Une fenêtre bleue va apparaître: au message qui apparaît Type 1 to continue, or 2 to abort , tape 1 puis valide.
* Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher, sauvegarde le sur ton Bureau
( Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt )
3) Rapports
Poste ces deux rapports en réponse ainsi qu'un nouveau rapport Hijackthis.
@ suivre
voilà les rapports
numero 1
[code]
Ran on 05/01/2008 - 2:55:37,59
------w 218,376 2008-01-02 19:58:51 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
----a-w 662,016 2007-12-31 01:14:51 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 23:35:23 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 19:55:37 C:\Program Files\QuickTime\QTTask .exe
Entries: 4 (4)
Directories: 0 Files: 4
Bytes: 2,204,424 Blocks: 4,306
[/code]
numero 2
ComboFix 08-01-04.1 - HiyamZ 2008-01-05 3:00:03.5 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.173 [GMT 1:00]
Running from: C:\Documents and Settings\HiyamZ\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\HiyamZ\Bureau\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\43D1F052544F468E99443791243FF672.TMP
C:\WINDOWS\system32\adrqbamp.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping
C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping\view exit.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-05 to 2008-01-05 ))))))))))))))))))))))))))))))))))))
.
2008-01-05 02:44 . 2008-01-05 02:44 <REP> d-------- C:\Program Files\RegistrySmart
2008-01-05 02:44 . 2008-01-05 02:44 <REP> d-------- C:\Documents and Settings\HiyamZ\Application Data\RegistrySmart
2008-01-05 01:23 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-05 00:50 . 2008-01-02 12:52 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-05 00:50 . 2008-01-02 12:52 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2008-01-04 14:46 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-01-04 14:44 . 2008-01-04 14:44 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-01-04 03:38 . 2008-01-04 03:42 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-04 03:31 . 2008-01-04 03:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-01-04 03:29 . 2008-01-05 01:35 <REP> d-------- C:\Program Files\MessengerPlus! 3
2008-01-02 18:07 . 2008-01-02 18:07 <REP> d-------- C:\WINDOWS\ERUNT
2008-01-02 17:59 . 2008-01-02 17:59 38,468 --a------ C:\WINDOWS\Administrateur.acl
2008-01-02 17:22 . 2008-01-02 17:22 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Application Data\Talkback
2008-01-02 17:19 . 2006-06-28 23:46 <REP> d--h----- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Voisinage r‚seau
2008-01-02 17:19 . 2006-06-28 23:46 <REP> d--h----- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Voisinage d'impression
2008-01-02 17:19 . 2006-06-28 22:50 <REP> d--h----- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\ModŠles
2008-01-02 17:19 . 2008-01-02 17:58 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Mes documents
2008-01-02 17:19 . 2006-06-28 23:46 <REP> dr------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Menu D‚marrer
2008-01-02 17:19 . 2006-06-28 23:46 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Favoris
2008-01-02 17:19 . 2008-01-02 17:57 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Bureau
2008-01-02 02:31 . 2008-01-02 02:31 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-01-02 02:30 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-31 03:21 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-31 03:09 . 2008-01-02 02:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-31 02:39 . 2007-12-31 02:39 <REP> d-------- C:\Program Files\Trend Micro
2007-12-30 20:10 . 2007-12-30 20:10 <REP> d-------- C:\Program Files\Picasa2
2007-12-30 20:03 . 2007-12-30 20:10 <REP> d-------- C:\Documents and Settings\Administrateur\ModŠles
2007-12-29 16:16 . 2008-01-02 10:31 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-29 16:16 . 2008-01-02 10:31 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-29 16:13 . 2008-01-05 03:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-29 16:13 . 2008-01-05 03:06 2,632,480 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-29 16:13 . 2008-01-05 03:07 112,672 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-29 16:13 . 2008-01-05 03:04 38,396 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-29 16:13 . 2008-01-05 03:04 13,700 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-29 15:56 . 2007-12-29 15:56 <REP> d-------- C:\WINDOWS\43D1F052544F468E99443791243FF672.TMP
2007-12-29 15:53 . 2007-12-29 15:53 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-12-29 15:52 . 2008-01-01 22:15 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-28 15:22 . 2007-12-28 15:22 <REP> d-------- C:\Program Files\Datel
2007-12-28 11:24 . 2007-12-28 11:24 <REP> d-------- C:\Program Files\Compedia
2007-12-28 11:24 . 2007-12-28 11:24 131 --a------ C:\WINDOWS\compedia.ini
2007-12-26 23:53 . 2007-12-26 23:54 1,359,872 --a------ C:\WINDOWS\outlook.pst
2007-12-26 23:53 . 2007-12-26 23:53 9,346 --a------ C:\WINDOWS\extend.dat
2007-12-25 11:41 . 2008-01-05 01:09 <REP> d-------- C:\Program Files\iTunes
2007-12-25 11:30 . 2007-12-25 11:30 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2007-12-25 09:29 . 2007-12-25 09:29 <REP> d-------- C:\Documents and Settings\HiyamZ\Application Data\Apple Computer
2007-12-25 09:28 . 2007-12-25 11:41 <REP> d-------- C:\Program Files\iPod
2007-12-25 09:28 . 2004-12-18 20:32 38,229 --------- C:\WINDOWS\system32\drivers\StMp3Rec.sys
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-09 13:35 . 2007-12-09 13:35 <REP> d--hs---- C:\WINDOWS\ftpcache
2007-12-09 13:34 . 2007-12-09 13:34 <REP> d-------- C:\Program Files\Defenseurs Di-Gata - Kellogs
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 00:10 --------- d-----w C:\Program Files\Messager Wanadoo
2008-01-04 23:50 --------- d-----w C:\Program Files\QuickTime
2008-01-04 21:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-04 13:58 --------- d-----w C:\Program Files\Windows Live
2008-01-02 01:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-31 00:04 --------- d-----w C:\Program Files\Google
2007-12-30 19:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-12-29 14:59 --------- d-----w C:\Program Files\Network Associates
2007-12-29 14:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Network Associates
2007-12-29 13:15 --------- d-----w C:\Program Files\DivX
2007-12-28 10:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-27 10:20 --------- d-----w C:\Program Files\MSN Messenger
2007-12-26 10:37 --------- d-----w C:\Documents and Settings\HiyamZ\Application Data\LimeWire
2007-12-25 10:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-10 20:27 --------- d-----w C:\Program Files\Java
2007-12-01 14:39 --------- d-----w C:\Program Files\PhotoDeluxe HE 3.1
2007-11-30 06:03 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-30 06:03 --------- d-----w C:\Program Files\Windows Live Favorites
2007-11-23 13:16 --------- d-----w C:\Program Files\Apple Software Update
2007-11-23 13:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-11-13 10:25 20,480 ----a-r C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 13:12 --------- d-----w C:\Program Files\Wanadoo
2007-11-10 12:46 --------- d-----w C:\Documents and Settings\TEMP\Application Data\Talkback
2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\quartz.dll
2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
.
[code]<pre>
------w 218,376 2008-01-02 19:58:51 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
----a-w 662,016 2007-12-31 01:14:51 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 23:35:23 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 19:55:37 C:\Program Files\QuickTime\QTTask .exe
</pre>[/code]
((((((((((((((((((((((((((((( snapshot@2008-01-05_ 1.38.36.73 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-05 01:44:19 87,040 ----a-r C:\WINDOWS\Installer\{9A893DC3-F04C-474F-866C-B2F44C9743EC}\Icon.exe
- 2008-01-04 19:30:14 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-01-05 02:05:33 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-01-04 19:30:14 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-01-05 02:05:33 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-01-04 19:30:14 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-05 02:05:33 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-02 12:52 15360]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [ ]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2004-09-01 09:28 53248 C:\WINDOWS\system32\VTTimer.exe]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [ ]
"SecuUFD"="" []
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe" [2008-01-02 20:58 218376]
"RegistrySmart"="C:\Program Files\RegistrySmart\RegistrySmart.exe" [2007-10-16 21:45 4044016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [ ]
R1 ATMhelpr;ATMhelpr;C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 03:00]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S2 avp ;avp ;"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe" [2008-01-02 20:58]
S2 SampleScanner;USB-Flachbettscanner;C:\WINDOWS\system32\DRIVERS\ArtecGT.sys []
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-04 18:08]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-04 18:11]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-04 18:11]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-04 18:13]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-04 18:15]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-29 15:11:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-05 02:07:08 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart.HiyamZ.Runs RegistrySmart to optimize your registry.
"2008-01-05 01:40:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
numero 3
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:11, on 2008-01-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe"
O4 - HKLM\..\Run: [RegistrySmart] C:\Program Files\RegistrySmart\RegistrySmart.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Gestionnaire Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D3D0E7BC-170E-11D0-B2D1-00AA00B92B50} (FireEvent Control) - http://sfr.fr.web.ftmd.musiwave.com/dlm/ax/fireev.1.0.0.4.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe (file missing)
O23 - Service: avp - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
numero 1
[code]
Ran on 05/01/2008 - 2:55:37,59
------w 218,376 2008-01-02 19:58:51 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
----a-w 662,016 2007-12-31 01:14:51 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 23:35:23 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 19:55:37 C:\Program Files\QuickTime\QTTask .exe
Entries: 4 (4)
Directories: 0 Files: 4
Bytes: 2,204,424 Blocks: 4,306
[/code]
numero 2
ComboFix 08-01-04.1 - HiyamZ 2008-01-05 3:00:03.5 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.173 [GMT 1:00]
Running from: C:\Documents and Settings\HiyamZ\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\HiyamZ\Bureau\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\43D1F052544F468E99443791243FF672.TMP
C:\WINDOWS\system32\adrqbamp.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping
C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping\view exit.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-05 to 2008-01-05 ))))))))))))))))))))))))))))))))))))
.
2008-01-05 02:44 . 2008-01-05 02:44 <REP> d-------- C:\Program Files\RegistrySmart
2008-01-05 02:44 . 2008-01-05 02:44 <REP> d-------- C:\Documents and Settings\HiyamZ\Application Data\RegistrySmart
2008-01-05 01:23 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-05 00:50 . 2008-01-02 12:52 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-05 00:50 . 2008-01-02 12:52 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2008-01-04 14:46 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-01-04 14:44 . 2008-01-04 14:44 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-01-04 03:38 . 2008-01-04 03:42 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-04 03:31 . 2008-01-04 03:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-01-04 03:29 . 2008-01-05 01:35 <REP> d-------- C:\Program Files\MessengerPlus! 3
2008-01-02 18:07 . 2008-01-02 18:07 <REP> d-------- C:\WINDOWS\ERUNT
2008-01-02 17:59 . 2008-01-02 17:59 38,468 --a------ C:\WINDOWS\Administrateur.acl
2008-01-02 17:22 . 2008-01-02 17:22 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Application Data\Talkback
2008-01-02 17:19 . 2006-06-28 23:46 <REP> d--h----- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Voisinage r‚seau
2008-01-02 17:19 . 2006-06-28 23:46 <REP> d--h----- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Voisinage d'impression
2008-01-02 17:19 . 2006-06-28 22:50 <REP> d--h----- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\ModŠles
2008-01-02 17:19 . 2008-01-02 17:58 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Mes documents
2008-01-02 17:19 . 2006-06-28 23:46 <REP> dr------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Menu D‚marrer
2008-01-02 17:19 . 2006-06-28 23:46 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Favoris
2008-01-02 17:19 . 2008-01-02 17:57 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Bureau
2008-01-02 02:31 . 2008-01-02 02:31 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-01-02 02:30 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-31 03:21 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-31 03:09 . 2008-01-02 02:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-31 02:39 . 2007-12-31 02:39 <REP> d-------- C:\Program Files\Trend Micro
2007-12-30 20:10 . 2007-12-30 20:10 <REP> d-------- C:\Program Files\Picasa2
2007-12-30 20:03 . 2007-12-30 20:10 <REP> d-------- C:\Documents and Settings\Administrateur\ModŠles
2007-12-29 16:16 . 2008-01-02 10:31 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-29 16:16 . 2008-01-02 10:31 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-29 16:13 . 2008-01-05 03:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-29 16:13 . 2008-01-05 03:06 2,632,480 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-29 16:13 . 2008-01-05 03:07 112,672 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-29 16:13 . 2008-01-05 03:04 38,396 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-29 16:13 . 2008-01-05 03:04 13,700 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-29 15:56 . 2007-12-29 15:56 <REP> d-------- C:\WINDOWS\43D1F052544F468E99443791243FF672.TMP
2007-12-29 15:53 . 2007-12-29 15:53 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-12-29 15:52 . 2008-01-01 22:15 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-28 15:22 . 2007-12-28 15:22 <REP> d-------- C:\Program Files\Datel
2007-12-28 11:24 . 2007-12-28 11:24 <REP> d-------- C:\Program Files\Compedia
2007-12-28 11:24 . 2007-12-28 11:24 131 --a------ C:\WINDOWS\compedia.ini
2007-12-26 23:53 . 2007-12-26 23:54 1,359,872 --a------ C:\WINDOWS\outlook.pst
2007-12-26 23:53 . 2007-12-26 23:53 9,346 --a------ C:\WINDOWS\extend.dat
2007-12-25 11:41 . 2008-01-05 01:09 <REP> d-------- C:\Program Files\iTunes
2007-12-25 11:30 . 2007-12-25 11:30 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2007-12-25 09:29 . 2007-12-25 09:29 <REP> d-------- C:\Documents and Settings\HiyamZ\Application Data\Apple Computer
2007-12-25 09:28 . 2007-12-25 11:41 <REP> d-------- C:\Program Files\iPod
2007-12-25 09:28 . 2004-12-18 20:32 38,229 --------- C:\WINDOWS\system32\drivers\StMp3Rec.sys
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-09 13:35 . 2007-12-09 13:35 <REP> d--hs---- C:\WINDOWS\ftpcache
2007-12-09 13:34 . 2007-12-09 13:34 <REP> d-------- C:\Program Files\Defenseurs Di-Gata - Kellogs
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 00:10 --------- d-----w C:\Program Files\Messager Wanadoo
2008-01-04 23:50 --------- d-----w C:\Program Files\QuickTime
2008-01-04 21:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-04 13:58 --------- d-----w C:\Program Files\Windows Live
2008-01-02 01:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-31 00:04 --------- d-----w C:\Program Files\Google
2007-12-30 19:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-12-29 14:59 --------- d-----w C:\Program Files\Network Associates
2007-12-29 14:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Network Associates
2007-12-29 13:15 --------- d-----w C:\Program Files\DivX
2007-12-28 10:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-27 10:20 --------- d-----w C:\Program Files\MSN Messenger
2007-12-26 10:37 --------- d-----w C:\Documents and Settings\HiyamZ\Application Data\LimeWire
2007-12-25 10:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-10 20:27 --------- d-----w C:\Program Files\Java
2007-12-01 14:39 --------- d-----w C:\Program Files\PhotoDeluxe HE 3.1
2007-11-30 06:03 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-30 06:03 --------- d-----w C:\Program Files\Windows Live Favorites
2007-11-23 13:16 --------- d-----w C:\Program Files\Apple Software Update
2007-11-23 13:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-11-13 10:25 20,480 ----a-r C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 13:12 --------- d-----w C:\Program Files\Wanadoo
2007-11-10 12:46 --------- d-----w C:\Documents and Settings\TEMP\Application Data\Talkback
2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\quartz.dll
2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
.
[code]<pre>
------w 218,376 2008-01-02 19:58:51 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
----a-w 662,016 2007-12-31 01:14:51 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 23:35:23 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 19:55:37 C:\Program Files\QuickTime\QTTask .exe
</pre>[/code]
((((((((((((((((((((((((((((( snapshot@2008-01-05_ 1.38.36.73 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-05 01:44:19 87,040 ----a-r C:\WINDOWS\Installer\{9A893DC3-F04C-474F-866C-B2F44C9743EC}\Icon.exe
- 2008-01-04 19:30:14 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-01-05 02:05:33 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-01-04 19:30:14 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-01-05 02:05:33 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-01-04 19:30:14 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-05 02:05:33 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-02 12:52 15360]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [ ]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2004-09-01 09:28 53248 C:\WINDOWS\system32\VTTimer.exe]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [ ]
"SecuUFD"="" []
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe" [2008-01-02 20:58 218376]
"RegistrySmart"="C:\Program Files\RegistrySmart\RegistrySmart.exe" [2007-10-16 21:45 4044016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [ ]
R1 ATMhelpr;ATMhelpr;C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 03:00]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S2 avp ;avp ;"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe" [2008-01-02 20:58]
S2 SampleScanner;USB-Flachbettscanner;C:\WINDOWS\system32\DRIVERS\ArtecGT.sys []
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-04 18:08]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-04 18:11]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-04 18:11]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-04 18:13]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-04 18:15]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-29 15:11:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-05 02:07:08 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart.HiyamZ.Runs RegistrySmart to optimize your registry.
"2008-01-05 01:40:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
numero 3
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:11, on 2008-01-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe"
O4 - HKLM\..\Run: [RegistrySmart] C:\Program Files\RegistrySmart\RegistrySmart.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Gestionnaire Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D3D0E7BC-170E-11D0-B2D1-00AA00B92B50} (FireEvent Control) - http://sfr.fr.web.ftmd.musiwave.com/dlm/ax/fireev.1.0.0.4.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe (file missing)
O23 - Service: avp - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Re
On va essayer autrement :
Je te conseille d'enregistrer la page en sélectionnant toutes les lignes puis de copier cette sélection dans un fichier texte sur ton PC pour pouvoir appliquer la procédure correctement.
Il faut exécuter toutes les étapes, sans interruption, dans l'ordre exact indiqué ci-dessous.
Si un élément te paraît obscure, demande des explications avant de commencer la désinfection
1) Télécharge ComboFix Béta
Sur ton Bureau http://subs.geekstogo.com/Beta/ComboFix.exe
N'y touche pas pour le moment. (Ne le confond pas avec la version précédente)
*** Déconnecte toi du net et désactive ton antivirus ***
2) RenV.exe d'sUBs
Crée un nouveau document texte :
Clic droit de souris sur le bureau, "Nouveau"> "Document Texte". Ouvre-le et copie-colle dedans de ce qui est en citation ci-dessous, (copie tout d'un trait) :
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
C:\Program Files\QuickTime\QTTask .exe
* Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>
* Choisis "Enregistrer sous" et choisis "Bureau"
* Dans le champs "Nom du fichier" en bas de page donne le nom suivant : Log.txt
* Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"
* ferme ce fichier txt nouvellement crée.
Puis fait un glisser/déposer de ce fichier Log.txt sur le fichier RenV.exe
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
3) Combofix béta de sUBs
Double clique sur Combofix.exe (sur ton Bureau, ne confond pas avec la version précédente)
Mets le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan
Lorsque le scan sera terminé, un rapport apparaîtra
4) Rapports
Poste ces deux nouveaux rapports en réponse ainsi qu'un nouveau rapport Hijackthis.
@ suivre
On va essayer autrement :
Je te conseille d'enregistrer la page en sélectionnant toutes les lignes puis de copier cette sélection dans un fichier texte sur ton PC pour pouvoir appliquer la procédure correctement.
Il faut exécuter toutes les étapes, sans interruption, dans l'ordre exact indiqué ci-dessous.
Si un élément te paraît obscure, demande des explications avant de commencer la désinfection
1) Télécharge ComboFix Béta
Sur ton Bureau http://subs.geekstogo.com/Beta/ComboFix.exe
N'y touche pas pour le moment. (Ne le confond pas avec la version précédente)
*** Déconnecte toi du net et désactive ton antivirus ***
2) RenV.exe d'sUBs
Crée un nouveau document texte :
Clic droit de souris sur le bureau, "Nouveau"> "Document Texte". Ouvre-le et copie-colle dedans de ce qui est en citation ci-dessous, (copie tout d'un trait) :
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
C:\Program Files\QuickTime\QTTask .exe
* Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>
* Choisis "Enregistrer sous" et choisis "Bureau"
* Dans le champs "Nom du fichier" en bas de page donne le nom suivant : Log.txt
* Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"
* ferme ce fichier txt nouvellement crée.
Puis fait un glisser/déposer de ce fichier Log.txt sur le fichier RenV.exe
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
3) Combofix béta de sUBs
Double clique sur Combofix.exe (sur ton Bureau, ne confond pas avec la version précédente)
Mets le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan
Lorsque le scan sera terminé, un rapport apparaîtra
4) Rapports
Poste ces deux nouveaux rapports en réponse ainsi qu'un nouveau rapport Hijackthis.
@ suivre
Re
En attendant que tu reviennes, en regardant tes rapports, j'aperçois RegistrySmart , c'est un rogue http://assiste.com.free.fr/p/craptheque/registrysmart.html
On s'en débarrassera (ainsi que ses traces) au passage dans une prochaine manip. ;)
@ bientôt.
En attendant que tu reviennes, en regardant tes rapports, j'aperçois RegistrySmart , c'est un rogue http://assiste.com.free.fr/p/craptheque/registrysmart.html
On s'en débarrassera (ainsi que ses traces) au passage dans une prochaine manip. ;)
@ bientôt.
bonjour du matin
voici les rapports bonne reception
numero 1
[code]
Ran on 05/01/2008 - 2:55:37,59
------w 218,376 2008-01-02 19:58:51 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
----a-w 662,016 2007-12-31 01:14:51 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 23:35:23 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 19:55:37 C:\Program Files\QuickTime\QTTask .exe
Entries: 4 (4)
Directories: 0 Files: 4
Bytes: 2,204,424 Blocks: 4,306
[/code]
numero 2
ComboFix 08-01-04.1 - HiyamZ 2008-01-05 3:00:03.5 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.173 [GMT 1:00]
Running from: C:\Documents and Settings\HiyamZ\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\HiyamZ\Bureau\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\43D1F052544F468E99443791243FF672.TMP
C:\WINDOWS\system32\adrqbamp.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping
C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping\view exit.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-05 to 2008-01-05 ))))))))))))))))))))))))))))))))))))
.
2008-01-05 02:44 . 2008-01-05 02:44 <REP> d-------- C:\Program Files\RegistrySmart
2008-01-05 02:44 . 2008-01-05 02:44 <REP> d-------- C:\Documents and Settings\HiyamZ\Application Data\RegistrySmart
2008-01-05 01:23 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-05 00:50 . 2008-01-02 12:52 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-05 00:50 . 2008-01-02 12:52 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2008-01-04 14:46 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-01-04 14:44 . 2008-01-04 14:44 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-01-04 03:38 . 2008-01-04 03:42 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-04 03:31 . 2008-01-04 03:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-01-04 03:29 . 2008-01-05 01:35 <REP> d-------- C:\Program Files\MessengerPlus! 3
2008-01-02 18:07 . 2008-01-02 18:07 <REP> d-------- C:\WINDOWS\ERUNT
2008-01-02 17:59 . 2008-01-02 17:59 38,468 --a------ C:\WINDOWS\Administrateur.acl
2008-01-02 17:22 . 2008-01-02 17:22 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Application Data\Talkback
2008-01-02 17:19 . 2006-06-28 23:46 <REP> d--h----- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Voisinage r‚seau
2008-01-02 17:19 . 2006-06-28 23:46 <REP> d--h----- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Voisinage d'impression
2008-01-02 17:19 . 2006-06-28 22:50 <REP> d--h----- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\ModŠles
2008-01-02 17:19 . 2008-01-02 17:58 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Mes documents
2008-01-02 17:19 . 2006-06-28 23:46 <REP> dr------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Menu D‚marrer
2008-01-02 17:19 . 2006-06-28 23:46 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Favoris
2008-01-02 17:19 . 2008-01-02 17:57 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Bureau
2008-01-02 02:31 . 2008-01-02 02:31 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-01-02 02:30 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-31 03:21 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-31 03:09 . 2008-01-02 02:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-31 02:39 . 2007-12-31 02:39 <REP> d-------- C:\Program Files\Trend Micro
2007-12-30 20:10 . 2007-12-30 20:10 <REP> d-------- C:\Program Files\Picasa2
2007-12-30 20:03 . 2007-12-30 20:10 <REP> d-------- C:\Documents and Settings\Administrateur\ModŠles
2007-12-29 16:16 . 2008-01-02 10:31 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-29 16:16 . 2008-01-02 10:31 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-29 16:13 . 2008-01-05 03:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-29 16:13 . 2008-01-05 03:06 2,632,480 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-29 16:13 . 2008-01-05 03:07 112,672 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-29 16:13 . 2008-01-05 03:04 38,396 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-29 16:13 . 2008-01-05 03:04 13,700 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-29 15:56 . 2007-12-29 15:56 <REP> d-------- C:\WINDOWS\43D1F052544F468E99443791243FF672.TMP
2007-12-29 15:53 . 2007-12-29 15:53 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-12-29 15:52 . 2008-01-01 22:15 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-28 15:22 . 2007-12-28 15:22 <REP> d-------- C:\Program Files\Datel
2007-12-28 11:24 . 2007-12-28 11:24 <REP> d-------- C:\Program Files\Compedia
2007-12-28 11:24 . 2007-12-28 11:24 131 --a------ C:\WINDOWS\compedia.ini
2007-12-26 23:53 . 2007-12-26 23:54 1,359,872 --a------ C:\WINDOWS\outlook.pst
2007-12-26 23:53 . 2007-12-26 23:53 9,346 --a------ C:\WINDOWS\extend.dat
2007-12-25 11:41 . 2008-01-05 01:09 <REP> d-------- C:\Program Files\iTunes
2007-12-25 11:30 . 2007-12-25 11:30 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2007-12-25 09:29 . 2007-12-25 09:29 <REP> d-------- C:\Documents and Settings\HiyamZ\Application Data\Apple Computer
2007-12-25 09:28 . 2007-12-25 11:41 <REP> d-------- C:\Program Files\iPod
2007-12-25 09:28 . 2004-12-18 20:32 38,229 --------- C:\WINDOWS\system32\drivers\StMp3Rec.sys
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-09 13:35 . 2007-12-09 13:35 <REP> d--hs---- C:\WINDOWS\ftpcache
2007-12-09 13:34 . 2007-12-09 13:34 <REP> d-------- C:\Program Files\Defenseurs Di-Gata - Kellogs
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 00:10 --------- d-----w C:\Program Files\Messager Wanadoo
2008-01-04 23:50 --------- d-----w C:\Program Files\QuickTime
2008-01-04 21:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-04 13:58 --------- d-----w C:\Program Files\Windows Live
2008-01-02 01:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-31 00:04 --------- d-----w C:\Program Files\Google
2007-12-30 19:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-12-29 14:59 --------- d-----w C:\Program Files\Network Associates
2007-12-29 14:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Network Associates
2007-12-29 13:15 --------- d-----w C:\Program Files\DivX
2007-12-28 10:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-27 10:20 --------- d-----w C:\Program Files\MSN Messenger
2007-12-26 10:37 --------- d-----w C:\Documents and Settings\HiyamZ\Application Data\LimeWire
2007-12-25 10:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-10 20:27 --------- d-----w C:\Program Files\Java
2007-12-01 14:39 --------- d-----w C:\Program Files\PhotoDeluxe HE 3.1
2007-11-30 06:03 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-30 06:03 --------- d-----w C:\Program Files\Windows Live Favorites
2007-11-23 13:16 --------- d-----w C:\Program Files\Apple Software Update
2007-11-23 13:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-11-13 10:25 20,480 ----a-r C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 13:12 --------- d-----w C:\Program Files\Wanadoo
2007-11-10 12:46 --------- d-----w C:\Documents and Settings\TEMP\Application Data\Talkback
2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\quartz.dll
2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
.
[code]<pre>
------w 218,376 2008-01-02 19:58:51 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
----a-w 662,016 2007-12-31 01:14:51 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 23:35:23 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 19:55:37 C:\Program Files\QuickTime\QTTask .exe
</pre>[/code]
((((((((((((((((((((((((((((( snapshot@2008-01-05_ 1.38.36.73 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-05 01:44:19 87,040 ----a-r C:\WINDOWS\Installer\{9A893DC3-F04C-474F-866C-B2F44C9743EC}\Icon.exe
- 2008-01-04 19:30:14 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-01-05 02:05:33 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-01-04 19:30:14 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-01-05 02:05:33 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-01-04 19:30:14 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-05 02:05:33 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-02 12:52 15360]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [ ]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2004-09-01 09:28 53248 C:\WINDOWS\system32\VTTimer.exe]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [ ]
"SecuUFD"="" []
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe" [2008-01-02 20:58 218376]
"RegistrySmart"="C:\Program Files\RegistrySmart\RegistrySmart.exe" [2007-10-16 21:45 4044016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [ ]
R1 ATMhelpr;ATMhelpr;C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 03:00]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S2 avp ;avp ;"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe" [2008-01-02 20:58]
S2 SampleScanner;USB-Flachbettscanner;C:\WINDOWS\system32\DRIVERS\ArtecGT.sys []
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-04 18:08]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-04 18:11]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-04 18:11]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-04 18:13]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-04 18:15]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-29 15:11:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-05 02:07:08 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart.HiyamZ.Runs RegistrySmart to optimize your registry.
"2008-01-05 01:40:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
numero 3
ComboFix 08-01-04.1 - HiyamZ 2008-01-05 3:00:03.5 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.173 [GMT 1:00]
Running from: C:\Documents and Settings\HiyamZ\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\HiyamZ\Bureau\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\43D1F052544F468E99443791243FF672.TMP
C:\WINDOWS\system32\adrqbamp.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping
C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping\view exit.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-05 to 2008-01-05 ))))))))))))))))))))))))))))))))))))
.
2008-01-05 02:44 . 2008-01-05 02:44 <REP> d-------- C:\Program Files\RegistrySmart
2008-01-05 02:44 . 2008-01-05 02:44 <REP> d-------- C:\Documents and Settings\HiyamZ\Application Data\RegistrySmart
2008-01-05 01:23 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-05 00:50 . 2008-01-02 12:52 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-05 00:50 . 2008-01-02 12:52 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2008-01-04 14:46 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-01-04 14:44 . 2008-01-04 14:44 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-01-04 03:38 . 2008-01-04 03:42 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-04 03:31 . 2008-01-04 03:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-01-04 03:29 . 2008-01-05 01:35 <REP> d-------- C:\Program Files\MessengerPlus! 3
2008-01-02 18:07 . 2008-01-02 18:07 <REP> d-------- C:\WINDOWS\ERUNT
2008-01-02 17:59 . 2008-01-02 17:59 38,468 --a------ C:\WINDOWS\Administrateur.acl
2008-01-02 17:22 . 2008-01-02 17:22 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Application Data\Talkback
2008-01-02 17:19 . 2006-06-28 23:46 <REP> d--h----- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Voisinage r‚seau
2008-01-02 17:19 . 2006-06-28 23:46 <REP> d--h----- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Voisinage d'impression
2008-01-02 17:19 . 2006-06-28 22:50 <REP> d--h----- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\ModŠles
2008-01-02 17:19 . 2008-01-02 17:58 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Mes documents
2008-01-02 17:19 . 2006-06-28 23:46 <REP> dr------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Menu D‚marrer
2008-01-02 17:19 . 2006-06-28 23:46 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Favoris
2008-01-02 17:19 . 2008-01-02 17:57 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Bureau
2008-01-02 02:31 . 2008-01-02 02:31 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-01-02 02:30 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-31 03:21 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-31 03:09 . 2008-01-02 02:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-31 02:39 . 2007-12-31 02:39 <REP> d-------- C:\Program Files\Trend Micro
2007-12-30 20:10 . 2007-12-30 20:10 <REP> d-------- C:\Program Files\Picasa2
2007-12-30 20:03 . 2007-12-30 20:10 <REP> d-------- C:\Documents and Settings\Administrateur\ModŠles
2007-12-29 16:16 . 2008-01-02 10:31 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-29 16:16 . 2008-01-02 10:31 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-29 16:13 . 2008-01-05 03:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-29 16:13 . 2008-01-05 03:06 2,632,480 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-29 16:13 . 2008-01-05 03:07 112,672 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-29 16:13 . 2008-01-05 03:04 38,396 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-29 16:13 . 2008-01-05 03:04 13,700 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-29 15:56 . 2007-12-29 15:56 <REP> d-------- C:\WINDOWS\43D1F052544F468E99443791243FF672.TMP
2007-12-29 15:53 . 2007-12-29 15:53 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-12-29 15:52 . 2008-01-01 22:15 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-28 15:22 . 2007-12-28 15:22 <REP> d-------- C:\Program Files\Datel
2007-12-28 11:24 . 2007-12-28 11:24 <REP> d-------- C:\Program Files\Compedia
2007-12-28 11:24 . 2007-12-28 11:24 131 --a------ C:\WINDOWS\compedia.ini
2007-12-26 23:53 . 2007-12-26 23:54 1,359,872 --a------ C:\WINDOWS\outlook.pst
2007-12-26 23:53 . 2007-12-26 23:53 9,346 --a------ C:\WINDOWS\extend.dat
2007-12-25 11:41 . 2008-01-05 01:09 <REP> d-------- C:\Program Files\iTunes
2007-12-25 11:30 . 2007-12-25 11:30 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2007-12-25 09:29 . 2007-12-25 09:29 <REP> d-------- C:\Documents and Settings\HiyamZ\Application Data\Apple Computer
2007-12-25 09:28 . 2007-12-25 11:41 <REP> d-------- C:\Program Files\iPod
2007-12-25 09:28 . 2004-12-18 20:32 38,229 --------- C:\WINDOWS\system32\drivers\StMp3Rec.sys
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-09 13:35 . 2007-12-09 13:35 <REP> d--hs---- C:\WINDOWS\ftpcache
2007-12-09 13:34 . 2007-12-09 13:34 <REP> d-------- C:\Program Files\Defenseurs Di-Gata - Kellogs
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 00:10 --------- d-----w C:\Program Files\Messager Wanadoo
2008-01-04 23:50 --------- d-----w C:\Program Files\QuickTime
2008-01-04 21:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-04 13:58 --------- d-----w C:\Program Files\Windows Live
2008-01-02 01:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-31 00:04 --------- d-----w C:\Program Files\Google
2007-12-30 19:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-12-29 14:59 --------- d-----w C:\Program Files\Network Associates
2007-12-29 14:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Network Associates
2007-12-29 13:15 --------- d-----w C:\Program Files\DivX
2007-12-28 10:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-27 10:20 --------- d-----w C:\Program Files\MSN Messenger
2007-12-26 10:37 --------- d-----w C:\Documents and Settings\HiyamZ\Application Data\LimeWire
2007-12-25 10:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-10 20:27 --------- d-----w C:\Program Files\Java
2007-12-01 14:39 --------- d-----w C:\Program Files\PhotoDeluxe HE 3.1
2007-11-30 06:03 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-30 06:03 --------- d-----w C:\Program Files\Windows Live Favorites
2007-11-23 13:16 --------- d-----w C:\Program Files\Apple Software Update
2007-11-23 13:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-11-13 10:25 20,480 ----a-r C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 13:12 --------- d-----w C:\Program Files\Wanadoo
2007-11-10 12:46 --------- d-----w C:\Documents and Settings\TEMP\Application Data\Talkback
2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\quartz.dll
2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
.
[code]<pre>
------w 218,376 2008-01-02 19:58:51 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
----a-w 662,016 2007-12-31 01:14:51 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 23:35:23 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 19:55:37 C:\Program Files\QuickTime\QTTask .exe
</pre>[/code]
((((((((((((((((((((((((((((( snapshot@2008-01-05_ 1.38.36.73 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-05 01:44:19 87,040 ----a-r C:\WINDOWS\Installer\{9A893DC3-F04C-474F-866C-B2F44C9743EC}\Icon.exe
- 2008-01-04 19:30:14 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-01-05 02:05:33 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-01-04 19:30:14 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-01-05 02:05:33 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-01-04 19:30:14 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-05 02:05:33 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-02 12:52 15360]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [ ]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2004-09-01 09:28 53248 C:\WINDOWS\system32\VTTimer.exe]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [ ]
"SecuUFD"="" []
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe" [2008-01-02 20:58 218376]
"RegistrySmart"="C:\Program Files\RegistrySmart\RegistrySmart.exe" [2007-10-16 21:45 4044016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [ ]
R1 ATMhelpr;ATMhelpr;C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 03:00]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S2 avp ;avp ;"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe" [2008-01-02 20:58]
S2 SampleScanner;USB-Flachbettscanner;C:\WINDOWS\system32\DRIVERS\ArtecGT.sys []
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-04 18:08]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-04 18:11]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-04 18:11]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-04 18:13]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-04 18:15]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-29 15:11:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-05 02:07:08 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart.HiyamZ.Runs RegistrySmart to optimize your registry.
"2008-01-05 01:40:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
numero 3
voici les rapports bonne reception
numero 1
[code]
Ran on 05/01/2008 - 2:55:37,59
------w 218,376 2008-01-02 19:58:51 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
----a-w 662,016 2007-12-31 01:14:51 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 23:35:23 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 19:55:37 C:\Program Files\QuickTime\QTTask .exe
Entries: 4 (4)
Directories: 0 Files: 4
Bytes: 2,204,424 Blocks: 4,306
[/code]
numero 2
ComboFix 08-01-04.1 - HiyamZ 2008-01-05 3:00:03.5 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.173 [GMT 1:00]
Running from: C:\Documents and Settings\HiyamZ\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\HiyamZ\Bureau\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\43D1F052544F468E99443791243FF672.TMP
C:\WINDOWS\system32\adrqbamp.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping
C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping\view exit.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-05 to 2008-01-05 ))))))))))))))))))))))))))))))))))))
.
2008-01-05 02:44 . 2008-01-05 02:44 <REP> d-------- C:\Program Files\RegistrySmart
2008-01-05 02:44 . 2008-01-05 02:44 <REP> d-------- C:\Documents and Settings\HiyamZ\Application Data\RegistrySmart
2008-01-05 01:23 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-05 00:50 . 2008-01-02 12:52 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-05 00:50 . 2008-01-02 12:52 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2008-01-04 14:46 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-01-04 14:44 . 2008-01-04 14:44 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-01-04 03:38 . 2008-01-04 03:42 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-04 03:31 . 2008-01-04 03:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-01-04 03:29 . 2008-01-05 01:35 <REP> d-------- C:\Program Files\MessengerPlus! 3
2008-01-02 18:07 . 2008-01-02 18:07 <REP> d-------- C:\WINDOWS\ERUNT
2008-01-02 17:59 . 2008-01-02 17:59 38,468 --a------ C:\WINDOWS\Administrateur.acl
2008-01-02 17:22 . 2008-01-02 17:22 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Application Data\Talkback
2008-01-02 17:19 . 2006-06-28 23:46 <REP> d--h----- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Voisinage r‚seau
2008-01-02 17:19 . 2006-06-28 23:46 <REP> d--h----- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Voisinage d'impression
2008-01-02 17:19 . 2006-06-28 22:50 <REP> d--h----- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\ModŠles
2008-01-02 17:19 . 2008-01-02 17:58 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Mes documents
2008-01-02 17:19 . 2006-06-28 23:46 <REP> dr------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Menu D‚marrer
2008-01-02 17:19 . 2006-06-28 23:46 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Favoris
2008-01-02 17:19 . 2008-01-02 17:57 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Bureau
2008-01-02 02:31 . 2008-01-02 02:31 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-01-02 02:30 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-31 03:21 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-31 03:09 . 2008-01-02 02:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-31 02:39 . 2007-12-31 02:39 <REP> d-------- C:\Program Files\Trend Micro
2007-12-30 20:10 . 2007-12-30 20:10 <REP> d-------- C:\Program Files\Picasa2
2007-12-30 20:03 . 2007-12-30 20:10 <REP> d-------- C:\Documents and Settings\Administrateur\ModŠles
2007-12-29 16:16 . 2008-01-02 10:31 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-29 16:16 . 2008-01-02 10:31 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-29 16:13 . 2008-01-05 03:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-29 16:13 . 2008-01-05 03:06 2,632,480 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-29 16:13 . 2008-01-05 03:07 112,672 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-29 16:13 . 2008-01-05 03:04 38,396 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-29 16:13 . 2008-01-05 03:04 13,700 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-29 15:56 . 2007-12-29 15:56 <REP> d-------- C:\WINDOWS\43D1F052544F468E99443791243FF672.TMP
2007-12-29 15:53 . 2007-12-29 15:53 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-12-29 15:52 . 2008-01-01 22:15 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-28 15:22 . 2007-12-28 15:22 <REP> d-------- C:\Program Files\Datel
2007-12-28 11:24 . 2007-12-28 11:24 <REP> d-------- C:\Program Files\Compedia
2007-12-28 11:24 . 2007-12-28 11:24 131 --a------ C:\WINDOWS\compedia.ini
2007-12-26 23:53 . 2007-12-26 23:54 1,359,872 --a------ C:\WINDOWS\outlook.pst
2007-12-26 23:53 . 2007-12-26 23:53 9,346 --a------ C:\WINDOWS\extend.dat
2007-12-25 11:41 . 2008-01-05 01:09 <REP> d-------- C:\Program Files\iTunes
2007-12-25 11:30 . 2007-12-25 11:30 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2007-12-25 09:29 . 2007-12-25 09:29 <REP> d-------- C:\Documents and Settings\HiyamZ\Application Data\Apple Computer
2007-12-25 09:28 . 2007-12-25 11:41 <REP> d-------- C:\Program Files\iPod
2007-12-25 09:28 . 2004-12-18 20:32 38,229 --------- C:\WINDOWS\system32\drivers\StMp3Rec.sys
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-09 13:35 . 2007-12-09 13:35 <REP> d--hs---- C:\WINDOWS\ftpcache
2007-12-09 13:34 . 2007-12-09 13:34 <REP> d-------- C:\Program Files\Defenseurs Di-Gata - Kellogs
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 00:10 --------- d-----w C:\Program Files\Messager Wanadoo
2008-01-04 23:50 --------- d-----w C:\Program Files\QuickTime
2008-01-04 21:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-04 13:58 --------- d-----w C:\Program Files\Windows Live
2008-01-02 01:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-31 00:04 --------- d-----w C:\Program Files\Google
2007-12-30 19:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-12-29 14:59 --------- d-----w C:\Program Files\Network Associates
2007-12-29 14:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Network Associates
2007-12-29 13:15 --------- d-----w C:\Program Files\DivX
2007-12-28 10:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-27 10:20 --------- d-----w C:\Program Files\MSN Messenger
2007-12-26 10:37 --------- d-----w C:\Documents and Settings\HiyamZ\Application Data\LimeWire
2007-12-25 10:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-10 20:27 --------- d-----w C:\Program Files\Java
2007-12-01 14:39 --------- d-----w C:\Program Files\PhotoDeluxe HE 3.1
2007-11-30 06:03 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-30 06:03 --------- d-----w C:\Program Files\Windows Live Favorites
2007-11-23 13:16 --------- d-----w C:\Program Files\Apple Software Update
2007-11-23 13:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-11-13 10:25 20,480 ----a-r C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 13:12 --------- d-----w C:\Program Files\Wanadoo
2007-11-10 12:46 --------- d-----w C:\Documents and Settings\TEMP\Application Data\Talkback
2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\quartz.dll
2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
.
[code]<pre>
------w 218,376 2008-01-02 19:58:51 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
----a-w 662,016 2007-12-31 01:14:51 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 23:35:23 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 19:55:37 C:\Program Files\QuickTime\QTTask .exe
</pre>[/code]
((((((((((((((((((((((((((((( snapshot@2008-01-05_ 1.38.36.73 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-05 01:44:19 87,040 ----a-r C:\WINDOWS\Installer\{9A893DC3-F04C-474F-866C-B2F44C9743EC}\Icon.exe
- 2008-01-04 19:30:14 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-01-05 02:05:33 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-01-04 19:30:14 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-01-05 02:05:33 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-01-04 19:30:14 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-05 02:05:33 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-02 12:52 15360]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [ ]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2004-09-01 09:28 53248 C:\WINDOWS\system32\VTTimer.exe]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [ ]
"SecuUFD"="" []
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe" [2008-01-02 20:58 218376]
"RegistrySmart"="C:\Program Files\RegistrySmart\RegistrySmart.exe" [2007-10-16 21:45 4044016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [ ]
R1 ATMhelpr;ATMhelpr;C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 03:00]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S2 avp ;avp ;"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe" [2008-01-02 20:58]
S2 SampleScanner;USB-Flachbettscanner;C:\WINDOWS\system32\DRIVERS\ArtecGT.sys []
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-04 18:08]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-04 18:11]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-04 18:11]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-04 18:13]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-04 18:15]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-29 15:11:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-05 02:07:08 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart.HiyamZ.Runs RegistrySmart to optimize your registry.
"2008-01-05 01:40:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
numero 3
ComboFix 08-01-04.1 - HiyamZ 2008-01-05 3:00:03.5 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.173 [GMT 1:00]
Running from: C:\Documents and Settings\HiyamZ\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\HiyamZ\Bureau\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\43D1F052544F468E99443791243FF672.TMP
C:\WINDOWS\system32\adrqbamp.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping
C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping\view exit.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-05 to 2008-01-05 ))))))))))))))))))))))))))))))))))))
.
2008-01-05 02:44 . 2008-01-05 02:44 <REP> d-------- C:\Program Files\RegistrySmart
2008-01-05 02:44 . 2008-01-05 02:44 <REP> d-------- C:\Documents and Settings\HiyamZ\Application Data\RegistrySmart
2008-01-05 01:23 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-05 00:50 . 2008-01-02 12:52 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-05 00:50 . 2008-01-02 12:52 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2008-01-04 14:46 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-01-04 14:44 . 2008-01-04 14:44 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-01-04 03:38 . 2008-01-04 03:42 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-04 03:31 . 2008-01-04 03:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-01-04 03:29 . 2008-01-05 01:35 <REP> d-------- C:\Program Files\MessengerPlus! 3
2008-01-02 18:07 . 2008-01-02 18:07 <REP> d-------- C:\WINDOWS\ERUNT
2008-01-02 17:59 . 2008-01-02 17:59 38,468 --a------ C:\WINDOWS\Administrateur.acl
2008-01-02 17:22 . 2008-01-02 17:22 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Application Data\Talkback
2008-01-02 17:19 . 2006-06-28 23:46 <REP> d--h----- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Voisinage r‚seau
2008-01-02 17:19 . 2006-06-28 23:46 <REP> d--h----- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Voisinage d'impression
2008-01-02 17:19 . 2006-06-28 22:50 <REP> d--h----- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\ModŠles
2008-01-02 17:19 . 2008-01-02 17:58 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Mes documents
2008-01-02 17:19 . 2006-06-28 23:46 <REP> dr------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Menu D‚marrer
2008-01-02 17:19 . 2006-06-28 23:46 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Favoris
2008-01-02 17:19 . 2008-01-02 17:57 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Bureau
2008-01-02 02:31 . 2008-01-02 02:31 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-01-02 02:30 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-31 03:21 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-31 03:09 . 2008-01-02 02:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-31 02:39 . 2007-12-31 02:39 <REP> d-------- C:\Program Files\Trend Micro
2007-12-30 20:10 . 2007-12-30 20:10 <REP> d-------- C:\Program Files\Picasa2
2007-12-30 20:03 . 2007-12-30 20:10 <REP> d-------- C:\Documents and Settings\Administrateur\ModŠles
2007-12-29 16:16 . 2008-01-02 10:31 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-29 16:16 . 2008-01-02 10:31 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-29 16:13 . 2008-01-05 03:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-29 16:13 . 2008-01-05 03:06 2,632,480 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-29 16:13 . 2008-01-05 03:07 112,672 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-29 16:13 . 2008-01-05 03:04 38,396 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-29 16:13 . 2008-01-05 03:04 13,700 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-29 15:56 . 2007-12-29 15:56 <REP> d-------- C:\WINDOWS\43D1F052544F468E99443791243FF672.TMP
2007-12-29 15:53 . 2007-12-29 15:53 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-12-29 15:52 . 2008-01-01 22:15 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-28 15:22 . 2007-12-28 15:22 <REP> d-------- C:\Program Files\Datel
2007-12-28 11:24 . 2007-12-28 11:24 <REP> d-------- C:\Program Files\Compedia
2007-12-28 11:24 . 2007-12-28 11:24 131 --a------ C:\WINDOWS\compedia.ini
2007-12-26 23:53 . 2007-12-26 23:54 1,359,872 --a------ C:\WINDOWS\outlook.pst
2007-12-26 23:53 . 2007-12-26 23:53 9,346 --a------ C:\WINDOWS\extend.dat
2007-12-25 11:41 . 2008-01-05 01:09 <REP> d-------- C:\Program Files\iTunes
2007-12-25 11:30 . 2007-12-25 11:30 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2007-12-25 09:29 . 2007-12-25 09:29 <REP> d-------- C:\Documents and Settings\HiyamZ\Application Data\Apple Computer
2007-12-25 09:28 . 2007-12-25 11:41 <REP> d-------- C:\Program Files\iPod
2007-12-25 09:28 . 2004-12-18 20:32 38,229 --------- C:\WINDOWS\system32\drivers\StMp3Rec.sys
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-09 13:35 . 2007-12-09 13:35 <REP> d--hs---- C:\WINDOWS\ftpcache
2007-12-09 13:34 . 2007-12-09 13:34 <REP> d-------- C:\Program Files\Defenseurs Di-Gata - Kellogs
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 00:10 --------- d-----w C:\Program Files\Messager Wanadoo
2008-01-04 23:50 --------- d-----w C:\Program Files\QuickTime
2008-01-04 21:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-04 13:58 --------- d-----w C:\Program Files\Windows Live
2008-01-02 01:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-31 00:04 --------- d-----w C:\Program Files\Google
2007-12-30 19:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-12-29 14:59 --------- d-----w C:\Program Files\Network Associates
2007-12-29 14:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Network Associates
2007-12-29 13:15 --------- d-----w C:\Program Files\DivX
2007-12-28 10:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-27 10:20 --------- d-----w C:\Program Files\MSN Messenger
2007-12-26 10:37 --------- d-----w C:\Documents and Settings\HiyamZ\Application Data\LimeWire
2007-12-25 10:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-10 20:27 --------- d-----w C:\Program Files\Java
2007-12-01 14:39 --------- d-----w C:\Program Files\PhotoDeluxe HE 3.1
2007-11-30 06:03 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-30 06:03 --------- d-----w C:\Program Files\Windows Live Favorites
2007-11-23 13:16 --------- d-----w C:\Program Files\Apple Software Update
2007-11-23 13:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-11-13 10:25 20,480 ----a-r C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 13:12 --------- d-----w C:\Program Files\Wanadoo
2007-11-10 12:46 --------- d-----w C:\Documents and Settings\TEMP\Application Data\Talkback
2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\quartz.dll
2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
.
[code]<pre>
------w 218,376 2008-01-02 19:58:51 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
----a-w 662,016 2007-12-31 01:14:51 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 23:35:23 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 19:55:37 C:\Program Files\QuickTime\QTTask .exe
</pre>[/code]
((((((((((((((((((((((((((((( snapshot@2008-01-05_ 1.38.36.73 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-05 01:44:19 87,040 ----a-r C:\WINDOWS\Installer\{9A893DC3-F04C-474F-866C-B2F44C9743EC}\Icon.exe
- 2008-01-04 19:30:14 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-01-05 02:05:33 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-01-04 19:30:14 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-01-05 02:05:33 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-01-04 19:30:14 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-05 02:05:33 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-02 12:52 15360]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [ ]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2004-09-01 09:28 53248 C:\WINDOWS\system32\VTTimer.exe]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [ ]
"SecuUFD"="" []
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe" [2008-01-02 20:58 218376]
"RegistrySmart"="C:\Program Files\RegistrySmart\RegistrySmart.exe" [2007-10-16 21:45 4044016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [ ]
R1 ATMhelpr;ATMhelpr;C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 03:00]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S2 avp ;avp ;"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe" [2008-01-02 20:58]
S2 SampleScanner;USB-Flachbettscanner;C:\WINDOWS\system32\DRIVERS\ArtecGT.sys []
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-04 18:08]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-04 18:11]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-04 18:11]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-04 18:13]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-04 18:15]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-29 15:11:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-05 02:07:08 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart.HiyamZ.Runs RegistrySmart to optimize your registry.
"2008-01-05 01:40:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
numero 3
Re
Je t attendais, mais ce ne sont pas les bons rapports, ce sont les même qu'au poste 47, même heure, même résultats, j'aurai voulu les derniers stp.
@ suivre
Je t attendais, mais ce ne sont pas les bons rapports, ce sont les même qu'au poste 47, même heure, même résultats, j'aurai voulu les derniers stp.
@ suivre
ok autant pour moi j'ai raté une etape
je dois telechargé une autre version de combo et je reviens
mais dit moi une question me taraude !! tu dors quand ?? lol
je dois telechargé une autre version de combo et je reviens
mais dit moi une question me taraude !! tu dors quand ?? lol
Re
mais dit moi une question me taraude !! tu dors quand ?? --> lol Je vais pas tarder a y aller lol
Oui, je pense qu'avec la version Beta on devrait parvenir a nos fin, sinon, on réessaiera autrement.
Les rapports confirmeront ou pas ...
@ suivre.
mais dit moi une question me taraude !! tu dors quand ?? --> lol Je vais pas tarder a y aller lol
Oui, je pense qu'avec la version Beta on devrait parvenir a nos fin, sinon, on réessaiera autrement.
Les rapports confirmeront ou pas ...
@ suivre.
re re rapport
numero 1
[code]
Ran on 2008-01-05 - 11:18:39.68
------w 218,376 2008-01-02 19:58:51 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
----a-w 662,016 2007-12-31 01:14:51 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 23:35:23 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 19:55:37 C:\Program Files\QuickTime\QTTask .exe
Entries: 4 (4)
Directories: 0 Files: 4
Bytes: 2,204,424 Blocks: 4,306
[/code]
numero 2
ComboFix 08-01-04.1 - HiyamZ 2008-01-05 11:24:40.7 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.128 [GMT 1:00]
Running from: C:\Documents and Settings\HiyamZ\Bureau\ComboFix(2).exe
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-05 to 2008-01-05 ))))))))))))))))))))))))))))))))))))
.
2008-01-05 11:06 . 2008-01-05 11:06 <REP> d-------- C:\Program Files\Total Uninstall 4
2008-01-05 11:06 . 2008-01-05 11:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Martau
2008-01-05 01:23 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-05 00:50 . 2008-01-02 12:52 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-05 00:50 . 2008-01-02 12:52 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2008-01-04 14:46 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-01-04 14:44 . 2008-01-04 14:44 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-01-04 03:38 . 2008-01-04 03:42 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-04 03:31 . 2008-01-04 03:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-01-04 03:29 . 2008-01-05 01:35 <REP> d-------- C:\Program Files\MessengerPlus! 3
2008-01-02 18:07 . 2008-01-02 18:07 <REP> d-------- C:\WINDOWS\ERUNT
2008-01-02 17:59 . 2008-01-02 17:59 38,468 --a------ C:\WINDOWS\Administrateur.acl
2008-01-02 17:22 . 2008-01-02 17:22 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Application Data\Talkback
2008-01-02 17:19 . 2006-06-28 23:46 <REP> d--h----- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Voisinage réseau
2008-01-02 17:19 . 2006-06-28 23:46 <REP> d--h----- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Voisinage d'impression
2008-01-02 17:19 . 2006-06-28 22:50 <REP> d--h----- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Modèles
2008-01-02 17:19 . 2008-01-02 17:58 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Mes documents
2008-01-02 17:19 . 2006-06-28 23:46 <REP> dr------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Menu Démarrer
2008-01-02 17:19 . 2006-06-28 23:46 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Favoris
2008-01-02 17:19 . 2008-01-02 17:57 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Bureau
2008-01-02 02:31 . 2008-01-02 02:31 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-01-02 02:30 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-31 03:21 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-31 03:09 . 2008-01-02 02:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-31 02:39 . 2007-12-31 02:39 <REP> d-------- C:\Program Files\Trend Micro
2007-12-30 20:10 . 2007-12-30 20:10 <REP> d-------- C:\Program Files\Picasa2
2007-12-30 20:03 . 2007-12-30 20:10 <REP> d-------- C:\Documents and Settings\Administrateur\Modèles
2007-12-29 16:16 . 2008-01-02 10:31 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-29 16:16 . 2008-01-02 10:31 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-29 16:13 . 2008-01-05 10:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-29 16:13 . 2008-01-05 11:27 2,677,280 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-29 16:13 . 2008-01-05 11:27 116,768 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-29 16:13 . 2008-01-05 10:24 38,732 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-29 16:13 . 2008-01-05 10:24 13,916 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-29 15:56 . 2007-12-29 15:56 <REP> d-------- C:\WINDOWS\43D1F052544F468E99443791243FF672.TMP
2007-12-29 15:53 . 2007-12-29 15:53 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-12-29 15:52 . 2008-01-01 22:15 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-28 15:22 . 2007-12-28 15:22 <REP> d-------- C:\Program Files\Datel
2007-12-28 11:24 . 2007-12-28 11:24 <REP> d-------- C:\Program Files\Compedia
2007-12-28 11:24 . 2007-12-28 11:24 131 --a------ C:\WINDOWS\compedia.ini
2007-12-26 23:53 . 2007-12-26 23:54 1,359,872 --a------ C:\WINDOWS\outlook.pst
2007-12-26 23:53 . 2007-12-26 23:53 9,346 --a------ C:\WINDOWS\extend.dat
2007-12-25 11:41 . 2008-01-05 01:09 <REP> d-------- C:\Program Files\iTunes
2007-12-25 11:30 . 2007-12-25 11:30 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2007-12-25 09:29 . 2007-12-25 09:29 <REP> d-------- C:\Documents and Settings\HiyamZ\Application Data\Apple Computer
2007-12-25 09:28 . 2007-12-25 11:41 <REP> d-------- C:\Program Files\iPod
2007-12-25 09:28 . 2004-12-18 20:32 38,229 --------- C:\WINDOWS\system32\drivers\StMp3Rec.sys
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-09 13:35 . 2007-12-09 13:35 <REP> d--hs---- C:\WINDOWS\ftpcache
2007-12-09 13:34 . 2007-12-09 13:34 <REP> d-------- C:\Program Files\Defenseurs Di-Gata - Kellogs
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 00:10 --------- d-----w C:\Program Files\Messager Wanadoo
2008-01-04 23:50 --------- d-----w C:\Program Files\QuickTime
2008-01-04 21:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-04 13:58 --------- d-----w C:\Program Files\Windows Live
2008-01-02 01:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-31 00:04 --------- d-----w C:\Program Files\Google
2007-12-30 19:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-12-29 14:59 --------- d-----w C:\Program Files\Network Associates
2007-12-29 14:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Network Associates
2007-12-29 13:15 --------- d-----w C:\Program Files\DivX
2007-12-28 10:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-27 10:20 --------- d-----w C:\Program Files\MSN Messenger
2007-12-26 10:37 --------- d-----w C:\Documents and Settings\HiyamZ\Application Data\LimeWire
2007-12-25 10:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-10 20:27 --------- d-----w C:\Program Files\Java
2007-12-01 14:39 --------- d-----w C:\Program Files\PhotoDeluxe HE 3.1
2007-11-30 06:03 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-30 06:03 --------- d-----w C:\Program Files\Windows Live Favorites
2007-11-23 13:16 --------- d-----w C:\Program Files\Apple Software Update
2007-11-23 13:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-11-13 10:25 20,480 ----a-r C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 13:12 --------- d-----w C:\Program Files\Wanadoo
2007-11-10 12:46 --------- d-----w C:\Documents and Settings\TEMP\Application Data\Talkback
2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\quartz.dll
2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
.
[code]<pre>
------w 218,376 2008-01-02 19:58:51 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
----a-w 662,016 2007-12-31 01:14:51 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 23:35:23 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 19:55:37 C:\Program Files\QuickTime\QTTask .exe
</pre>[/code]
((((((((((((((((((((((((((((( snapshot@2008-01-05_ 1.38.36.73 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-04 19:30:14 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-01-05 09:51:07 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-01-04 19:30:14 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-01-05 09:51:07 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-01-04 19:30:14 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-05 09:51:07 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-02 12:52 15360]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [ ]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2004-09-01 09:28 53248 C:\WINDOWS\system32\VTTimer.exe]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [ ]
"SecuUFD"="" []
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe" [2008-01-02 20:58 218376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [ ]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage d'Office.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1997-08-28 23:00:00]
Gestionnaire Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE [1997-08-28 23:00:00]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26]
Microsoft Recherche acc‚l‚r‚e.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1997-08-28 23:00:00]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-06-28 23:06:15]
R1 ATMhelpr;ATMhelpr;C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 03:00]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S2 avp ;avp ;"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe" [2008-01-02 20:58]
S2 SampleScanner;USB-Flachbettscanner;C:\WINDOWS\system32\DRIVERS\ArtecGT.sys []
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-04 18:08]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-04 18:11]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-04 18:11]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-04 18:13]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-04 18:15]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-29 15:11:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-05 09:53:45 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart.HiyamZ.Runs RegistrySmart to optimize your registry.
"2008-01-05 08:40:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 11:27:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-05 11:29:47
ComboFix-quarantined-files.txt 2008-01-05 10:29:40
ComboFix2.txt 2008-01-05 01:25:19
.
2008-01-04 15:52:34 --- E O F ---
numero3
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:32:32, on 05/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe"
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Gestionnaire Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D3D0E7BC-170E-11D0-B2D1-00AA00B92B50} (FireEvent Control) - http://sfr.fr.web.ftmd.musiwave.com/dlm/ax/fireev.1.0.0.4.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe (file missing)
O23 - Service: avp - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
numero 1
[code]
Ran on 2008-01-05 - 11:18:39.68
------w 218,376 2008-01-02 19:58:51 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
----a-w 662,016 2007-12-31 01:14:51 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 23:35:23 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 19:55:37 C:\Program Files\QuickTime\QTTask .exe
Entries: 4 (4)
Directories: 0 Files: 4
Bytes: 2,204,424 Blocks: 4,306
[/code]
numero 2
ComboFix 08-01-04.1 - HiyamZ 2008-01-05 11:24:40.7 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.128 [GMT 1:00]
Running from: C:\Documents and Settings\HiyamZ\Bureau\ComboFix(2).exe
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-05 to 2008-01-05 ))))))))))))))))))))))))))))))))))))
.
2008-01-05 11:06 . 2008-01-05 11:06 <REP> d-------- C:\Program Files\Total Uninstall 4
2008-01-05 11:06 . 2008-01-05 11:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Martau
2008-01-05 01:23 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-05 00:50 . 2008-01-02 12:52 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-05 00:50 . 2008-01-02 12:52 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2008-01-04 14:46 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-01-04 14:44 . 2008-01-04 14:44 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-01-04 03:38 . 2008-01-04 03:42 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-04 03:31 . 2008-01-04 03:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-01-04 03:29 . 2008-01-05 01:35 <REP> d-------- C:\Program Files\MessengerPlus! 3
2008-01-02 18:07 . 2008-01-02 18:07 <REP> d-------- C:\WINDOWS\ERUNT
2008-01-02 17:59 . 2008-01-02 17:59 38,468 --a------ C:\WINDOWS\Administrateur.acl
2008-01-02 17:22 . 2008-01-02 17:22 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Application Data\Talkback
2008-01-02 17:19 . 2006-06-28 23:46 <REP> d--h----- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Voisinage réseau
2008-01-02 17:19 . 2006-06-28 23:46 <REP> d--h----- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Voisinage d'impression
2008-01-02 17:19 . 2006-06-28 22:50 <REP> d--h----- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Modèles
2008-01-02 17:19 . 2008-01-02 17:58 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Mes documents
2008-01-02 17:19 . 2006-06-28 23:46 <REP> dr------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Menu Démarrer
2008-01-02 17:19 . 2006-06-28 23:46 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Favoris
2008-01-02 17:19 . 2008-01-02 17:57 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Bureau
2008-01-02 02:31 . 2008-01-02 02:31 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-01-02 02:30 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-31 03:21 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-31 03:09 . 2008-01-02 02:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-31 02:39 . 2007-12-31 02:39 <REP> d-------- C:\Program Files\Trend Micro
2007-12-30 20:10 . 2007-12-30 20:10 <REP> d-------- C:\Program Files\Picasa2
2007-12-30 20:03 . 2007-12-30 20:10 <REP> d-------- C:\Documents and Settings\Administrateur\Modèles
2007-12-29 16:16 . 2008-01-02 10:31 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-29 16:16 . 2008-01-02 10:31 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-29 16:13 . 2008-01-05 10:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-29 16:13 . 2008-01-05 11:27 2,677,280 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-29 16:13 . 2008-01-05 11:27 116,768 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-29 16:13 . 2008-01-05 10:24 38,732 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-29 16:13 . 2008-01-05 10:24 13,916 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-29 15:56 . 2007-12-29 15:56 <REP> d-------- C:\WINDOWS\43D1F052544F468E99443791243FF672.TMP
2007-12-29 15:53 . 2007-12-29 15:53 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-12-29 15:52 . 2008-01-01 22:15 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-28 15:22 . 2007-12-28 15:22 <REP> d-------- C:\Program Files\Datel
2007-12-28 11:24 . 2007-12-28 11:24 <REP> d-------- C:\Program Files\Compedia
2007-12-28 11:24 . 2007-12-28 11:24 131 --a------ C:\WINDOWS\compedia.ini
2007-12-26 23:53 . 2007-12-26 23:54 1,359,872 --a------ C:\WINDOWS\outlook.pst
2007-12-26 23:53 . 2007-12-26 23:53 9,346 --a------ C:\WINDOWS\extend.dat
2007-12-25 11:41 . 2008-01-05 01:09 <REP> d-------- C:\Program Files\iTunes
2007-12-25 11:30 . 2007-12-25 11:30 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2007-12-25 09:29 . 2007-12-25 09:29 <REP> d-------- C:\Documents and Settings\HiyamZ\Application Data\Apple Computer
2007-12-25 09:28 . 2007-12-25 11:41 <REP> d-------- C:\Program Files\iPod
2007-12-25 09:28 . 2004-12-18 20:32 38,229 --------- C:\WINDOWS\system32\drivers\StMp3Rec.sys
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-09 13:35 . 2007-12-09 13:35 <REP> d--hs---- C:\WINDOWS\ftpcache
2007-12-09 13:34 . 2007-12-09 13:34 <REP> d-------- C:\Program Files\Defenseurs Di-Gata - Kellogs
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 00:10 --------- d-----w C:\Program Files\Messager Wanadoo
2008-01-04 23:50 --------- d-----w C:\Program Files\QuickTime
2008-01-04 21:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-04 13:58 --------- d-----w C:\Program Files\Windows Live
2008-01-02 01:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-31 00:04 --------- d-----w C:\Program Files\Google
2007-12-30 19:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-12-29 14:59 --------- d-----w C:\Program Files\Network Associates
2007-12-29 14:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Network Associates
2007-12-29 13:15 --------- d-----w C:\Program Files\DivX
2007-12-28 10:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-27 10:20 --------- d-----w C:\Program Files\MSN Messenger
2007-12-26 10:37 --------- d-----w C:\Documents and Settings\HiyamZ\Application Data\LimeWire
2007-12-25 10:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-10 20:27 --------- d-----w C:\Program Files\Java
2007-12-01 14:39 --------- d-----w C:\Program Files\PhotoDeluxe HE 3.1
2007-11-30 06:03 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-30 06:03 --------- d-----w C:\Program Files\Windows Live Favorites
2007-11-23 13:16 --------- d-----w C:\Program Files\Apple Software Update
2007-11-23 13:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-11-13 10:25 20,480 ----a-r C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 13:12 --------- d-----w C:\Program Files\Wanadoo
2007-11-10 12:46 --------- d-----w C:\Documents and Settings\TEMP\Application Data\Talkback
2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\quartz.dll
2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
.
[code]<pre>
------w 218,376 2008-01-02 19:58:51 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
----a-w 662,016 2007-12-31 01:14:51 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 23:35:23 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 19:55:37 C:\Program Files\QuickTime\QTTask .exe
</pre>[/code]
((((((((((((((((((((((((((((( snapshot@2008-01-05_ 1.38.36.73 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-04 19:30:14 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-01-05 09:51:07 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-01-04 19:30:14 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-01-05 09:51:07 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-01-04 19:30:14 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-05 09:51:07 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-02 12:52 15360]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [ ]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2004-09-01 09:28 53248 C:\WINDOWS\system32\VTTimer.exe]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [ ]
"SecuUFD"="" []
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe" [2008-01-02 20:58 218376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [ ]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage d'Office.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1997-08-28 23:00:00]
Gestionnaire Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE [1997-08-28 23:00:00]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26]
Microsoft Recherche acc‚l‚r‚e.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1997-08-28 23:00:00]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-06-28 23:06:15]
R1 ATMhelpr;ATMhelpr;C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 03:00]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S2 avp ;avp ;"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe" [2008-01-02 20:58]
S2 SampleScanner;USB-Flachbettscanner;C:\WINDOWS\system32\DRIVERS\ArtecGT.sys []
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-04 18:08]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-04 18:11]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-04 18:11]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-04 18:13]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-04 18:15]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-29 15:11:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-05 09:53:45 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart.HiyamZ.Runs RegistrySmart to optimize your registry.
"2008-01-05 08:40:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 11:27:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-05 11:29:47
ComboFix-quarantined-files.txt 2008-01-05 10:29:40
ComboFix2.txt 2008-01-05 01:25:19
.
2008-01-04 15:52:34 --- E O F ---
numero3
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:32:32, on 05/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe"
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Gestionnaire Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D3D0E7BC-170E-11D0-B2D1-00AA00B92B50} (FireEvent Control) - http://sfr.fr.web.ftmd.musiwave.com/dlm/ax/fireev.1.0.0.4.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe (file missing)
O23 - Service: avp - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Re
Je te conseille d'enregistrer la page en sélectionnant toutes les lignes puis de copier cette sélection dans un fichier texte sur ton PC pour pouvoir appliquer la procédure correctement.
Il faut exécuter toutes les étapes, sans interruption, dans l'ordre exact indiqué ci-dessous.
Si un élément te paraît obscure, demande des explications avant de commencer la désinfection
1) Désinstallation de RegistrySmart
Démarrer / Paramètres /Panneau de config et dans Ajout/Suppression de programme , clique sur la ligne du programme a désinstaller RegistrySmart puis clique sur supprimer et suis les demandes de la boite de dialogue qui s'ouvrira afin d'amener la désinstallation a son terme.
(s'il ne figure pas dans la liste des programmes va voir dans C:\Program Files\RegistrySmart et cherche un uninstall afin de lancer la désinstallation de ce programme.)
2) ComboFix avec CFScript :
* Sélectionne le texte suivant (en gras) dans son intégralité :
RENV::
------w 218,376 2008-01-02 19:58:51 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
----a-w 662,016 2007-12-31 01:14:51 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 23:35:23 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 19:55:37 C:\Program Files\QuickTime\QTTask .exe
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SecuUFD"=-
"RegistrySmart"=-
File::
"C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
C:\Program Files\RegistrySmart\RegistrySmart.ex
Folder::
C:\Program Files\RegistrySmart
C:\Documents and Settings\HiyamZ\Application Data\RegistrySmart
"C:\Program Files\RegistrySmart.HiyamZ.Runs RegistrySmart to optimize your registry."
* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe(sur ton Bureau, ne confond pas avec la version précédente)
* Une fenêtre bleue va apparaître: au message qui apparaît Type 1 to continue, or 2 to abort , tape 1 puis valide.
* Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu et un nouveau rapport HijackThis
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
@ suivre
Je te conseille d'enregistrer la page en sélectionnant toutes les lignes puis de copier cette sélection dans un fichier texte sur ton PC pour pouvoir appliquer la procédure correctement.
Il faut exécuter toutes les étapes, sans interruption, dans l'ordre exact indiqué ci-dessous.
Si un élément te paraît obscure, demande des explications avant de commencer la désinfection
1) Désinstallation de RegistrySmart
Démarrer / Paramètres /Panneau de config et dans Ajout/Suppression de programme , clique sur la ligne du programme a désinstaller RegistrySmart puis clique sur supprimer et suis les demandes de la boite de dialogue qui s'ouvrira afin d'amener la désinstallation a son terme.
(s'il ne figure pas dans la liste des programmes va voir dans C:\Program Files\RegistrySmart et cherche un uninstall afin de lancer la désinstallation de ce programme.)
2) ComboFix avec CFScript :
* Sélectionne le texte suivant (en gras) dans son intégralité :
RENV::
------w 218,376 2008-01-02 19:58:51 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
----a-w 662,016 2007-12-31 01:14:51 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 23:35:23 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 19:55:37 C:\Program Files\QuickTime\QTTask .exe
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SecuUFD"=-
"RegistrySmart"=-
File::
"C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
C:\Program Files\RegistrySmart\RegistrySmart.ex
Folder::
C:\Program Files\RegistrySmart
C:\Documents and Settings\HiyamZ\Application Data\RegistrySmart
"C:\Program Files\RegistrySmart.HiyamZ.Runs RegistrySmart to optimize your registry."
* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe(sur ton Bureau, ne confond pas avec la version précédente)
* Une fenêtre bleue va apparaître: au message qui apparaît Type 1 to continue, or 2 to abort , tape 1 puis valide.
* Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu et un nouveau rapport HijackThis
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
@ suivre
re re
numero 1
ComboFix 08-01-04.1 - HiyamZ 2008-01-05 11:51:50.8 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.112 [GMT 1:00]
Running from: C:\Documents and Settings\HiyamZ\Bureau\ComboFix(2).exe
Command switches used :: C:\Documents and Settings\HiyamZ\Bureau\CFScript.txt
* Created a new restore point
FILE
"C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
C:\Program Files\RegistrySmart\RegistrySmart.ex
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-05 to 2008-01-05 ))))))))))))))))))))))))))))))))))))
.
2008-01-05 11:06 . 2008-01-05 11:06 <REP> d-------- C:\Program Files\Total Uninstall 4
2008-01-05 11:06 . 2008-01-05 11:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Martau
2008-01-05 01:23 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-05 00:50 . 2008-01-02 12:52 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-05 00:50 . 2008-01-02 12:52 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2008-01-04 14:46 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-01-04 14:44 . 2008-01-04 14:44 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-01-04 03:38 . 2008-01-04 03:42 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-02 18:07 . 2008-01-02 18:07 <REP> d-------- C:\WINDOWS\ERUNT
2008-01-02 17:59 . 2008-01-02 17:59 38,468 --a------ C:\WINDOWS\Administrateur.acl
2008-01-02 17:22 . 2008-01-02 17:22 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Application Data\Talkback
2008-01-02 17:19 . 2006-06-28 23:46 <REP> d--h----- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Voisinage réseau
2008-01-02 17:19 . 2006-06-28 23:46 <REP> d--h----- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Voisinage d'impression
2008-01-02 17:19 . 2006-06-28 22:50 <REP> d--h----- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Modèles
2008-01-02 17:19 . 2008-01-02 17:58 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Mes documents
2008-01-02 17:19 . 2006-06-28 23:46 <REP> dr------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Menu Démarrer
2008-01-02 17:19 . 2006-06-28 23:46 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Favoris
2008-01-02 17:19 . 2008-01-02 17:57 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Bureau
2008-01-02 02:31 . 2008-01-02 02:31 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-01-02 02:30 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-31 03:21 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-31 03:09 . 2008-01-02 02:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-31 02:39 . 2007-12-31 02:39 <REP> d-------- C:\Program Files\Trend Micro
2007-12-30 20:10 . 2007-12-30 20:10 <REP> d-------- C:\Program Files\Picasa2
2007-12-30 20:03 . 2007-12-30 20:10 <REP> d-------- C:\Documents and Settings\Administrateur\Modèles
2007-12-29 16:16 . 2008-01-02 10:31 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-29 16:16 . 2008-01-02 10:31 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-29 16:13 . 2008-01-05 10:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-29 16:13 . 2008-01-05 11:56 2,705,952 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-29 16:13 . 2008-01-05 11:55 119,328 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-29 16:13 . 2008-01-05 10:24 38,732 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-29 16:13 . 2008-01-05 10:24 13,916 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-29 15:56 . 2007-12-29 15:56 <REP> d-------- C:\WINDOWS\43D1F052544F468E99443791243FF672.TMP
2007-12-29 15:53 . 2007-12-29 15:53 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-12-29 15:52 . 2008-01-01 22:15 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-28 15:22 . 2007-12-28 15:22 <REP> d-------- C:\Program Files\Datel
2007-12-28 11:24 . 2007-12-28 11:24 <REP> d-------- C:\Program Files\Compedia
2007-12-28 11:24 . 2007-12-28 11:24 131 --a------ C:\WINDOWS\compedia.ini
2007-12-26 23:53 . 2007-12-26 23:54 1,359,872 --a------ C:\WINDOWS\outlook.pst
2007-12-26 23:53 . 2007-12-26 23:53 9,346 --a------ C:\WINDOWS\extend.dat
2007-12-25 11:41 . 2008-01-05 01:09 <REP> d-------- C:\Program Files\iTunes
2007-12-25 11:30 . 2007-12-25 11:30 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2007-12-25 09:29 . 2007-12-25 09:29 <REP> d-------- C:\Documents and Settings\HiyamZ\Application Data\Apple Computer
2007-12-25 09:28 . 2007-12-25 11:41 <REP> d-------- C:\Program Files\iPod
2007-12-25 09:28 . 2004-12-18 20:32 38,229 --------- C:\WINDOWS\system32\drivers\StMp3Rec.sys
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-09 13:35 . 2007-12-09 13:35 <REP> d--hs---- C:\WINDOWS\ftpcache
2007-12-09 13:34 . 2007-12-09 13:34 <REP> d-------- C:\Program Files\Defenseurs Di-Gata - Kellogs
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 00:10 --------- d-----w C:\Program Files\Messager Wanadoo
2008-01-04 23:50 --------- d-----w C:\Program Files\QuickTime
2008-01-04 21:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-02 01:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-31 00:04 --------- d-----w C:\Program Files\Google
2007-12-30 19:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-12-29 14:59 --------- d-----w C:\Program Files\Network Associates
2007-12-29 14:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Network Associates
2007-12-29 13:15 --------- d-----w C:\Program Files\DivX
2007-12-28 10:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-27 10:20 --------- d-----w C:\Program Files\MSN Messenger
2007-12-26 10:37 --------- d-----w C:\Documents and Settings\HiyamZ\Application Data\LimeWire
2007-12-25 10:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-10 20:27 --------- d-----w C:\Program Files\Java
2007-12-01 14:39 --------- d-----w C:\Program Files\PhotoDeluxe HE 3.1
2007-11-30 06:03 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-30 06:03 --------- d-----w C:\Program Files\Windows Live Favorites
2007-11-23 13:16 --------- d-----w C:\Program Files\Apple Software Update
2007-11-23 13:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-11-13 10:25 20,480 ----a-r C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 13:12 --------- d-----w C:\Program Files\Wanadoo
2007-11-10 12:46 --------- d-----w C:\Documents and Settings\TEMP\Application Data\Talkback
2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\quartz.dll
2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
.
[code]<pre>
------w 218,376 2008-01-02 19:58:51 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
----a-w 662,016 2007-12-31 01:14:51 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 23:35:23 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 19:55:37 C:\Program Files\QuickTime\QTTask .exe
</pre>[/code]
((((((((((((((((((((((((((((( snapshot@2008-01-05_ 1.38.36.73 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-04 19:30:14 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-01-05 09:51:07 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-01-04 19:30:14 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-01-05 09:51:07 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-01-04 19:30:14 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-05 09:51:07 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-02 12:52 15360]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2004-09-01 09:28 53248 C:\WINDOWS\system32\VTTimer.exe]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [ ]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe" [2008-01-02 20:58 218376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [ ]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage d'Office.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1997-08-28 23:00:00]
Gestionnaire Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE [1997-08-28 23:00:00]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26]
Microsoft Recherche acc‚l‚r‚e.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1997-08-28 23:00:00]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-06-28 23:06:15]
R1 ATMhelpr;ATMhelpr;C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 03:00]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S2 avp ;avp ;"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe" [2008-01-02 20:58]
S2 SampleScanner;USB-Flachbettscanner;C:\WINDOWS\system32\DRIVERS\ArtecGT.sys []
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-04 18:08]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-04 18:11]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-04 18:11]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-04 18:13]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-04 18:15]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-29 15:11:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-05 10:40:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 11:56:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-05 11:57:53
ComboFix-quarantined-files.txt 2008-01-05 10:57:47
ComboFix2.txt 2008-01-05 10:29:48
ComboFix3.txt 2008-01-05 01:25:19
.
2008-01-04 15:52:34 --- E O F ---
numero2
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:59:36, on 05/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe"
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Gestionnaire Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D3D0E7BC-170E-11D0-B2D1-00AA00B92B50} (FireEvent Control) - http://sfr.fr.web.ftmd.musiwave.com/dlm/ax/fireev.1.0.0.4.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe (file missing)
O23 - Service: avp - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
numero 1
ComboFix 08-01-04.1 - HiyamZ 2008-01-05 11:51:50.8 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.112 [GMT 1:00]
Running from: C:\Documents and Settings\HiyamZ\Bureau\ComboFix(2).exe
Command switches used :: C:\Documents and Settings\HiyamZ\Bureau\CFScript.txt
* Created a new restore point
FILE
"C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
C:\Program Files\RegistrySmart\RegistrySmart.ex
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-05 to 2008-01-05 ))))))))))))))))))))))))))))))))))))
.
2008-01-05 11:06 . 2008-01-05 11:06 <REP> d-------- C:\Program Files\Total Uninstall 4
2008-01-05 11:06 . 2008-01-05 11:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Martau
2008-01-05 01:23 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-05 00:50 . 2008-01-02 12:52 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-05 00:50 . 2008-01-02 12:52 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2008-01-04 14:46 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-01-04 14:44 . 2008-01-04 14:44 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-01-04 03:38 . 2008-01-04 03:42 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-02 18:07 . 2008-01-02 18:07 <REP> d-------- C:\WINDOWS\ERUNT
2008-01-02 17:59 . 2008-01-02 17:59 38,468 --a------ C:\WINDOWS\Administrateur.acl
2008-01-02 17:22 . 2008-01-02 17:22 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Application Data\Talkback
2008-01-02 17:19 . 2006-06-28 23:46 <REP> d--h----- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Voisinage réseau
2008-01-02 17:19 . 2006-06-28 23:46 <REP> d--h----- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Voisinage d'impression
2008-01-02 17:19 . 2006-06-28 22:50 <REP> d--h----- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Modèles
2008-01-02 17:19 . 2008-01-02 17:58 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Mes documents
2008-01-02 17:19 . 2006-06-28 23:46 <REP> dr------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Menu Démarrer
2008-01-02 17:19 . 2006-06-28 23:46 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Favoris
2008-01-02 17:19 . 2008-01-02 17:57 <REP> d-------- C:\Documents and Settings\Administrateur.USAGE-YJP51OVBZ\Bureau
2008-01-02 02:31 . 2008-01-02 02:31 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-01-02 02:30 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-31 03:21 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-31 03:09 . 2008-01-02 02:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-31 02:39 . 2007-12-31 02:39 <REP> d-------- C:\Program Files\Trend Micro
2007-12-30 20:10 . 2007-12-30 20:10 <REP> d-------- C:\Program Files\Picasa2
2007-12-30 20:03 . 2007-12-30 20:10 <REP> d-------- C:\Documents and Settings\Administrateur\Modèles
2007-12-29 16:16 . 2008-01-02 10:31 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-29 16:16 . 2008-01-02 10:31 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-29 16:13 . 2008-01-05 10:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-29 16:13 . 2008-01-05 11:56 2,705,952 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-29 16:13 . 2008-01-05 11:55 119,328 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-29 16:13 . 2008-01-05 10:24 38,732 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-29 16:13 . 2008-01-05 10:24 13,916 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-29 15:56 . 2007-12-29 15:56 <REP> d-------- C:\WINDOWS\43D1F052544F468E99443791243FF672.TMP
2007-12-29 15:53 . 2007-12-29 15:53 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-12-29 15:52 . 2008-01-01 22:15 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-28 15:22 . 2007-12-28 15:22 <REP> d-------- C:\Program Files\Datel
2007-12-28 11:24 . 2007-12-28 11:24 <REP> d-------- C:\Program Files\Compedia
2007-12-28 11:24 . 2007-12-28 11:24 131 --a------ C:\WINDOWS\compedia.ini
2007-12-26 23:53 . 2007-12-26 23:54 1,359,872 --a------ C:\WINDOWS\outlook.pst
2007-12-26 23:53 . 2007-12-26 23:53 9,346 --a------ C:\WINDOWS\extend.dat
2007-12-25 11:41 . 2008-01-05 01:09 <REP> d-------- C:\Program Files\iTunes
2007-12-25 11:30 . 2007-12-25 11:30 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2007-12-25 09:29 . 2007-12-25 09:29 <REP> d-------- C:\Documents and Settings\HiyamZ\Application Data\Apple Computer
2007-12-25 09:28 . 2007-12-25 11:41 <REP> d-------- C:\Program Files\iPod
2007-12-25 09:28 . 2004-12-18 20:32 38,229 --------- C:\WINDOWS\system32\drivers\StMp3Rec.sys
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-09 13:35 . 2007-12-09 13:35 <REP> d--hs---- C:\WINDOWS\ftpcache
2007-12-09 13:34 . 2007-12-09 13:34 <REP> d-------- C:\Program Files\Defenseurs Di-Gata - Kellogs
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 00:10 --------- d-----w C:\Program Files\Messager Wanadoo
2008-01-04 23:50 --------- d-----w C:\Program Files\QuickTime
2008-01-04 21:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-02 01:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-31 00:04 --------- d-----w C:\Program Files\Google
2007-12-30 19:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-12-29 14:59 --------- d-----w C:\Program Files\Network Associates
2007-12-29 14:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Network Associates
2007-12-29 13:15 --------- d-----w C:\Program Files\DivX
2007-12-28 10:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-27 10:20 --------- d-----w C:\Program Files\MSN Messenger
2007-12-26 10:37 --------- d-----w C:\Documents and Settings\HiyamZ\Application Data\LimeWire
2007-12-25 10:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-10 20:27 --------- d-----w C:\Program Files\Java
2007-12-01 14:39 --------- d-----w C:\Program Files\PhotoDeluxe HE 3.1
2007-11-30 06:03 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-30 06:03 --------- d-----w C:\Program Files\Windows Live Favorites
2007-11-23 13:16 --------- d-----w C:\Program Files\Apple Software Update
2007-11-23 13:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-11-13 10:25 20,480 ----a-r C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 13:12 --------- d-----w C:\Program Files\Wanadoo
2007-11-10 12:46 --------- d-----w C:\Documents and Settings\TEMP\Application Data\Talkback
2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\quartz.dll
2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
.
[code]<pre>
------w 218,376 2008-01-02 19:58:51 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
----a-w 662,016 2007-12-31 01:14:51 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 23:35:23 C:\Program Files\QuickTime\QTTask .exe
----a-w 662,016 2007-12-30 19:55:37 C:\Program Files\QuickTime\QTTask .exe
</pre>[/code]
((((((((((((((((((((((((((((( snapshot@2008-01-05_ 1.38.36.73 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-04 19:30:14 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-01-05 09:51:07 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-01-04 19:30:14 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-01-05 09:51:07 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-01-04 19:30:14 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-05 09:51:07 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-02 12:52 15360]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2004-09-01 09:28 53248 C:\WINDOWS\system32\VTTimer.exe]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [ ]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe" [2008-01-02 20:58 218376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [ ]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage d'Office.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1997-08-28 23:00:00]
Gestionnaire Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE [1997-08-28 23:00:00]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26]
Microsoft Recherche acc‚l‚r‚e.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1997-08-28 23:00:00]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-06-28 23:06:15]
R1 ATMhelpr;ATMhelpr;C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 03:00]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S2 avp ;avp ;"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe" [2008-01-02 20:58]
S2 SampleScanner;USB-Flachbettscanner;C:\WINDOWS\system32\DRIVERS\ArtecGT.sys []
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-04 18:08]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-04 18:11]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-04 18:11]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-04 18:13]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-04 18:15]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-29 15:11:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-05 10:40:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 11:56:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-05 11:57:53
ComboFix-quarantined-files.txt 2008-01-05 10:57:47
ComboFix2.txt 2008-01-05 10:29:48
ComboFix3.txt 2008-01-05 01:25:19
.
2008-01-04 15:52:34 --- E O F ---
numero2
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:59:36, on 05/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe"
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Gestionnaire Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D3D0E7BC-170E-11D0-B2D1-00AA00B92B50} (FireEvent Control) - http://sfr.fr.web.ftmd.musiwave.com/dlm/ax/fireev.1.0.0.4.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe (file missing)
O23 - Service: avp - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Re
Bien joué alias59.
Je n'arrive pas a te débarrasser des fichiers patchés restants ...
J'ai demandé de l'aide car, j'ai plusieurs idées pour continuer, mais je veux être sur de ne pas me tromper plus que je ne l'ai déjà fait et ne pas te faire traîner trop longtemps avec cela.
Désolé, je vais devoir te faire attendre pour plus d'efficacité et de sûreté.
Je vais pas tarder a aller me reposer un peu, je tacherai de continuer en soirée. On y arrivera avec un peu de renfort ;)
@ plus.
Bien joué alias59.
Je n'arrive pas a te débarrasser des fichiers patchés restants ...
J'ai demandé de l'aide car, j'ai plusieurs idées pour continuer, mais je veux être sur de ne pas me tromper plus que je ne l'ai déjà fait et ne pas te faire traîner trop longtemps avec cela.
Désolé, je vais devoir te faire attendre pour plus d'efficacité et de sûreté.
Je vais pas tarder a aller me reposer un peu, je tacherai de continuer en soirée. On y arrivera avec un peu de renfort ;)
@ plus.