Au Secours ordi complètement infecté,
Résolu
Conchi
-
philae83 Messages postés 12854 Statut Contributeur sécurité -
philae83 Messages postés 12854 Statut Contributeur sécurité -
Bonjour, l'ordi de mon amie est complètement infecté, avast a trouver des centaines de virus dans systeme 32.
Voici le rapport HIJACTHIS que j'ai sorti sur imprimante et scanné pour vous l'envoyer de mon ordinateur, car le sien ne réagit plus du tout.
C'est une vrai catastrophe.
MERCI d'avance si une âme charitable voulais bien le regarder et me dire ce qu'il en pense.
Cordialement
hijackthis
Logfile of HijackThis vl.99.1 Scan saved at 18:41:26, on 07/01/2008 Platform: Windows XP SP2 (winNT 5.01.2600) MSIE: internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\wiNDOWS\System32\smss.exe
C:\WlNDOWS\system32\wi niogon.exe
C:\wiNDOWS\system32\servi ces.exe
C:\WlNDOWS\system32\lsass.exe
C:\wiNDOWS\system32\Ati 2evxx.exe
C:\WlNDOWS\system32\svchost.exe
C:\wiNDOWS\System32\sychost.exe
C:\Program Fi les\Fi chiens communs\Symantec Shared\ccProxy.exe
C:\Program Fi les\Fi chiens communs\Symantec Shared\ccSetMgr.exe
C:\wiNDOWS\system32\Ati 2evxx.exe
c:\wiNDOWS\Explorer.EXE
C:\Program Fi les\Fi chiens communs\symantec Shaned\ccEvtMgn.exe
C:\Pnognam Files\Alwil softwane\Avast4\aswUpdSv.exe
C:\Pnognam Files\Alwil softwane\Avast4\ashsenv.exe
C:\WlNDOWS\system32\spoolsv.exe
C:\PROGRA~l\FICHIE~l\AOL\ACS\AOLacsd.6X6
c:\APPS\Powenci nema\Kennel\TV\CLCapSvc.exe
C:\Pnognam Fi 1es\CybenLi nk\shaned Fi 1es\CLML_NTSenvi ce\CLMLSenven.exe
C:\Pnognam Fi 1es\CybenLi nk\shaned Fi 1es\CLML_NTSenvi ce\CLMLSenvi ce.exe
C:\Pnognam Files\ESET\ESET NOD32 Antivinus\eknn.exe
C:\APPS\HIDSERVICE\HIDSERVICE.6X6
C:\Pnognam Files\Nonton intennet secunity\Nonton Antivinus\navapsvc.exe
c:\wiNDOWS\system32\HPZi pm!2.exe
C:\WlNDOWS\system32\sychost.exe
C:\Pnognam Files\Fichiens communs\ulead Systems\DVD\ULCDRSvn.exe
c:\APPS\Powenci nema\Kennel\7V\CLSched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATi contnol Panel\atiptaxx.exe
c:\Pnognam Files\ZTE Conponation\zxDSL852\cnxDslTb.exe
C:\PROGRA~l\ALWlLS~l\Avast4\ashDi sp.exe
C:\Pnognam Files\Sony Enicsson\Mobile2\Application Launchen\Application
Launchen.exe
C:\Pnognam Files\Fichiens communs\Real\Update_OB\nealsched.exe
C:\Pnognam Fi 1es\Jaya\j nel.6.0_02\bi n\j usched.exe
C:\Pnognam Files\QuickTime\qttask.exe
C:\Pnognam Files\Adobe\Photoshop Album Edition Decouvente\3.0\Apps\apdpnoxy.exe
C:\WINDOWS\system32\neqboot.exe
C:\wiNDOWS\system32\ctfmon.exe
c:\Pnognam Files\Fichiens communs\Teleca shaned\CapabilityManagen.exe
C:\Pnognam Fi 1es\Google\GoogleToolbanNoti fi en\GoogleToolbanNotifi en.exe
C:\Pnognam Files\windows Live\Messengen\msnmsgn.exe
c:\Pnognam Files\Alwi1 softwane\Avast4\ashMaiSv.exe
C:\Pnognam Files\Spybot - seanch & Destnoy\TeaTimen.exe
c:\Pnognam Files\Alwil softwane\Avast4\ashwebsv.exe
C:\WlNDOWS\system32\wuauclt.exe
c:\Pnognam Files\Fichiens communsYfeleca shaned\Genenic.exe
C:\Pnognam Files\Sony Enicsson\Mobile2\Mobile Phone Moniton\epmwonken.exe
D:\DOCUME~l\guinos\LOCALS~l\Temp\Repentoine temponaine 1 poun
hi j ackthi s.zi p\Hi jackThis.exe
RO - HKCU\Softwane\Micnosoft\intennet Explonen\wain,stant Page =
http://www.wanadoo.fn
Ri - HKLM\S9ftwane\Micnosoft\intennet Explonen\Main,Default_Page_URL =
http://go.mi cnosoft.com/fwli nk/?Li nkld=69157
Ri - HKLM\Softwane\Micnosoft\lntennet Exp1onen\Main,Default_seanch_URL =
http : //go. mi cnosof t. com/fwl i nk/?l_i nkld=54896
Ri - HKLMXsçftwaneXMi cnosoft:\lntennet Explonen\Main, Seanch page =
http : //go. mi cnosof t. com/fwl i nk/?l_i nkld=54896
RO - HKLM\Softwane\Micnosoft:\intennet Explonen\Main,Stant Page =
http : //go. mi cnosof t. com/fwl i nk/?l_i nkld=69157
RO - HKCU\Softwane\Micnosoft\lntemet Explonen\Toolban,LinksFoldenName = Liens
R3 - URLSeanchHook: (no name) - {9CB65206-89c4-402c-BA80-02D8c59F9BlD} -
hiiackthis
C:\Program Fi 1es\AskTBar\SrchAstt\l.bin\A5SRCHAS.DLL F3 - REG.-win.ini: load=C:\WlNDOWS\system32\pmnno.exe
02 - BHO: Yahoo! Tool bar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} -C:\Program Fi 1es\Yahoo!\Companion\lnstal1s\cpnO\yt.dl1 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BEOB3}
- C:\Program Files\Adobe\Acrobat 7.0\Activex\AcroiEHelper.dll
02 - BHO: (no name) - {2B3CBDC2-8AB6-45B1-B59E-7BODEE595917} -
C:\wiNDOWS\system32\qommnlk.dll
02 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~l\SPYBOT~l\SDHelper.dll
02 - BHO: SSVHelper Class - {761497BB-D6FO-462C-B6EB-D4DAF1D92D43} - C:\Program
Fi 1es\Java\j rel.6.0_02\bi n\ssv.dl1
02 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
02 - BHO: Ask Search Assistant BHO - {9CB65201-89c4-402c-BA80-02D8C59F9BlD} -
C:\Program Fi 1es\AskTBar\SrchAstt\l.bin\A5SRCHAS.DLL
O2 - BHÇ: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDFl699El} - C:\Program
Files\Fichiers communs\symantec shared\AdBlocking\NisshExt.dll
02 - BHO: Google Toolbar Helper - {AA58ED58-OlDD-4d91-8333-CFl0577473F7} -
c:\program fi Tes\google\googietoolbar2.dl1
02 -- BHO: Goçqle Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-Œ66B5AD205D} -
C:\Program Fi 1es\Google\GoogleToolbarNoti fi er\2.0.301.7164\swg.dl1
02 - BHO: CNavExtBho Class : {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton Internet Security\Norton Antivirus\NavShExt.dll
02 - BHO: (no name) - {ee3b5e65-eOb6-4b!3-baa5-a8b93190a445} -
-4ECO-403e-8DD8-394C54984B2C} - C:\Program
C:\wiNDOWS\system32\spmgtj i j.dll
2 - BHO: Ask Toolbar BHO - {FE063DBl-<
Fi 1es\AskTBar\bar\l.bi n\ASKTBAR.DLL
3 - Toolbar: Norton Internet Security - {OB53EAC3-8D69-4b9e-9Bl9-A37C9A5676A7}
- C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NlSShExt.dll
O3 • Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DFOOB1D6} -
C:\Program Files\Norton internet Security\Norton Antivirus\NavshExt.dll
03 - Toolbar: Ask Toolbar - {FE063DB9-4ECO-403e-8DD8-394C54984B2C} - C:\Program Fi 1es\AskTBar\bar\l.bin\ASKTBAR.DLL
O3 - Toolbar: &Google - {2318C2Bl-4965-lld4-9Bl8-009027A5CD4F} - c:\program fi 1es\google\gooqletoolbar2.dl1
3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program Fi 1es\Yahoo!\Companion\lnstal1s\cpnO\yt.dl1
4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATl Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [GnxDslTaskBar] "c:\Program Files\ZTE
Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
04 - HKLM\..\Run: [avast!] C:\PROGRA~l\ALWlLS~l\Avast4\ashDisp.exe
04 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony
Ericsson\Mobile2\Application Launcher\Appïication Launcher.exe" /startoptions
04 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers
communs\Real\update_OB\realsched.exe"" -osboot
04 - HKLM\..\Run: [SunJayaUpdateSched] "C:\Program
Fi 1es\Java\j rel.6.0_02\bi n\jusched.exe"
04 - HKLM\. .\Riin: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
04 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop
Album Edition Decouverte\3.0\Apps\apdproxy.exe"
04 - HKLM\..\Run: O4 - HKLM\..\Run: O4 - HKCU\..\Rirn: 04 - HKCU\..\Run:
Registry Boot] regboot.exe
>8977flf] rundll32.exe "C:\WlNDOWS\system32\jciiwbaa.dll",b
'ctfmon.exe] C:\wiNDOWs\system32\ctfmon.exe
^updateMgr] C:\Program Files\Adobe\Acrobat
7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Pr9gram
Fi 1es\Google\GoogleToolbarNoti fi er\Googl eToolbarNoti fi er.exe
04 - HKCU\..\Rirn: [ccleaner] "c:\Program Files\ccleaner\ccleaner.exe" /AUTO
04 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows
Live\Messenger\msnmsgr.exe" /background
04 -- HKCU\..\Run: [SpybotSD TeaTimer] c:\Program Files\Spybot - search &
Dest roy\TeaTi mer.exe
04 - Global Startup: Lancement rapide d1Adobe Reader.Ink = C:\Program
Fi 1es\Adobe\Acrobat 7.0\Reader\reader_sl.exe
09 - Extra button: (no name) {08BOE5CO-4FCB-11CF-AAA5-00401C608501} -
C:\Program Fi 1es\Java\jrel.6.0_02\bin\ssv.dll
Page 2
hijackthis
09 - Extra 'Tools' menuitem: Console Java (Sun) -{08BOE5CO-4FCB-11CF-AAA5-00401C608501} - C:\Program Fi 1es\Java\j rel.6.0_02\bi n\ssv.dl1
09 - Extra button: (no name) - {85dlf590-48f4-lld9-9669-0800200c9a66} -%windir%\bdoscandel.exe (file missing)
09 - Extra 'Tools' menuitem: uninstaîl BitDefender Online Scanner v8 -{85dlf590-48f4-lld9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) 09 - Extra button: Real.com - {CD67F990-D8E9-lld2-98FE-OOCOF0318AFE} -C:\wiNDOWS\system32\shdocvw.dl1
09 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -%windir%\Network Diagnostic\xpnetdiag.exe (file missing) 09 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
09 :- Extra button: Messenger - {FB5Fl910-FllO-lld2-BB9E-OOC04F795683} -C:\Program Fi 1es\Messenger\msmsgs.exe O9 - Extra 'Tools1 menuitem: Windows Messenger -
{FB5Fl910-FllO-lld2-BB9E-OOC04F795683} - C:\Program Files\Messenger\msmsgs.exe Oïl - Options group: [INTERNATIONAL] international* O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\lE\offline\fr.htm 016 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -http://download.bi tdefender.com/resources/scan8/oscan8.cab 018 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -C:\PROGRA~l\WIlF86~l\MESSEN~l\MSGRAP~l.DLL
018 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -C:\PROGRA~l\WIlF86~l\MESSEN~l\MSGRAP~l.DLL O20 - winlogon Notify: qommnlk - c:\WlNDOWS\SYSTEM32\qomrnnlk.dll
20 - Winlogon Notify: wgaLogon - C:\WlNDOWS\SYSTEM32\WgaLogon.dll
21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45BO-95D7-94D524869DB5} -
C:\WINDOWS\system32\WPDShseryi ceObj.dl1
023 - Service: AOL connectivity Service (AOL ACS) - America Online, Inc. -
C:\PROGRA~l\FICHIE~l\AOL\ACS\AOLacsd.exe
023 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software -
C:\Program Files\Alwil software\Avast4\aswupdSv.exe
023 - Service: Ati HotKey Poller - ATI Technologies Inc. -
C:\wiNDOWS\system32\Ati 2evxx.exe
O23 - Service: avast! Antivirus - ALWIL software - c:\Program Files\Alwil
Software\Ayast4\ashServ.exe
023 - Service: avast! Mail scanner - unknown owner - c:\Program Files\Alwil
Software\Ayast4\ashMaisv.exe" /service (file missing)
023 - Service: avast! web Scanner - unknown owner - C:\Program Files\Alwil
Software\Ayast4\ashwebsv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
023 - Service: Symantec Network proxy (ccProxy) - Symantec corporation -
c:\Program Files\Fichiers communs\symantec shared\ccProxy.exe
023 •- Service: Symantec Password validation (ccPwdSvc) - Symantec corporation -
c:\Program Files\Fichiers communs\symantec shared\ccPwdSvc.exe
023 - Service: Symantec Settings Manager (ccsetMgr) - Symantec Corporation -
C:\Program Files\Fichiers communs\symantec shared\ccSetMgr.exe
023 - Service: CyberLink Background Capture service (CBCS) (CLCapSvc) - unknown
owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
023 •- Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner -
c:\APPS\Powerci nema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyber!ink - C:\Program
Fi 1es\CyberLink\Shared Files\CLML_NTServi ce\CLMLServer.exe
023 •- Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET
NOD32 Antivirus\EHttpSrv.exe
O23 -- service: Eset service (ekrn) - ESET - c:\Program Files\ESET\ESET NOD32
Anti vi rus\ekrn.exe
O23 - Service: Generic service for HID Keyboard Input collections
(GenericHidService) - unknown owner - c:\APPS\HlDSERViCE\HlDSERVlCE.exe
023 - Service: Google updater Service (gusvc) - Google - c:\Program
Fi 1es\Google\common\Google updater\Googleupdaterservice.exe
023 - Service: InstallDriver Table Manager (iDriverT) - Macrovision Corporation
- C:\Program Files\Fichiers communs\lnstallshield\Driver\ll\lntel
32\lDriverT.exe
O23 - Service: is Service (ISSVC) - unknown owner - C:\Program Files\Norton
Page 3
hijackthis
internet Security\issvc.exe (file missing) O23 - Service: Mysqllnventime - Unknown owner -C:\Apps\INVENT~l\mysql\bi n\mysqld-nt.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Anti Vi rus\navapsvc.exe
023 - Service: NMlndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMlndexingservice.exe (file missing) 023 - Service: Pml Driver HPZ12 - HP - C:\WlNDOWS\system32\HPZipml2.exe 023 - Service: SAVScan - Unknown owner - C:\Program Files\Norton Internet security\Norton Antivirus\SAVScan.exe (file missing)
023 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe 023 -- Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\symantec shared\SPBBC\SPBBCSvc.exe
023 - service: Ulead Burning Helper (uleadBurningHelper) - Ulead Systems, inc. -C:\Program Files\Fichiers communs\Ulead systems\DVD\ULCDRSvr.exe O23 - Service: Windows Live Setup service (WLSetupSvc) - Unknown owner -C:\Program Fi 1es\windows Live\installer\WLSetupSvc.exe
Voici le rapport HIJACTHIS que j'ai sorti sur imprimante et scanné pour vous l'envoyer de mon ordinateur, car le sien ne réagit plus du tout.
C'est une vrai catastrophe.
MERCI d'avance si une âme charitable voulais bien le regarder et me dire ce qu'il en pense.
Cordialement
hijackthis
Logfile of HijackThis vl.99.1 Scan saved at 18:41:26, on 07/01/2008 Platform: Windows XP SP2 (winNT 5.01.2600) MSIE: internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\wiNDOWS\System32\smss.exe
C:\WlNDOWS\system32\wi niogon.exe
C:\wiNDOWS\system32\servi ces.exe
C:\WlNDOWS\system32\lsass.exe
C:\wiNDOWS\system32\Ati 2evxx.exe
C:\WlNDOWS\system32\svchost.exe
C:\wiNDOWS\System32\sychost.exe
C:\Program Fi les\Fi chiens communs\Symantec Shared\ccProxy.exe
C:\Program Fi les\Fi chiens communs\Symantec Shared\ccSetMgr.exe
C:\wiNDOWS\system32\Ati 2evxx.exe
c:\wiNDOWS\Explorer.EXE
C:\Program Fi les\Fi chiens communs\symantec Shaned\ccEvtMgn.exe
C:\Pnognam Files\Alwil softwane\Avast4\aswUpdSv.exe
C:\Pnognam Files\Alwil softwane\Avast4\ashsenv.exe
C:\WlNDOWS\system32\spoolsv.exe
C:\PROGRA~l\FICHIE~l\AOL\ACS\AOLacsd.6X6
c:\APPS\Powenci nema\Kennel\TV\CLCapSvc.exe
C:\Pnognam Fi 1es\CybenLi nk\shaned Fi 1es\CLML_NTSenvi ce\CLMLSenven.exe
C:\Pnognam Fi 1es\CybenLi nk\shaned Fi 1es\CLML_NTSenvi ce\CLMLSenvi ce.exe
C:\Pnognam Files\ESET\ESET NOD32 Antivinus\eknn.exe
C:\APPS\HIDSERVICE\HIDSERVICE.6X6
C:\Pnognam Files\Nonton intennet secunity\Nonton Antivinus\navapsvc.exe
c:\wiNDOWS\system32\HPZi pm!2.exe
C:\WlNDOWS\system32\sychost.exe
C:\Pnognam Files\Fichiens communs\ulead Systems\DVD\ULCDRSvn.exe
c:\APPS\Powenci nema\Kennel\7V\CLSched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATi contnol Panel\atiptaxx.exe
c:\Pnognam Files\ZTE Conponation\zxDSL852\cnxDslTb.exe
C:\PROGRA~l\ALWlLS~l\Avast4\ashDi sp.exe
C:\Pnognam Files\Sony Enicsson\Mobile2\Application Launchen\Application
Launchen.exe
C:\Pnognam Files\Fichiens communs\Real\Update_OB\nealsched.exe
C:\Pnognam Fi 1es\Jaya\j nel.6.0_02\bi n\j usched.exe
C:\Pnognam Files\QuickTime\qttask.exe
C:\Pnognam Files\Adobe\Photoshop Album Edition Decouvente\3.0\Apps\apdpnoxy.exe
C:\WINDOWS\system32\neqboot.exe
C:\wiNDOWS\system32\ctfmon.exe
c:\Pnognam Files\Fichiens communs\Teleca shaned\CapabilityManagen.exe
C:\Pnognam Fi 1es\Google\GoogleToolbanNoti fi en\GoogleToolbanNotifi en.exe
C:\Pnognam Files\windows Live\Messengen\msnmsgn.exe
c:\Pnognam Files\Alwi1 softwane\Avast4\ashMaiSv.exe
C:\Pnognam Files\Spybot - seanch & Destnoy\TeaTimen.exe
c:\Pnognam Files\Alwil softwane\Avast4\ashwebsv.exe
C:\WlNDOWS\system32\wuauclt.exe
c:\Pnognam Files\Fichiens communsYfeleca shaned\Genenic.exe
C:\Pnognam Files\Sony Enicsson\Mobile2\Mobile Phone Moniton\epmwonken.exe
D:\DOCUME~l\guinos\LOCALS~l\Temp\Repentoine temponaine 1 poun
hi j ackthi s.zi p\Hi jackThis.exe
RO - HKCU\Softwane\Micnosoft\intennet Explonen\wain,stant Page =
http://www.wanadoo.fn
Ri - HKLM\S9ftwane\Micnosoft\intennet Explonen\Main,Default_Page_URL =
http://go.mi cnosoft.com/fwli nk/?Li nkld=69157
Ri - HKLM\Softwane\Micnosoft\lntennet Exp1onen\Main,Default_seanch_URL =
http : //go. mi cnosof t. com/fwl i nk/?l_i nkld=54896
Ri - HKLMXsçftwaneXMi cnosoft:\lntennet Explonen\Main, Seanch page =
http : //go. mi cnosof t. com/fwl i nk/?l_i nkld=54896
RO - HKLM\Softwane\Micnosoft:\intennet Explonen\Main,Stant Page =
http : //go. mi cnosof t. com/fwl i nk/?l_i nkld=69157
RO - HKCU\Softwane\Micnosoft\lntemet Explonen\Toolban,LinksFoldenName = Liens
R3 - URLSeanchHook: (no name) - {9CB65206-89c4-402c-BA80-02D8c59F9BlD} -
hiiackthis
C:\Program Fi 1es\AskTBar\SrchAstt\l.bin\A5SRCHAS.DLL F3 - REG.-win.ini: load=C:\WlNDOWS\system32\pmnno.exe
02 - BHO: Yahoo! Tool bar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} -C:\Program Fi 1es\Yahoo!\Companion\lnstal1s\cpnO\yt.dl1 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BEOB3}
- C:\Program Files\Adobe\Acrobat 7.0\Activex\AcroiEHelper.dll
02 - BHO: (no name) - {2B3CBDC2-8AB6-45B1-B59E-7BODEE595917} -
C:\wiNDOWS\system32\qommnlk.dll
02 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~l\SPYBOT~l\SDHelper.dll
02 - BHO: SSVHelper Class - {761497BB-D6FO-462C-B6EB-D4DAF1D92D43} - C:\Program
Fi 1es\Java\j rel.6.0_02\bi n\ssv.dl1
02 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
02 - BHO: Ask Search Assistant BHO - {9CB65201-89c4-402c-BA80-02D8C59F9BlD} -
C:\Program Fi 1es\AskTBar\SrchAstt\l.bin\A5SRCHAS.DLL
O2 - BHÇ: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDFl699El} - C:\Program
Files\Fichiers communs\symantec shared\AdBlocking\NisshExt.dll
02 - BHO: Google Toolbar Helper - {AA58ED58-OlDD-4d91-8333-CFl0577473F7} -
c:\program fi Tes\google\googietoolbar2.dl1
02 -- BHO: Goçqle Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-Œ66B5AD205D} -
C:\Program Fi 1es\Google\GoogleToolbarNoti fi er\2.0.301.7164\swg.dl1
02 - BHO: CNavExtBho Class : {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton Internet Security\Norton Antivirus\NavShExt.dll
02 - BHO: (no name) - {ee3b5e65-eOb6-4b!3-baa5-a8b93190a445} -
-4ECO-403e-8DD8-394C54984B2C} - C:\Program
C:\wiNDOWS\system32\spmgtj i j.dll
2 - BHO: Ask Toolbar BHO - {FE063DBl-<
Fi 1es\AskTBar\bar\l.bi n\ASKTBAR.DLL
3 - Toolbar: Norton Internet Security - {OB53EAC3-8D69-4b9e-9Bl9-A37C9A5676A7}
- C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NlSShExt.dll
O3 • Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DFOOB1D6} -
C:\Program Files\Norton internet Security\Norton Antivirus\NavshExt.dll
03 - Toolbar: Ask Toolbar - {FE063DB9-4ECO-403e-8DD8-394C54984B2C} - C:\Program Fi 1es\AskTBar\bar\l.bin\ASKTBAR.DLL
O3 - Toolbar: &Google - {2318C2Bl-4965-lld4-9Bl8-009027A5CD4F} - c:\program fi 1es\google\gooqletoolbar2.dl1
3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program Fi 1es\Yahoo!\Companion\lnstal1s\cpnO\yt.dl1
4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATl Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [GnxDslTaskBar] "c:\Program Files\ZTE
Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
04 - HKLM\..\Run: [avast!] C:\PROGRA~l\ALWlLS~l\Avast4\ashDisp.exe
04 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony
Ericsson\Mobile2\Application Launcher\Appïication Launcher.exe" /startoptions
04 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers
communs\Real\update_OB\realsched.exe"" -osboot
04 - HKLM\..\Run: [SunJayaUpdateSched] "C:\Program
Fi 1es\Java\j rel.6.0_02\bi n\jusched.exe"
04 - HKLM\. .\Riin: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
04 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop
Album Edition Decouverte\3.0\Apps\apdproxy.exe"
04 - HKLM\..\Run: O4 - HKLM\..\Run: O4 - HKCU\..\Rirn: 04 - HKCU\..\Run:
Registry Boot] regboot.exe
>8977flf] rundll32.exe "C:\WlNDOWS\system32\jciiwbaa.dll",b
'ctfmon.exe] C:\wiNDOWs\system32\ctfmon.exe
^updateMgr] C:\Program Files\Adobe\Acrobat
7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Pr9gram
Fi 1es\Google\GoogleToolbarNoti fi er\Googl eToolbarNoti fi er.exe
04 - HKCU\..\Rirn: [ccleaner] "c:\Program Files\ccleaner\ccleaner.exe" /AUTO
04 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows
Live\Messenger\msnmsgr.exe" /background
04 -- HKCU\..\Run: [SpybotSD TeaTimer] c:\Program Files\Spybot - search &
Dest roy\TeaTi mer.exe
04 - Global Startup: Lancement rapide d1Adobe Reader.Ink = C:\Program
Fi 1es\Adobe\Acrobat 7.0\Reader\reader_sl.exe
09 - Extra button: (no name) {08BOE5CO-4FCB-11CF-AAA5-00401C608501} -
C:\Program Fi 1es\Java\jrel.6.0_02\bin\ssv.dll
Page 2
hijackthis
09 - Extra 'Tools' menuitem: Console Java (Sun) -{08BOE5CO-4FCB-11CF-AAA5-00401C608501} - C:\Program Fi 1es\Java\j rel.6.0_02\bi n\ssv.dl1
09 - Extra button: (no name) - {85dlf590-48f4-lld9-9669-0800200c9a66} -%windir%\bdoscandel.exe (file missing)
09 - Extra 'Tools' menuitem: uninstaîl BitDefender Online Scanner v8 -{85dlf590-48f4-lld9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) 09 - Extra button: Real.com - {CD67F990-D8E9-lld2-98FE-OOCOF0318AFE} -C:\wiNDOWS\system32\shdocvw.dl1
09 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -%windir%\Network Diagnostic\xpnetdiag.exe (file missing) 09 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
09 :- Extra button: Messenger - {FB5Fl910-FllO-lld2-BB9E-OOC04F795683} -C:\Program Fi 1es\Messenger\msmsgs.exe O9 - Extra 'Tools1 menuitem: Windows Messenger -
{FB5Fl910-FllO-lld2-BB9E-OOC04F795683} - C:\Program Files\Messenger\msmsgs.exe Oïl - Options group: [INTERNATIONAL] international* O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\lE\offline\fr.htm 016 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -http://download.bi tdefender.com/resources/scan8/oscan8.cab 018 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -C:\PROGRA~l\WIlF86~l\MESSEN~l\MSGRAP~l.DLL
018 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -C:\PROGRA~l\WIlF86~l\MESSEN~l\MSGRAP~l.DLL O20 - winlogon Notify: qommnlk - c:\WlNDOWS\SYSTEM32\qomrnnlk.dll
20 - Winlogon Notify: wgaLogon - C:\WlNDOWS\SYSTEM32\WgaLogon.dll
21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45BO-95D7-94D524869DB5} -
C:\WINDOWS\system32\WPDShseryi ceObj.dl1
023 - Service: AOL connectivity Service (AOL ACS) - America Online, Inc. -
C:\PROGRA~l\FICHIE~l\AOL\ACS\AOLacsd.exe
023 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software -
C:\Program Files\Alwil software\Avast4\aswupdSv.exe
023 - Service: Ati HotKey Poller - ATI Technologies Inc. -
C:\wiNDOWS\system32\Ati 2evxx.exe
O23 - Service: avast! Antivirus - ALWIL software - c:\Program Files\Alwil
Software\Ayast4\ashServ.exe
023 - Service: avast! Mail scanner - unknown owner - c:\Program Files\Alwil
Software\Ayast4\ashMaisv.exe" /service (file missing)
023 - Service: avast! web Scanner - unknown owner - C:\Program Files\Alwil
Software\Ayast4\ashwebsv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
023 - Service: Symantec Network proxy (ccProxy) - Symantec corporation -
c:\Program Files\Fichiers communs\symantec shared\ccProxy.exe
023 •- Service: Symantec Password validation (ccPwdSvc) - Symantec corporation -
c:\Program Files\Fichiers communs\symantec shared\ccPwdSvc.exe
023 - Service: Symantec Settings Manager (ccsetMgr) - Symantec Corporation -
C:\Program Files\Fichiers communs\symantec shared\ccSetMgr.exe
023 - Service: CyberLink Background Capture service (CBCS) (CLCapSvc) - unknown
owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
023 •- Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner -
c:\APPS\Powerci nema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyber!ink - C:\Program
Fi 1es\CyberLink\Shared Files\CLML_NTServi ce\CLMLServer.exe
023 •- Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET
NOD32 Antivirus\EHttpSrv.exe
O23 -- service: Eset service (ekrn) - ESET - c:\Program Files\ESET\ESET NOD32
Anti vi rus\ekrn.exe
O23 - Service: Generic service for HID Keyboard Input collections
(GenericHidService) - unknown owner - c:\APPS\HlDSERViCE\HlDSERVlCE.exe
023 - Service: Google updater Service (gusvc) - Google - c:\Program
Fi 1es\Google\common\Google updater\Googleupdaterservice.exe
023 - Service: InstallDriver Table Manager (iDriverT) - Macrovision Corporation
- C:\Program Files\Fichiers communs\lnstallshield\Driver\ll\lntel
32\lDriverT.exe
O23 - Service: is Service (ISSVC) - unknown owner - C:\Program Files\Norton
Page 3
hijackthis
internet Security\issvc.exe (file missing) O23 - Service: Mysqllnventime - Unknown owner -C:\Apps\INVENT~l\mysql\bi n\mysqld-nt.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Anti Vi rus\navapsvc.exe
023 - Service: NMlndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMlndexingservice.exe (file missing) 023 - Service: Pml Driver HPZ12 - HP - C:\WlNDOWS\system32\HPZipml2.exe 023 - Service: SAVScan - Unknown owner - C:\Program Files\Norton Internet security\Norton Antivirus\SAVScan.exe (file missing)
023 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe 023 -- Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\symantec shared\SPBBC\SPBBCSvc.exe
023 - service: Ulead Burning Helper (uleadBurningHelper) - Ulead Systems, inc. -C:\Program Files\Fichiers communs\Ulead systems\DVD\ULCDRSvr.exe O23 - Service: Windows Live Setup service (WLSetupSvc) - Unknown owner -C:\Program Fi 1es\windows Live\installer\WLSetupSvc.exe
A voir également:
- Au Secours ordi complètement infecté,
- Ordi qui rame - Guide
- Comment reinitialiser un ordi - Guide
- Ordi scrabble - Télécharger - Jeux vidéo
- Mon ordi ne reconnait pas ma clé usb - Guide
- Plus de son sur mon ordi - Guide
105 réponses
--
S"V"P. ((Veuillez lire attentivement les recommandations.))
((Cela évite de répéter)). (Firefox) = ((Navigations + Sécuritaires!!!)) (GMT-5h: Québec, CA)
Salut Philae
Et du coup si le coeur t'en dit continues stp ,car j'en ai vraiment trop à la fois.
==================================================================
De plus NB: Il faudrait faire parvenir le fichier :(( regboot.exe)) En upload sur Maleka_morte stp Philae
------------------------------------------------------------------------------------------------------------------------------------
Et vas s'y pour Erunt (en cas d'erreurs).
Je suivrai en jettant un oeil de temps à autre, car là , j'ai vraiment trop de boulôt et du fait que je réponds à plusieurs, il est pas écarter du tout que je me trompe.
Bonne continuation à vous. Amitiés Jal
@+
S"V"P. ((Veuillez lire attentivement les recommandations.))
((Cela évite de répéter)). (Firefox) = ((Navigations + Sécuritaires!!!)) (GMT-5h: Québec, CA)
Salut Philae
Et du coup si le coeur t'en dit continues stp ,car j'en ai vraiment trop à la fois.
==================================================================
De plus NB: Il faudrait faire parvenir le fichier :(( regboot.exe)) En upload sur Maleka_morte stp Philae
------------------------------------------------------------------------------------------------------------------------------------
Et vas s'y pour Erunt (en cas d'erreurs).
Je suivrai en jettant un oeil de temps à autre, car là , j'ai vraiment trop de boulôt et du fait que je réponds à plusieurs, il est pas écarter du tout que je me trompe.
Bonne continuation à vous. Amitiés Jal
@+
Bonsoir tout le monde, car il y en a du monde!!!
Bon j'avoue qu'entre tout ça, moi je suis un peu paumé, là.j'ai commencé par installer donc mozilla, mais il me demande une connexion internet, alors que je n'ai pas accès à internet puisque je ne peux me servir de l'ordi qu'en mode sans échec. donc déjà problème!!
D'autre part j'ai réussit à installer antivir et à le mettre en scan, par contre quand je suis partie de chez mon amie il n'était qu'à 36% au bout de 1h40mnts.Elle vient de m'appeler me disanrt qu'il trouve des virus ou chevaux de troie et qu'il préconnise la quarantaine, je lui ai dit de faire ce qu'il demandait. J'espère que c'est ce qu'il fallait faire?
Donc pour le moment on n'avance pas. Ensuite pour Jalob, franchement je trouve que ce que tu me demande de faire est assez compliqué , car je n'arrive pas à tout comprendre entre, le spybot de mozilla, auquel je ne peut accéder puisqu'il demende une connection et pas mal d'autres choses qui suivent. Serait-il possible d'avoir des instructions un peu plus simples, car tu sais je ne connait pas trop grand chose quand même et ce qui te parait simple à toi reste compliqué pour moi.
En tout cas merci beaucoup de vous préoccuper du cas de mon amie.
Merci de me dire quelque chose
Très cordialement
Chrysi64
Bon j'avoue qu'entre tout ça, moi je suis un peu paumé, là.j'ai commencé par installer donc mozilla, mais il me demande une connexion internet, alors que je n'ai pas accès à internet puisque je ne peux me servir de l'ordi qu'en mode sans échec. donc déjà problème!!
D'autre part j'ai réussit à installer antivir et à le mettre en scan, par contre quand je suis partie de chez mon amie il n'était qu'à 36% au bout de 1h40mnts.Elle vient de m'appeler me disanrt qu'il trouve des virus ou chevaux de troie et qu'il préconnise la quarantaine, je lui ai dit de faire ce qu'il demandait. J'espère que c'est ce qu'il fallait faire?
Donc pour le moment on n'avance pas. Ensuite pour Jalob, franchement je trouve que ce que tu me demande de faire est assez compliqué , car je n'arrive pas à tout comprendre entre, le spybot de mozilla, auquel je ne peut accéder puisqu'il demende une connection et pas mal d'autres choses qui suivent. Serait-il possible d'avoir des instructions un peu plus simples, car tu sais je ne connait pas trop grand chose quand même et ce qui te parait simple à toi reste compliqué pour moi.
En tout cas merci beaucoup de vous préoccuper du cas de mon amie.
Merci de me dire quelque chose
Très cordialement
Chrysi64
bonsoir,
ce n'est certainement pas le plus urgent, puisque comme tu dis pas de connexion internet
tu as bien fait.
reprend le post 59
et le post 60
reposte en + un nouveau rapport hijackthis + dès que tu peux le rapport de scan d'antivir
.j'ai commencé par installer donc mozilla, mais il me demande une connexion internet, alors que je n'ai pas accès à internet puisque je ne peux me servir de l'ordi qu'en mode sans échec. donc déjà problème!!
ce n'est certainement pas le plus urgent, puisque comme tu dis pas de connexion internet
D'autre part j'ai réussit à installer antivir et à le mettre en scan, par contre quand je suis partie de chez mon amie il n'était qu'à 36% au bout de 1h40mnts.Elle vient de m'appeler me disanrt qu'il trouve des virus ou chevaux de troie et qu'il préconnise la quarantaine, je lui ai dit de faire ce qu'il demandait. J'espère que c'est ce qu'il fallait faire?
tu as bien fait.
Donc pour le moment on n'avance pas. Ensuite pour Jalob, franchement je trouve que ce que tu me demande de faire est assez compliqué , car je n'arrive pas à tout comprendre entre, le spybot de mozilla, auquel je ne peut accéder puisqu'il demende une connection et pas mal d'autres choses qui suivent. Serait-il possible d'avoir des instructions un peu plus simples, car tu sais je ne connait pas trop grand chose quand même et ce qui te parait simple à toi reste compliqué pour moi.
reprend le post 59
et le post 60
reposte en + un nouveau rapport hijackthis + dès que tu peux le rapport de scan d'antivir
Bonsoir PHILAE83
" il faut sauvegarder la BDR avant toute manipulations ""
Peut tu me dire ce qu'est la BDR s'il te plait.
J'ai bien peur de faire des bêtises avce tout ça !!!
Pour ce soir c'est rapé, je ne peut rien faire. J'attends que mon amie m'appelle pour me dire ce qu'antivir a trouvé, j'espère qu'elle saura enregistrer le rapport pour que je puisse le poster.
En tout cas merci pour votre aide et pour ce superbe site.
A+ dès que je peux donner des nouvelles, car c'est assez compliqué, car moi je suis chez moi et elle chez elle.
BY
" il faut sauvegarder la BDR avant toute manipulations ""
Peut tu me dire ce qu'est la BDR s'il te plait.
J'ai bien peur de faire des bêtises avce tout ça !!!
Pour ce soir c'est rapé, je ne peut rien faire. J'attends que mon amie m'appelle pour me dire ce qu'antivir a trouvé, j'espère qu'elle saura enregistrer le rapport pour que je puisse le poster.
En tout cas merci pour votre aide et pour ce superbe site.
A+ dès que je peux donner des nouvelles, car c'est assez compliqué, car moi je suis chez moi et elle chez elle.
BY
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
la BDR, c'est la base de registre, si tu suis le tuto d'installation de ERUNT que je t'ai donné, tu n'auras pas de problème, c'est très simple à faire. Ensuite tu pourras faire les manips du post 60
je coupe pour ce soir
bonne nuit
je coupe pour ce soir
bonne nuit
Bonjour Chrysi 64
Ne fait pas de suite la manip ComboFix que t'a donné Philae au poste 60 s'il te plaît.
Attends, elle va repasser tout a l'heure.
@ +
** Edit **
Philae83 ne pourra pas repasser avant ce soir, j'ai vu avec elle pour une petite modification du script, fait ce qui suit :
ComboFix avec CFScript :
* Sélectionne le texte suivant (en gras) dans son intégralité :
Driver::
Dkr07.sys
Hpw64.sys
Tbi20.sys
Wel18.sys
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25c06f 4c-ba16-11dc-be88-00d0d08b6ede}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Registry Boot"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dkr07.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hpw64.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Tbi20.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wel18.sys]
File::
C:\WINDOWS\System32\drivers\Dkr07.sys
C:\WINDOWS\System32\drivers\Hpw64.sys
C:\WINDOWS\System32\drivers\Tbi20.sys
C:\WINDOWS\System32\drivers\Wel18.sys
* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe ( sur ton Bureau)
* Une fenêtre bleue va apparaître: au message qui apparaît Type 1 to continue, or 2 to abort , tape 1 puis valide.
* Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
--> Une fois le scan achevé, un rapport va s'afficher : Poste son contenu et un nouveau rapport HijackThis , joints y aussi le rapport Sreng préalablement demandé.
(Pour le rapport de ComboFix, si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt )
PS : Tu as des traces d'un" ver a support amovible", il faudra voir cela de plus prêt par la suite. https://www.broadcom.com/support/security-center
(Symantec a fabriqué un outils pour le supprimer)
@ suivre
Ne fait pas de suite la manip ComboFix que t'a donné Philae au poste 60 s'il te plaît.
Attends, elle va repasser tout a l'heure.
@ +
** Edit **
Philae83 ne pourra pas repasser avant ce soir, j'ai vu avec elle pour une petite modification du script, fait ce qui suit :
ComboFix avec CFScript :
* Sélectionne le texte suivant (en gras) dans son intégralité :
Driver::
Dkr07.sys
Hpw64.sys
Tbi20.sys
Wel18.sys
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25c06f 4c-ba16-11dc-be88-00d0d08b6ede}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Registry Boot"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dkr07.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hpw64.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Tbi20.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wel18.sys]
File::
C:\WINDOWS\System32\drivers\Dkr07.sys
C:\WINDOWS\System32\drivers\Hpw64.sys
C:\WINDOWS\System32\drivers\Tbi20.sys
C:\WINDOWS\System32\drivers\Wel18.sys
* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe ( sur ton Bureau)
* Une fenêtre bleue va apparaître: au message qui apparaît Type 1 to continue, or 2 to abort , tape 1 puis valide.
* Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
--> Une fois le scan achevé, un rapport va s'afficher : Poste son contenu et un nouveau rapport HijackThis , joints y aussi le rapport Sreng préalablement demandé.
(Pour le rapport de ComboFix, si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt )
PS : Tu as des traces d'un" ver a support amovible", il faudra voir cela de plus prêt par la suite. https://www.broadcom.com/support/security-center
(Symantec a fabriqué un outils pour le supprimer)
@ suivre
Salut merci, voici les premiers rapports que j'ai sorti :
AntiVir PersonalEdition Classic</gras>
Report file date: mercredi 9 janvier 2008 20:37
Scanning for 835736 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: quiros
Computer name: 111350930319
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 14:27:04
ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 14:27:13
AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 17:43:56
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: mercredi 9 janvier 2008 20:37
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
12 processes with 12 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '39' files ).
Starting the file scan:
Begin scan in 'C:\' <HDD>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\QooBox\Quarantine\C\WINDOWS\system32\qommnlk.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47f23c29.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Dkr07.sys.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47f73c2b.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP643\A0088687.sys
[DETECTION] Contains detection pattern of the rootkit RKIT/Agent.DQ.31.A
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services//Runtime]
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Runtime//Enum]
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services//Runtime]
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RUNTIME\0000//Control]
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RUNTIME//0000]
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root//LEGACY_RUNTIME]
[INFO] The file was moved to '47b53eb9.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP643\A0088713.sys
[DETECTION] Contains detection pattern of the rootkit RKIT/Agent.DQ.31.A
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services//Runtime]
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Runtime//Enum]
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services//Runtime]
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RUNTIME\0000//Control]
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RUNTIME//0000]
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root//LEGACY_RUNTIME]
[INFO] The file was moved to '47b53ec0.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP643\A0088772.sys
[DETECTION] Contains detection pattern of the rootkit RKIT/Agent.DQ.31.A
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services//Runtime]
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Runtime//Enum]
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services//Runtime]
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RUNTIME\0000//Control]
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RUNTIME//0000]
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root//LEGACY_RUNTIME]
[INFO] The file was moved to '47b53ecf.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP644\A0104768.sys
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47b63eeb.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP644\A0104779.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b63ef1.qua'!
Begin scan in 'D:\' <DATA>
End of the scan: jeudi 10 janvier 2008 00:24
Used time: 3:47:35 min
The scan has been done completely.
6335 Scanning directories
252071 Files were scanned
7 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
7 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
252064 Files not concerned
7088 Archives were scanned
1 Warnings
1 Notes
ComboFix 08-01-07.5 - quiros 2008-01-10 15:09:46.5 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.238 [GMT 1:00]
Running from: J:\ComboFix.exe
Command switches used :: D:\Documents and Settings\quiros\Bureau\CFScript.txt
FILE
C:\WINDOWS\System32\drivers\Hpw64.sys
C:\WINDOWS\System32\drivers\Tbi20.sys []
C:\WINDOWS\System32\drivers\Wel18.sys
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-10 to 2008-01-10 ))))))))))))))))))))))))))))))))))))
.
2008-01-09 20:19 . 2008-01-09 20:19 <REP> d----c--- D:\Documents and Settings\All Users\Application Data\Avira
2008-01-09 20:19 . 2008-01-09 20:19 <REP> d-------- C:\Program Files\Avira
2008-01-09 20:11 . 2004-08-16 18:55 <REP> d--h-c--- D:\Documents and Settings\Administrateur\Voisinage réseau
2008-01-09 20:11 . 2004-08-16 18:55 <REP> d--h-c--- D:\Documents and Settings\Administrateur\Voisinage d'impression
2008-01-09 20:11 . 2005-11-30 07:02 <REP> d--h-c--- D:\Documents and Settings\Administrateur\Modèles
2008-01-09 20:11 . 2007-12-28 16:12 <REP> dr---c--- D:\Documents and Settings\Administrateur\Mes documents
2008-01-09 20:11 . 2005-11-30 07:02 <REP> dr---c--- D:\Documents and Settings\Administrateur\Menu Démarrer
2008-01-09 20:11 . 2005-11-29 23:07 <REP> dr---c--- D:\Documents and Settings\Administrateur\Favoris
2008-01-09 20:11 . 2005-11-24 13:30 <REP> dr---c--- D:\Documents and Settings\Administrateur\Bureau
2008-01-09 20:11 . 2005-11-30 07:02 <REP> d----c--- D:\Documents and Settings\Administrateur\Application Data\You've Got Pictures Screensaver
2008-01-09 20:11 . 2005-11-24 13:21 <REP> d----c--- D:\Documents and Settings\Administrateur\Application Data\Symantec
2008-01-08 20:06 . 2008-01-08 20:06 <REP> d-------- C:\Program Files\Trend Micro
2008-01-08 19:56 . 2008-01-08 19:56 <REP> d-------- C:\Program Files\CCleaner
2008-01-08 19:40 . 2008-01-08 19:40 <REP> d----c--- C:\VundoFix Backups
2008-01-08 19:20 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-07 17:12 . 2008-01-07 17:12 <REP> d----c--- D:\Documents and Settings\All Users\Application Data\ESET
2008-01-06 09:29 . 2008-01-06 09:29 <REP> d----c--- D:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-04 11:32 . 2008-01-04 11:32 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-04 11:32 . 2008-01-04 11:32 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-28 16:14 . 2007-12-28 16:14 <REP> d-------- D:\Documents and Settings\quiros\Application Data\Skype
2007-12-28 16:14 . 2007-12-28 16:14 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Skype
2007-12-25 16:06 . 2007-12-26 13:15 73,216 -r-hs---- C:\WINDOWS\system32\regboot.exe
2007-12-21 08:21 . 2007-12-21 08:21 33,800 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys
2007-12-21 08:20 . 2007-12-21 08:20 30,216 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2007-12-21 08:19 . 2007-12-21 08:19 39,944 --a------ C:\WINDOWS\system32\drivers\eamon.sys
2007-12-19 20:35 . 2007-12-19 20:35 <REP> d-------- C:\Program Files\directx
2007-12-19 20:29 . 2007-12-19 20:29 <REP> d-------- C:\Program Files\Nival Interactive
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-10 13:48 --------- d-----w C:\Program Files\OpenOffice.org1.1.2
2008-01-09 19:35 --------- d-----w D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-07 15:46 --------- d-----w C:\Program Files\eMule
2007-12-04 14:56 93,264 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 18:23 --------- dc----w D:\Documents and Settings\All Users\Application Data\CyberLink
2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-10 23:49 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:49 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:49 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:49 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:49 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:49 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:49 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:49 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:49 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:49 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:49 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:49 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:49 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:49 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:49 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:49 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:49 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:49 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:49 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:49 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:49 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 23:49 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 11:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 11:00 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
.
((((((((((((((((((((((((((((( snapshot@2008-01-08_19.37.17.87 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-08-09 12:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2007-07-18 13:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2007-09-07 11:05:19 62,016 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 09:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-21 11:17 68856]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2007-11-22 17:10 787696]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-06-01 07:21 5729136]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04 1415824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 18:48 77824 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064]
"CnxDslTaskBar"="C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" [2005-05-20 18:32 278528]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-04-15 13:52 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-13 18:29 155648]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 19:33 57344]
"Registry Boot"="regboot.exe" [2007-12-26 13:15 73216 C:\WINDOWS\system32\regboot.exe]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
D:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dkr07.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hpw64.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Tbi20.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wel18.sys]
@="Driver"
S1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21]
S3 Cap713x;Cap713x Video Capture;C:\WINDOWS\system32\DRIVERS\Cap713x.sys [2005-01-28 21:19]
S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2005-05-20 18:27]
S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2005-05-20 18:27]
S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys [2005-05-20 18:28]
S3 Dkr07;Dkr07;C:\WINDOWS\System32\drivers\Dkr07.sys []
S3 Hpw64;Hpw64;C:\WINDOWS\System32\drivers\Hpw64.sys []
S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2004-07-14 02:52]
S3 Tbi20;Tbi20;C:\WINDOWS\System32\drivers\Tbi20.sys []
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 15:49]
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 15:50]
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 15:50]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 15:50]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 15:50]
S3 Wel18;Wel18;C:\WINDOWS\System32\drivers\Wel18.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25c06f4c-ba16-11dc-be88-00d0d08b6ede}]
\Shell\Auto\command - sxs.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-08 13:30:00 C:\WINDOWS\Tasks\Configurer mon PC.job"
- C:\Apps\SMP\PCSETUP.EXE
"2005-11-24 19:23:40 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-10 15:12:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-10 15:13:45
ComboFix-quarantined-files.txt 2008-01-10 14:13:15
ComboFix2.txt 2008-01-08 19:47:17
ComboFix3.txt 2008-01-08 19:24:26
ComboFix4.txt 2008-01-08 18:37:58
.
2007-12-12 02:03:01 --- E O F ---
[CODE]
2008-01-10,14:46:59
System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)
Windows XP Home Edition Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed
Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan
Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<updateMgr><C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9> [N/A]
<swg><C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe> [(Verified)Google Inc]
<ccleaner><"C:\Program Files\CCleaner\ccleaner.exe" /AUTO> [(Verified)Piriform Ltd]
<msnmsgr><"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background> [(Verified)Microsoft Corporation]
<SpybotSD TeaTimer><C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe> [(Verified)Safer Networking Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<SoundMan><SOUNDMAN.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<ATIPTA><"C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"> [ATI Technologies, Inc.]
<CnxDslTaskBar><"C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"> [N/A]
<avast!><C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe> [(Verified)ALWIL Software]
<Sony Ericsson PC Suite><"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions> [Sony Ericsson Mobile Communications AB]
<TkBellExe><"C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<SunJavaUpdateSched><"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."]
<QuickTime Task><"C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Computer, Inc.]
<Adobe Photo Downloader><"C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"> [Adobe Systems Incorporated]
<Registry Boot><regboot.exe> []
<avgnt><"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min> [Avira GmbH]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<PostBootReminder><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Publisher]
<CDBurn><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<WebCheck><C:\WINDOWS\system32\webcheck.dll> [(Verified)Microsoft Windows Component Publisher]
<SysTray><C:\WINDOWS\system32\stobject.dll> [(Verified)Microsoft Windows Publisher]
<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
<WinlogonNotify: ScCertProp><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
<WinlogonNotify: Schedule><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
<WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
<WinlogonNotify: termsrv><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
<WinlogonNotify: wlballoon><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
<IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
<Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
<Personnalisation du navigateur><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Carnet d'adresses 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
<Mise à jour du Bureau Windows><regsvr32.exe /s /n /i:U shell32.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -BaseSettings> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation]
==================================
Startup Folders
[Lancement rapide d'Adobe Reader]
<D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk --> C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N>
==================================
Services
[AntiVir PersonalEdition Classic Scheduler / AntiVirScheduler][Stopped/Auto Start]
<"C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"><Avira GmbH>
[AntiVir PersonalEdition Classic Guard / AntiVirService][Stopped/Auto Start]
<"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"><Avira GmbH>
[AOL Connectivity Service / AOL ACS][Stopped/Auto Start]
<C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe><America Online, Inc.>
[Gestion d'applications / AppMgmt][Stopped/Manual Start]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[Service d'état ASP.NET / aspnet_state][Stopped/Manual Start]
<C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[avast! iAVS4 Control Service / aswUpdSv][Stopped/Auto Start]
<"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"><ALWIL Software>
[Ati HotKey Poller / Ati HotKey Poller][Stopped/Auto Start]
<C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[avast! Antivirus / avast! Antivirus][Stopped/Auto Start]
<"C:\Program Files\Alwil Software\Avast4\ashServ.exe"><ALWIL Software>
[avast! Mail Scanner / avast! Mail Scanner][Stopped/Manual Start]
<"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service><ALWIL Software>
[avast! Web Scanner / avast! Web Scanner][Stopped/Manual Start]
<"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service><ALWIL Software>
[Symantec Event Manager / ccEvtMgr][Stopped/Auto Start]
<"C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Network Proxy / ccProxy][Stopped/Auto Start]
<"C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe"><Symantec Corporation>
[Symantec Password Validation / ccPwdSvc][Stopped/Manual Start]
<"C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr][Stopped/Auto Start]
<"C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[CyberLink Background Capture Service (CBCS) / CLCapSvc][Stopped/Auto Start]
<"c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe"><>
[CyberLink Task Scheduler (CTS) / CLSched][Stopped/Auto Start]
<"c:\APPS\Powercinema\Kernel\TV\CLSched.exe"><>
[CyberLink Media Library Service / CyberLink Media Library Service][Stopped/Auto Start]
<"C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe"><Cyberlink>
[Eset HTTP Server / EhttpSrv][Stopped/Manual Start]
<"C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"><ESET>
[Eset Service / ekrn][Stopped/Auto Start]
<"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"><ESET>
[Generic Service for HID Keyboard Input Collections / GenericHidService][Stopped/Auto Start]
<c:\APPS\HIDSERVICE\HIDSERVICE.exe><N/A>
[Google Updater Service / gusvc][Stopped/Manual Start]
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
<"C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[IS Service / ISSVC][Stopped/Manual Start]
<"C:\Program Files\Norton Internet Security\ISSVC.exe"><N/A>
[MysqlInventime / MysqlInventime][Stopped/Manual Start]
<C:\Apps\INVENT~1\mysql\bin\mysqld-nt --defaults-file=C:\Apps\Inventime\mysql\my.ini MysqlInventime><N/A>
[Service Norton AntiVirus Auto-Protect / navapsvc][Stopped/Auto Start]
<"C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe"><Symantec Corporation>
[NMIndexingService / NMIndexingService][Stopped/Manual Start]
<"C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe"><N/A>
[Pml Driver HPZ12 / Pml Driver HPZ12][Stopped/Auto Start]
<C:\WINDOWS\system32\HPZipm12.exe><HP>
[SAVScan / SAVScan][Stopped/Manual Start]
<"C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe"><N/A>
[Symantec Network Drivers Service / SNDSrvc][Stopped/Manual Start]
<"C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>
[Symantec SPBBCSvc / SPBBCSvc][Stopped/Manual Start]
<"C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe"><Symantec Corporation>
[Ulead Burning Helper / UleadBurningHelper][Stopped/Auto Start]
<C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe><Ulead Systems, Inc.>
[Windows Live Setup Service / WLSetupSvc][Stopped/Manual Start]
<"C:\Program Files\Windows Live\installer\WLSetupSvc.exe"><>
==================================
Drivers
[abp480n5 / abp480n5][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\ABP480N5.SYS><Microsoft Corporation>
[adpu160m / adpu160m][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\adpu160m.sys><Microsoft Corporation>
[Aha154x / Aha154x][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\aha154x.sys><Microsoft Corporation>
[aic78u2 / aic78u2][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\aic78u2.sys><Microsoft Corporation>
[aic78xx / aic78xx][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\aic78xx.sys><Microsoft Corporation>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Stopped/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AliIde / AliIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[Pilote de filtre du bus AMD AGP / amdagp][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\amdagp.sys><Advanced Micro Devices, Inc.>
[Pilote de processeur AMD / AmdK8][Stopped/System Start]
<system32\DRIVERS\AmdK8.sys><Advanced Micro Devices>
[asc / asc][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\asc.sys><Advanced System Products, Inc.>
[asc3350p / asc3350p][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\asc3350p.sys><Microsoft Corporation>
[asc3550 / asc3550][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\asc3550.sys><Advanced System Products, Inc.>
[ati2mtag / ati2mtag][Stopped/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[avgio / avgio][Stopped/System Start]
<\??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys><Avira GmbH>
[avgntflt / avgntflt][Stopped/Manual Start]
<\??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys><Avira GmbH>
[avipbb / avipbb][Stopped/System Start]
<system32\DRIVERS\avipbb.sys><AVIRA GmbH>
[Cap713x Video Capture / Cap713x][Stopped/Manual Start]
<system32\DRIVERS\Cap713x.sys><ASUSTek>
[cd20xrnt / cd20xrnt][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\cd20xrnt.sys><Microsoft Corporation>
[CmdIde / CmdIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[ZTE ZXDSL852 Adapter Filter Driver / CnxEtP][Stopped/Manual Start]
<system32\DRIVERS\CnxEtP.sys><Conexant Systems, Inc.>
[ZTE ZXDSL852 Interface Device Driver / CnxEtU][Stopped/Manual Start]
<system32\DRIVERS\CnxEtU.sys><Conexant Systems, Inc.>
[ZTE ZXDSL852 WAN PPPoA Adapter Driver / CnxTgNW][Stopped/Manual Start]
<system32\DRIVERS\CnxTgNW.sys><Conexant Systems, Inc.>
[dac2w2k / dac2w2k][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\dac2w2k.sys><Mylex Corporation>
[Dkr07 / Dkr07][Stopped/Manual Start]
<\??\C:\WINDOWS\System32\drivers\Dkr07.sys><N/A>
[dpti2o / dpti2o][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\dpti2o.sys><Microsoft Corporation>
[eamon / eamon][Stopped/Auto Start]
<system32\DRIVERS\eamon.sys><ESET>
[easdrv / easdrv][Stopped/System Start]
<system32\DRIVERS\easdrv.sys><ESET>
[epfwtdir / epfwtdir][Stopped/System Start]
<system32\DRIVERS\epfwtdir.sys><N/A>
[Hpw64 / Hpw64][Stopped/Manual Start]
<\??\C:\WINDOWS\System32\drivers\Hpw64.sys><N/A>
[IEEE-1284.4 Driver HPZid412 / HPZid412][Stopped/Manual Start]
<system32\DRIVERS\HPZid412.sys><HP>
[Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12][Stopped/Manual Start]
<system32\DRIVERS\HPZipr12.sys><HP>
[USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12][Stopped/Manual Start]
<system32\DRIVERS\HPZius12.sys><HP>
[ini910u / ini910u][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\ini910u.sys><Microsoft Corporation>
[mraid35x / mraid35x][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\mraid35x.sys><American Megatrends Inc.>
[NAVENG / NAVENG][Stopped/Manual Start]
<\??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20041020.038\NAVENG.SYS><Symantec Corporation>
[NAVEX15 / NAVEX15][Stopped/Manual Start]
<\??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20041020.038\NAVEX15.SYS><Symantec Corporation>
[Palladia 300/400 Usb Adsl Modem / PALLADIA][Stopped/Manual Start]
<system32\DRIVERS\usbiad.sys><Centillium Communications, Inc.>
[Volume Adapter / pepifilter][Stopped/Manual Start]
<system32\DRIVERS\lv302af.sys><Labtec Inc.>
[Labtec WebCam Pro(PID_08A0) / PID_08A0][Stopped/Manual Start]
<system32\DRIVERS\LV302AV.SYS><Labtec Inc.>
[Pilote de liaison parallèle directe / Ptilink][Stopped/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[ql1080 / ql1080][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\ql1080.sys><QLogic Corporation>
[Ql10wnt / Ql10wnt][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\ql10wnt.sys><Microsoft Corporation>
[ql12160 / ql12160][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\ql12160.sys><QLogic Corporation>
[ql1280 / ql1280][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\ql1280.sys><QLogic Corporation>
[Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver / RTL8023xp][Stopped/Manual Start]
<system32\DRIVERS\Rtlnicxp.sys><Realtek Semiconductor Corporation>
[SAVRT / SAVRT][Stopped/System Start]
<\??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS><N/A>
[SAVRTPEL / SAVRTPEL][Stopped/Auto Start]
<\??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS><N/A>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[Filtre de bus AGP SIS / sisagp][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\sisagp.sys><Silicon Integrated Systems Corporation>
[Sparrow / Sparrow][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\sparrow.sys><Adaptec, Inc.>
[SPBBCDrv / SPBBCDrv][Stopped/Manual Start]
<\??\C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys><Symantec Corporation>
[DualCamera / SQTECH905C][Stopped/Manual Start]
<System32\Drivers\Capt905c.sys><Service & Quality Technology.>
[ssmdrv / ssmdrv][Stopped/System Start]
<system32\DRIVERS\ssmdrv.sys><Avira GmbH>
[symc810 / symc810][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\symc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\symc8xx.sys><LSI Logic>
[SymEvent / SymEvent][Stopped/Manual Start]
<\??\C:\Program Files\Symantec\SYMEVENT.SYS><N/A>
[SYMREDRV / SYMREDRV][Stopped/Manual Start]
<\SystemRoot\System32\Drivers\SYMREDRV.SYS><Symantec Corporation>
[SYMTDI / SYMTDI][Stopped/System Start]
<\SystemRoot\System32\Drivers\SYMTDI.SYS><Symantec Corporation>
[sym_hi / sym_hi][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\sym_u3.sys><LSI Logic>
[Tbi20 / Tbi20][Stopped/Manual Start]
<\??\C:\WINDOWS\System32\drivers\Tbi20.sys><N/A>
[TosIde / TosIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\toside.sys><Microsoft Corporation>
[ultra / ultra][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\ultra.sys><Promise Technology, Inc.>
[ViaIde / ViaIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[Sony Ericsson W300 Driver driver (WDM) / w300bus][Stopped/Manual Start]
<system32\DRIVERS\w300bus.sys><MCCI>
[Sony Ericsson W300 USB WMC Modem Filter / w300mdfl][Stopped/Manual Start]
<system32\DRIVERS\w300mdfl.sys><MCCI>
[Sony Ericsson W300 USB WMC Modem Driver / w300mdm][Stopped/Manual Start]
<system32\DRIVERS\w300mdm.sys><MCCI>
[Sony Ericsson W300 USB WMC Device Management Drivers (WDM) / w300mgmt][Stopped/Manual Start]
<system32\DRIVERS\w300mgmt.sys><MCCI>
[Sony Ericsson W300 USB WMC OBEX Interface / w300obex][Stopped/Manual Start]
<system32\DRIVERS\w300obex.sys><MCCI>
[WAN Miniport (ATW) / wanatw][Stopped/Manual Start]
<system32\DRIVERS\wanatw4.sys><America Online, Inc.>
[Wel18 / Wel18][Stopped/Manual Start]
<\??\C:\WINDOWS\System32\drivers\Wel18.sys><N/A>
[Codec Teletext standard / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
==================================
Browser Add-ons
[Yahoo! Toolbar Helper]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll, Yahoo! Inc.>
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[]
{53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, Sun Microsystems, Inc.>
[Ask Search Assistant BHO]
{9CB65201-89C4-402c-BA80-02D8C59F9B1D} <C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL, Ask.com>
[CNisExtBho Class]
{9ECB9560-04F9-4bbc-943D-298DDF1699E1} <C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll, Symantec Corporation>
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Google Toolbar Notifier BHO]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
[CNavExtBho Class]
{BDF3E430-B101-42AD-A544-FADC6B084872} <C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll, Symantec Corporation>
[Java Plug-in 1.6.0_02]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, Sun Microsystems, Inc.>
[]
{85d1f590-48f4-11d9-9669-0800200c9a66} <%windir%\bdoscandel.exe, N/A>
[Real.com]
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} <C:\WINDOWS\system32\Shdocvw.dll, Microsoft Corporation>
[]
{e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Norton Internet Security]
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} <C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll, Symantec Corporation>
[Norton AntiVirus]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} <C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll, Symantec Corporation>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Yahoo! Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll, Yahoo! Inc.>
[BDSCANONLINE Control]
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} <C:\WINDOWS\BDOSCAN8\oscan82.ocx, SOFTWIN>
[Java Plug-in 1.6.0_02]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_06]
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_01]
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_02]
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_02]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Bibliothèque d'objets Microsoft Outlook 8.0]
{0006F033-0000-0000-C000-000000000046} <, N/A>
[Microsoft Outlook]
{0006F03A-0000-0000-C000-000000000046} <, N/A>
[Yahoo! Toolbar Helper]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll, Yahoo! Inc.>
[QuickTime Object]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\QuickTime\QTPlugin.ocx, Apple Computer, Inc.>
[ActiveMovieControl Object]
{05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Norton Internet Security]
{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} <C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll, Symantec Corporation>
[CEnroll Class]
{127698E4-E730-4E5C-A2B1-21490A70C8A1} <C:\WINDOWS\system32\xenroll.dll, Microsoft Corporation>
[Shockwave ActiveX Control]
{166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINDOWS\system32\macromed\Director\SwDir.dll, Macromedia, Inc.>
[InformationCardSigninHelper Class]
{19916E01-B44E-4E31-94A4-4696DF46157B} <C:\WINDOWS\system32\icardie.dll, Microsoft Corporation>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[&Google]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[XML DOM Document]
{2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, N/A>
[XSL Template]
{2933BF94-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, N/A>
[Norton AntiVirus]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} <C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll, Symantec Corporation>
[]
{4F07F79F-087F-42CF-8B36-7A88D06088E9} <C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGSC8~1.DLL, Microsoft Corporation>
[]
{53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[BDSCANONLINE Control]
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} <C:\WINDOWS\BDOSCAN8\oscan82.ocx, SOFTWIN>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[SOActiveX Class]
{67F2A879-82D5-4A6D-8CC5-FFB3C114B69D} <C:\Program Files\OpenOffice.org1.1.2\program\so_activex.dll, N/A>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[SonicSelectorPlugin.Script]
{6DB52B5A-5CD4-4EAB-9C23-DD84D09E914E} <C:\APPS\ODP\SonicSelectorPlugin.ocx, On Demand Distribution>
[MUWebControl Class]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
[Windows Media Services DRM Storage object]
{760C4B83-E211-11D2-BF3E-00805FBE84A6} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, Sun Microsystems, Inc.>
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[XML DOM Document 4.0]
{88D969C0-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml4.dll, Microsoft Corporation>
[XML HTTP 4.0]
{88D969C5-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml4.dll, Microsoft Corporation>
[Java Plug-in 1.6.0_02]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, Sun Microsystems, Inc.>
[Ask Search Assistant BHO]
{9CB65201-89C4-402C-BA80-02D8C59F9B1D} <C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL, Ask.com>
[CNisExtBho Class]
{9ECB9560-04F9-4BBC-943D-298DDF1699E1} <C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll, Symantec Corporation>
[Google Toolbar Helper]
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Google Toolbar Notifier BHO]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Fichiers communs\System\msadc\msadco.dll, Microsoft Corporation>
[CNavExtBho Class]
{BDF3E430-B101-42AD-A544-FADC6B084872} <C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll, Symantec Corporation>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Msxml]
{CFC399AF-D876-11D0-9C10-00C04FC99C8E} <%SystemRoot%\system32\msxml3.dll, N/A>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[QuickTimeCheck Class]
{DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} <C:\Program Files\QuickTime\QTSystem\QuickTimeCheck.ocx, Apple Computer, Inc.>
[]
{E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} <C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGSC8~1.DLL, Microsoft Corporation>
[WebViewFolderIcon Class]
{E5DF9D10-3B52-11D1-83E8-00A0C90DC849} <C:\WINDOWS\system32\webvw.dll, Microsoft Corporation>
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\msxml3.dll, N/A>
[Yahoo! Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll, Yahoo! Inc.>
[]
{F06608C7-1874-4EEA-B3B2-DF99EBB144B8} <C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGSC8~1.DLL, Microsoft Corporation>
[XML DOM Document 3.0]
{F5078F32-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A>
[XML HTTP 3.0]
{F5078F35-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A>
[Free Threaded XML DOM Document]
{F6D90F12-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
[XML HTTP]
{F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
==================================
Running Processes
[PID: 124][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\ntdll.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 172][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\ntdll.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\CSRSRV.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\basesrv.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\winsrv.dll] [Microsoft Corporation, 5.1.2600.3103 (xpsp_sp2_gdr.070316-1309)]
[C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
[C:\WINDOWS\system32\KERNEL32.dll] [Microsoft Corporation, 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)]
[C:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)]
[C:\WINDOWS\system32\LPK.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\USP10.dll] [Microsoft Corporation, 1.0420.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.3173 (xpsp_sp2_qfe.070709-0052)]
[C:\WINDOWS\system32\sxs.dll] [Microsoft Corporation, 5.1.2600.3019 (xpsp_sp2_gdr.061019-0414)]
[PID: 196][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\ntdll.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)]
[C:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.3173 (xpsp_sp2_qfe.070709-0052)]
[C:\WINDOWS\system32\AUTHZ.dll] [Microsoft Corporation, 5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)]
[C:\WINDOWS\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\CRYPT32.dll] [Microsoft Corporation, 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)]
[C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
[C:\WINDOWS\system32\MSASN1.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\NDdeApi.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\PROFMAP.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\NETAPI32.dll] [Microsoft Corporation, 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106)]
[C:\WINDOWS\system32\USERENV.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\PSAPI.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\REGAPI.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Secur32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SETUPAPI.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\VERSION.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\WINSTA.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\WINTRUST.dll] [Microsoft Corporation, 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\IMAGEHLP.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\WS2_32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\WS2HELP.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\LPK.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\USP10.dll] [Microsoft Corporation, 1.0420.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\MSGINA.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SHELL32.dll] [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
[C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2900.3020 (xpsp.061023-0222)]
[C:\WINDOWS\system32\COMCTL32.dll] [Microsoft Corporation, 5.82 (xpsp.060825-0040)]
[C:\WINDOWS\system32\ODBC32.dll] [Microsoft Corporation, 3.525.1117.0 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\comdlg32.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\odbcint.dll] [Microsoft Corporation, 3.525.1117.0 built by: (_sqlbld)]
[C:\WINDOWS\system32\SHSVCS.dll] [Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)]
[C:\WINDOWS\system32\sfc.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\ole32.dll] [Microsoft Corporation, 5.1.2600.2726 (xp
AntiVir PersonalEdition Classic</gras>
Report file date: mercredi 9 janvier 2008 20:37
Scanning for 835736 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: quiros
Computer name: 111350930319
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 14:27:04
ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 14:27:13
AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 17:43:56
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: mercredi 9 janvier 2008 20:37
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
12 processes with 12 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '39' files ).
Starting the file scan:
Begin scan in 'C:\' <HDD>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\QooBox\Quarantine\C\WINDOWS\system32\qommnlk.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47f23c29.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Dkr07.sys.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47f73c2b.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP643\A0088687.sys
[DETECTION] Contains detection pattern of the rootkit RKIT/Agent.DQ.31.A
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services//Runtime]
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Runtime//Enum]
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services//Runtime]
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RUNTIME\0000//Control]
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RUNTIME//0000]
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root//LEGACY_RUNTIME]
[INFO] The file was moved to '47b53eb9.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP643\A0088713.sys
[DETECTION] Contains detection pattern of the rootkit RKIT/Agent.DQ.31.A
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services//Runtime]
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Runtime//Enum]
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services//Runtime]
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RUNTIME\0000//Control]
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RUNTIME//0000]
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root//LEGACY_RUNTIME]
[INFO] The file was moved to '47b53ec0.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP643\A0088772.sys
[DETECTION] Contains detection pattern of the rootkit RKIT/Agent.DQ.31.A
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services//Runtime]
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Runtime//Enum]
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services//Runtime]
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RUNTIME\0000//Control]
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RUNTIME//0000]
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root//LEGACY_RUNTIME]
[INFO] The file was moved to '47b53ecf.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP644\A0104768.sys
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47b63eeb.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP644\A0104779.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b63ef1.qua'!
Begin scan in 'D:\' <DATA>
End of the scan: jeudi 10 janvier 2008 00:24
Used time: 3:47:35 min
The scan has been done completely.
6335 Scanning directories
252071 Files were scanned
7 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
7 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
252064 Files not concerned
7088 Archives were scanned
1 Warnings
1 Notes
ComboFix 08-01-07.5 - quiros 2008-01-10 15:09:46.5 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.238 [GMT 1:00]
Running from: J:\ComboFix.exe
Command switches used :: D:\Documents and Settings\quiros\Bureau\CFScript.txt
FILE
C:\WINDOWS\System32\drivers\Hpw64.sys
C:\WINDOWS\System32\drivers\Tbi20.sys []
C:\WINDOWS\System32\drivers\Wel18.sys
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-10 to 2008-01-10 ))))))))))))))))))))))))))))))))))))
.
2008-01-09 20:19 . 2008-01-09 20:19 <REP> d----c--- D:\Documents and Settings\All Users\Application Data\Avira
2008-01-09 20:19 . 2008-01-09 20:19 <REP> d-------- C:\Program Files\Avira
2008-01-09 20:11 . 2004-08-16 18:55 <REP> d--h-c--- D:\Documents and Settings\Administrateur\Voisinage réseau
2008-01-09 20:11 . 2004-08-16 18:55 <REP> d--h-c--- D:\Documents and Settings\Administrateur\Voisinage d'impression
2008-01-09 20:11 . 2005-11-30 07:02 <REP> d--h-c--- D:\Documents and Settings\Administrateur\Modèles
2008-01-09 20:11 . 2007-12-28 16:12 <REP> dr---c--- D:\Documents and Settings\Administrateur\Mes documents
2008-01-09 20:11 . 2005-11-30 07:02 <REP> dr---c--- D:\Documents and Settings\Administrateur\Menu Démarrer
2008-01-09 20:11 . 2005-11-29 23:07 <REP> dr---c--- D:\Documents and Settings\Administrateur\Favoris
2008-01-09 20:11 . 2005-11-24 13:30 <REP> dr---c--- D:\Documents and Settings\Administrateur\Bureau
2008-01-09 20:11 . 2005-11-30 07:02 <REP> d----c--- D:\Documents and Settings\Administrateur\Application Data\You've Got Pictures Screensaver
2008-01-09 20:11 . 2005-11-24 13:21 <REP> d----c--- D:\Documents and Settings\Administrateur\Application Data\Symantec
2008-01-08 20:06 . 2008-01-08 20:06 <REP> d-------- C:\Program Files\Trend Micro
2008-01-08 19:56 . 2008-01-08 19:56 <REP> d-------- C:\Program Files\CCleaner
2008-01-08 19:40 . 2008-01-08 19:40 <REP> d----c--- C:\VundoFix Backups
2008-01-08 19:20 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-07 17:12 . 2008-01-07 17:12 <REP> d----c--- D:\Documents and Settings\All Users\Application Data\ESET
2008-01-06 09:29 . 2008-01-06 09:29 <REP> d----c--- D:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-04 11:32 . 2008-01-04 11:32 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-04 11:32 . 2008-01-04 11:32 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-28 16:14 . 2007-12-28 16:14 <REP> d-------- D:\Documents and Settings\quiros\Application Data\Skype
2007-12-28 16:14 . 2007-12-28 16:14 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Skype
2007-12-25 16:06 . 2007-12-26 13:15 73,216 -r-hs---- C:\WINDOWS\system32\regboot.exe
2007-12-21 08:21 . 2007-12-21 08:21 33,800 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys
2007-12-21 08:20 . 2007-12-21 08:20 30,216 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2007-12-21 08:19 . 2007-12-21 08:19 39,944 --a------ C:\WINDOWS\system32\drivers\eamon.sys
2007-12-19 20:35 . 2007-12-19 20:35 <REP> d-------- C:\Program Files\directx
2007-12-19 20:29 . 2007-12-19 20:29 <REP> d-------- C:\Program Files\Nival Interactive
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-10 13:48 --------- d-----w C:\Program Files\OpenOffice.org1.1.2
2008-01-09 19:35 --------- d-----w D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-07 15:46 --------- d-----w C:\Program Files\eMule
2007-12-04 14:56 93,264 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 18:23 --------- dc----w D:\Documents and Settings\All Users\Application Data\CyberLink
2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-10 23:49 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:49 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:49 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:49 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:49 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:49 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:49 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:49 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:49 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:49 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:49 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:49 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:49 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:49 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:49 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:49 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:49 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:49 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:49 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:49 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:49 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 23:49 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 11:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 11:00 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
.
((((((((((((((((((((((((((((( snapshot@2008-01-08_19.37.17.87 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-08-09 12:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2007-07-18 13:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2007-09-07 11:05:19 62,016 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 09:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-21 11:17 68856]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2007-11-22 17:10 787696]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-06-01 07:21 5729136]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04 1415824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 18:48 77824 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064]
"CnxDslTaskBar"="C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" [2005-05-20 18:32 278528]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-04-15 13:52 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-13 18:29 155648]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 19:33 57344]
"Registry Boot"="regboot.exe" [2007-12-26 13:15 73216 C:\WINDOWS\system32\regboot.exe]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
D:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dkr07.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hpw64.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Tbi20.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wel18.sys]
@="Driver"
S1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21]
S3 Cap713x;Cap713x Video Capture;C:\WINDOWS\system32\DRIVERS\Cap713x.sys [2005-01-28 21:19]
S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2005-05-20 18:27]
S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2005-05-20 18:27]
S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys [2005-05-20 18:28]
S3 Dkr07;Dkr07;C:\WINDOWS\System32\drivers\Dkr07.sys []
S3 Hpw64;Hpw64;C:\WINDOWS\System32\drivers\Hpw64.sys []
S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2004-07-14 02:52]
S3 Tbi20;Tbi20;C:\WINDOWS\System32\drivers\Tbi20.sys []
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 15:49]
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 15:50]
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 15:50]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 15:50]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 15:50]
S3 Wel18;Wel18;C:\WINDOWS\System32\drivers\Wel18.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25c06f4c-ba16-11dc-be88-00d0d08b6ede}]
\Shell\Auto\command - sxs.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-08 13:30:00 C:\WINDOWS\Tasks\Configurer mon PC.job"
- C:\Apps\SMP\PCSETUP.EXE
"2005-11-24 19:23:40 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-10 15:12:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-10 15:13:45
ComboFix-quarantined-files.txt 2008-01-10 14:13:15
ComboFix2.txt 2008-01-08 19:47:17
ComboFix3.txt 2008-01-08 19:24:26
ComboFix4.txt 2008-01-08 18:37:58
.
2007-12-12 02:03:01 --- E O F ---
[CODE]
2008-01-10,14:46:59
System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)
Windows XP Home Edition Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed
Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan
Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<updateMgr><C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9> [N/A]
<swg><C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe> [(Verified)Google Inc]
<ccleaner><"C:\Program Files\CCleaner\ccleaner.exe" /AUTO> [(Verified)Piriform Ltd]
<msnmsgr><"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background> [(Verified)Microsoft Corporation]
<SpybotSD TeaTimer><C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe> [(Verified)Safer Networking Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<SoundMan><SOUNDMAN.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<ATIPTA><"C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"> [ATI Technologies, Inc.]
<CnxDslTaskBar><"C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"> [N/A]
<avast!><C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe> [(Verified)ALWIL Software]
<Sony Ericsson PC Suite><"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions> [Sony Ericsson Mobile Communications AB]
<TkBellExe><"C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<SunJavaUpdateSched><"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."]
<QuickTime Task><"C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Computer, Inc.]
<Adobe Photo Downloader><"C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"> [Adobe Systems Incorporated]
<Registry Boot><regboot.exe> []
<avgnt><"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min> [Avira GmbH]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<PostBootReminder><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Publisher]
<CDBurn><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<WebCheck><C:\WINDOWS\system32\webcheck.dll> [(Verified)Microsoft Windows Component Publisher]
<SysTray><C:\WINDOWS\system32\stobject.dll> [(Verified)Microsoft Windows Publisher]
<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
<WinlogonNotify: ScCertProp><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
<WinlogonNotify: Schedule><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
<WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
<WinlogonNotify: termsrv><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
<WinlogonNotify: wlballoon><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
<IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
<Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
<Personnalisation du navigateur><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Carnet d'adresses 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
<Mise à jour du Bureau Windows><regsvr32.exe /s /n /i:U shell32.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -BaseSettings> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation]
==================================
Startup Folders
[Lancement rapide d'Adobe Reader]
<D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk --> C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N>
==================================
Services
[AntiVir PersonalEdition Classic Scheduler / AntiVirScheduler][Stopped/Auto Start]
<"C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"><Avira GmbH>
[AntiVir PersonalEdition Classic Guard / AntiVirService][Stopped/Auto Start]
<"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"><Avira GmbH>
[AOL Connectivity Service / AOL ACS][Stopped/Auto Start]
<C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe><America Online, Inc.>
[Gestion d'applications / AppMgmt][Stopped/Manual Start]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[Service d'état ASP.NET / aspnet_state][Stopped/Manual Start]
<C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[avast! iAVS4 Control Service / aswUpdSv][Stopped/Auto Start]
<"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"><ALWIL Software>
[Ati HotKey Poller / Ati HotKey Poller][Stopped/Auto Start]
<C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[avast! Antivirus / avast! Antivirus][Stopped/Auto Start]
<"C:\Program Files\Alwil Software\Avast4\ashServ.exe"><ALWIL Software>
[avast! Mail Scanner / avast! Mail Scanner][Stopped/Manual Start]
<"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service><ALWIL Software>
[avast! Web Scanner / avast! Web Scanner][Stopped/Manual Start]
<"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service><ALWIL Software>
[Symantec Event Manager / ccEvtMgr][Stopped/Auto Start]
<"C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Network Proxy / ccProxy][Stopped/Auto Start]
<"C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe"><Symantec Corporation>
[Symantec Password Validation / ccPwdSvc][Stopped/Manual Start]
<"C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr][Stopped/Auto Start]
<"C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[CyberLink Background Capture Service (CBCS) / CLCapSvc][Stopped/Auto Start]
<"c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe"><>
[CyberLink Task Scheduler (CTS) / CLSched][Stopped/Auto Start]
<"c:\APPS\Powercinema\Kernel\TV\CLSched.exe"><>
[CyberLink Media Library Service / CyberLink Media Library Service][Stopped/Auto Start]
<"C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe"><Cyberlink>
[Eset HTTP Server / EhttpSrv][Stopped/Manual Start]
<"C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"><ESET>
[Eset Service / ekrn][Stopped/Auto Start]
<"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"><ESET>
[Generic Service for HID Keyboard Input Collections / GenericHidService][Stopped/Auto Start]
<c:\APPS\HIDSERVICE\HIDSERVICE.exe><N/A>
[Google Updater Service / gusvc][Stopped/Manual Start]
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
<"C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[IS Service / ISSVC][Stopped/Manual Start]
<"C:\Program Files\Norton Internet Security\ISSVC.exe"><N/A>
[MysqlInventime / MysqlInventime][Stopped/Manual Start]
<C:\Apps\INVENT~1\mysql\bin\mysqld-nt --defaults-file=C:\Apps\Inventime\mysql\my.ini MysqlInventime><N/A>
[Service Norton AntiVirus Auto-Protect / navapsvc][Stopped/Auto Start]
<"C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe"><Symantec Corporation>
[NMIndexingService / NMIndexingService][Stopped/Manual Start]
<"C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe"><N/A>
[Pml Driver HPZ12 / Pml Driver HPZ12][Stopped/Auto Start]
<C:\WINDOWS\system32\HPZipm12.exe><HP>
[SAVScan / SAVScan][Stopped/Manual Start]
<"C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe"><N/A>
[Symantec Network Drivers Service / SNDSrvc][Stopped/Manual Start]
<"C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>
[Symantec SPBBCSvc / SPBBCSvc][Stopped/Manual Start]
<"C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe"><Symantec Corporation>
[Ulead Burning Helper / UleadBurningHelper][Stopped/Auto Start]
<C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe><Ulead Systems, Inc.>
[Windows Live Setup Service / WLSetupSvc][Stopped/Manual Start]
<"C:\Program Files\Windows Live\installer\WLSetupSvc.exe"><>
==================================
Drivers
[abp480n5 / abp480n5][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\ABP480N5.SYS><Microsoft Corporation>
[adpu160m / adpu160m][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\adpu160m.sys><Microsoft Corporation>
[Aha154x / Aha154x][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\aha154x.sys><Microsoft Corporation>
[aic78u2 / aic78u2][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\aic78u2.sys><Microsoft Corporation>
[aic78xx / aic78xx][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\aic78xx.sys><Microsoft Corporation>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Stopped/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AliIde / AliIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[Pilote de filtre du bus AMD AGP / amdagp][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\amdagp.sys><Advanced Micro Devices, Inc.>
[Pilote de processeur AMD / AmdK8][Stopped/System Start]
<system32\DRIVERS\AmdK8.sys><Advanced Micro Devices>
[asc / asc][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\asc.sys><Advanced System Products, Inc.>
[asc3350p / asc3350p][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\asc3350p.sys><Microsoft Corporation>
[asc3550 / asc3550][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\asc3550.sys><Advanced System Products, Inc.>
[ati2mtag / ati2mtag][Stopped/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[avgio / avgio][Stopped/System Start]
<\??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys><Avira GmbH>
[avgntflt / avgntflt][Stopped/Manual Start]
<\??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys><Avira GmbH>
[avipbb / avipbb][Stopped/System Start]
<system32\DRIVERS\avipbb.sys><AVIRA GmbH>
[Cap713x Video Capture / Cap713x][Stopped/Manual Start]
<system32\DRIVERS\Cap713x.sys><ASUSTek>
[cd20xrnt / cd20xrnt][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\cd20xrnt.sys><Microsoft Corporation>
[CmdIde / CmdIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[ZTE ZXDSL852 Adapter Filter Driver / CnxEtP][Stopped/Manual Start]
<system32\DRIVERS\CnxEtP.sys><Conexant Systems, Inc.>
[ZTE ZXDSL852 Interface Device Driver / CnxEtU][Stopped/Manual Start]
<system32\DRIVERS\CnxEtU.sys><Conexant Systems, Inc.>
[ZTE ZXDSL852 WAN PPPoA Adapter Driver / CnxTgNW][Stopped/Manual Start]
<system32\DRIVERS\CnxTgNW.sys><Conexant Systems, Inc.>
[dac2w2k / dac2w2k][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\dac2w2k.sys><Mylex Corporation>
[Dkr07 / Dkr07][Stopped/Manual Start]
<\??\C:\WINDOWS\System32\drivers\Dkr07.sys><N/A>
[dpti2o / dpti2o][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\dpti2o.sys><Microsoft Corporation>
[eamon / eamon][Stopped/Auto Start]
<system32\DRIVERS\eamon.sys><ESET>
[easdrv / easdrv][Stopped/System Start]
<system32\DRIVERS\easdrv.sys><ESET>
[epfwtdir / epfwtdir][Stopped/System Start]
<system32\DRIVERS\epfwtdir.sys><N/A>
[Hpw64 / Hpw64][Stopped/Manual Start]
<\??\C:\WINDOWS\System32\drivers\Hpw64.sys><N/A>
[IEEE-1284.4 Driver HPZid412 / HPZid412][Stopped/Manual Start]
<system32\DRIVERS\HPZid412.sys><HP>
[Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12][Stopped/Manual Start]
<system32\DRIVERS\HPZipr12.sys><HP>
[USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12][Stopped/Manual Start]
<system32\DRIVERS\HPZius12.sys><HP>
[ini910u / ini910u][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\ini910u.sys><Microsoft Corporation>
[mraid35x / mraid35x][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\mraid35x.sys><American Megatrends Inc.>
[NAVENG / NAVENG][Stopped/Manual Start]
<\??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20041020.038\NAVENG.SYS><Symantec Corporation>
[NAVEX15 / NAVEX15][Stopped/Manual Start]
<\??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20041020.038\NAVEX15.SYS><Symantec Corporation>
[Palladia 300/400 Usb Adsl Modem / PALLADIA][Stopped/Manual Start]
<system32\DRIVERS\usbiad.sys><Centillium Communications, Inc.>
[Volume Adapter / pepifilter][Stopped/Manual Start]
<system32\DRIVERS\lv302af.sys><Labtec Inc.>
[Labtec WebCam Pro(PID_08A0) / PID_08A0][Stopped/Manual Start]
<system32\DRIVERS\LV302AV.SYS><Labtec Inc.>
[Pilote de liaison parallèle directe / Ptilink][Stopped/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[ql1080 / ql1080][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\ql1080.sys><QLogic Corporation>
[Ql10wnt / Ql10wnt][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\ql10wnt.sys><Microsoft Corporation>
[ql12160 / ql12160][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\ql12160.sys><QLogic Corporation>
[ql1280 / ql1280][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\ql1280.sys><QLogic Corporation>
[Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver / RTL8023xp][Stopped/Manual Start]
<system32\DRIVERS\Rtlnicxp.sys><Realtek Semiconductor Corporation>
[SAVRT / SAVRT][Stopped/System Start]
<\??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS><N/A>
[SAVRTPEL / SAVRTPEL][Stopped/Auto Start]
<\??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS><N/A>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[Filtre de bus AGP SIS / sisagp][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\sisagp.sys><Silicon Integrated Systems Corporation>
[Sparrow / Sparrow][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\sparrow.sys><Adaptec, Inc.>
[SPBBCDrv / SPBBCDrv][Stopped/Manual Start]
<\??\C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys><Symantec Corporation>
[DualCamera / SQTECH905C][Stopped/Manual Start]
<System32\Drivers\Capt905c.sys><Service & Quality Technology.>
[ssmdrv / ssmdrv][Stopped/System Start]
<system32\DRIVERS\ssmdrv.sys><Avira GmbH>
[symc810 / symc810][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\symc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\symc8xx.sys><LSI Logic>
[SymEvent / SymEvent][Stopped/Manual Start]
<\??\C:\Program Files\Symantec\SYMEVENT.SYS><N/A>
[SYMREDRV / SYMREDRV][Stopped/Manual Start]
<\SystemRoot\System32\Drivers\SYMREDRV.SYS><Symantec Corporation>
[SYMTDI / SYMTDI][Stopped/System Start]
<\SystemRoot\System32\Drivers\SYMTDI.SYS><Symantec Corporation>
[sym_hi / sym_hi][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\sym_u3.sys><LSI Logic>
[Tbi20 / Tbi20][Stopped/Manual Start]
<\??\C:\WINDOWS\System32\drivers\Tbi20.sys><N/A>
[TosIde / TosIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\toside.sys><Microsoft Corporation>
[ultra / ultra][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\ultra.sys><Promise Technology, Inc.>
[ViaIde / ViaIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[Sony Ericsson W300 Driver driver (WDM) / w300bus][Stopped/Manual Start]
<system32\DRIVERS\w300bus.sys><MCCI>
[Sony Ericsson W300 USB WMC Modem Filter / w300mdfl][Stopped/Manual Start]
<system32\DRIVERS\w300mdfl.sys><MCCI>
[Sony Ericsson W300 USB WMC Modem Driver / w300mdm][Stopped/Manual Start]
<system32\DRIVERS\w300mdm.sys><MCCI>
[Sony Ericsson W300 USB WMC Device Management Drivers (WDM) / w300mgmt][Stopped/Manual Start]
<system32\DRIVERS\w300mgmt.sys><MCCI>
[Sony Ericsson W300 USB WMC OBEX Interface / w300obex][Stopped/Manual Start]
<system32\DRIVERS\w300obex.sys><MCCI>
[WAN Miniport (ATW) / wanatw][Stopped/Manual Start]
<system32\DRIVERS\wanatw4.sys><America Online, Inc.>
[Wel18 / Wel18][Stopped/Manual Start]
<\??\C:\WINDOWS\System32\drivers\Wel18.sys><N/A>
[Codec Teletext standard / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
==================================
Browser Add-ons
[Yahoo! Toolbar Helper]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll, Yahoo! Inc.>
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[]
{53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, Sun Microsystems, Inc.>
[Ask Search Assistant BHO]
{9CB65201-89C4-402c-BA80-02D8C59F9B1D} <C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL, Ask.com>
[CNisExtBho Class]
{9ECB9560-04F9-4bbc-943D-298DDF1699E1} <C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll, Symantec Corporation>
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Google Toolbar Notifier BHO]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
[CNavExtBho Class]
{BDF3E430-B101-42AD-A544-FADC6B084872} <C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll, Symantec Corporation>
[Java Plug-in 1.6.0_02]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, Sun Microsystems, Inc.>
[]
{85d1f590-48f4-11d9-9669-0800200c9a66} <%windir%\bdoscandel.exe, N/A>
[Real.com]
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} <C:\WINDOWS\system32\Shdocvw.dll, Microsoft Corporation>
[]
{e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Norton Internet Security]
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} <C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll, Symantec Corporation>
[Norton AntiVirus]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} <C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll, Symantec Corporation>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Yahoo! Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll, Yahoo! Inc.>
[BDSCANONLINE Control]
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} <C:\WINDOWS\BDOSCAN8\oscan82.ocx, SOFTWIN>
[Java Plug-in 1.6.0_02]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_06]
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_01]
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_02]
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_02]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Bibliothèque d'objets Microsoft Outlook 8.0]
{0006F033-0000-0000-C000-000000000046} <, N/A>
[Microsoft Outlook]
{0006F03A-0000-0000-C000-000000000046} <, N/A>
[Yahoo! Toolbar Helper]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll, Yahoo! Inc.>
[QuickTime Object]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\QuickTime\QTPlugin.ocx, Apple Computer, Inc.>
[ActiveMovieControl Object]
{05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Norton Internet Security]
{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} <C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll, Symantec Corporation>
[CEnroll Class]
{127698E4-E730-4E5C-A2B1-21490A70C8A1} <C:\WINDOWS\system32\xenroll.dll, Microsoft Corporation>
[Shockwave ActiveX Control]
{166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINDOWS\system32\macromed\Director\SwDir.dll, Macromedia, Inc.>
[InformationCardSigninHelper Class]
{19916E01-B44E-4E31-94A4-4696DF46157B} <C:\WINDOWS\system32\icardie.dll, Microsoft Corporation>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[&Google]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[XML DOM Document]
{2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, N/A>
[XSL Template]
{2933BF94-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, N/A>
[Norton AntiVirus]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} <C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll, Symantec Corporation>
[]
{4F07F79F-087F-42CF-8B36-7A88D06088E9} <C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGSC8~1.DLL, Microsoft Corporation>
[]
{53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[BDSCANONLINE Control]
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} <C:\WINDOWS\BDOSCAN8\oscan82.ocx, SOFTWIN>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[SOActiveX Class]
{67F2A879-82D5-4A6D-8CC5-FFB3C114B69D} <C:\Program Files\OpenOffice.org1.1.2\program\so_activex.dll, N/A>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[SonicSelectorPlugin.Script]
{6DB52B5A-5CD4-4EAB-9C23-DD84D09E914E} <C:\APPS\ODP\SonicSelectorPlugin.ocx, On Demand Distribution>
[MUWebControl Class]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
[Windows Media Services DRM Storage object]
{760C4B83-E211-11D2-BF3E-00805FBE84A6} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, Sun Microsystems, Inc.>
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[XML DOM Document 4.0]
{88D969C0-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml4.dll, Microsoft Corporation>
[XML HTTP 4.0]
{88D969C5-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml4.dll, Microsoft Corporation>
[Java Plug-in 1.6.0_02]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll, Sun Microsystems, Inc.>
[Ask Search Assistant BHO]
{9CB65201-89C4-402C-BA80-02D8C59F9B1D} <C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL, Ask.com>
[CNisExtBho Class]
{9ECB9560-04F9-4BBC-943D-298DDF1699E1} <C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll, Symantec Corporation>
[Google Toolbar Helper]
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Google Toolbar Notifier BHO]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Fichiers communs\System\msadc\msadco.dll, Microsoft Corporation>
[CNavExtBho Class]
{BDF3E430-B101-42AD-A544-FADC6B084872} <C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll, Symantec Corporation>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Msxml]
{CFC399AF-D876-11D0-9C10-00C04FC99C8E} <%SystemRoot%\system32\msxml3.dll, N/A>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[QuickTimeCheck Class]
{DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} <C:\Program Files\QuickTime\QTSystem\QuickTimeCheck.ocx, Apple Computer, Inc.>
[]
{E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} <C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGSC8~1.DLL, Microsoft Corporation>
[WebViewFolderIcon Class]
{E5DF9D10-3B52-11D1-83E8-00A0C90DC849} <C:\WINDOWS\system32\webvw.dll, Microsoft Corporation>
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\msxml3.dll, N/A>
[Yahoo! Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll, Yahoo! Inc.>
[]
{F06608C7-1874-4EEA-B3B2-DF99EBB144B8} <C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGSC8~1.DLL, Microsoft Corporation>
[XML DOM Document 3.0]
{F5078F32-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A>
[XML HTTP 3.0]
{F5078F35-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A>
[Free Threaded XML DOM Document]
{F6D90F12-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
[XML HTTP]
{F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
==================================
Running Processes
[PID: 124][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\ntdll.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 172][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\ntdll.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\CSRSRV.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\basesrv.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\winsrv.dll] [Microsoft Corporation, 5.1.2600.3103 (xpsp_sp2_gdr.070316-1309)]
[C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
[C:\WINDOWS\system32\KERNEL32.dll] [Microsoft Corporation, 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)]
[C:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)]
[C:\WINDOWS\system32\LPK.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\USP10.dll] [Microsoft Corporation, 1.0420.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.3173 (xpsp_sp2_qfe.070709-0052)]
[C:\WINDOWS\system32\sxs.dll] [Microsoft Corporation, 5.1.2600.3019 (xpsp_sp2_gdr.061019-0414)]
[PID: 196][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\ntdll.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)]
[C:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.3173 (xpsp_sp2_qfe.070709-0052)]
[C:\WINDOWS\system32\AUTHZ.dll] [Microsoft Corporation, 5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)]
[C:\WINDOWS\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\CRYPT32.dll] [Microsoft Corporation, 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)]
[C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
[C:\WINDOWS\system32\MSASN1.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\NDdeApi.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\PROFMAP.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\NETAPI32.dll] [Microsoft Corporation, 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106)]
[C:\WINDOWS\system32\USERENV.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\PSAPI.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\REGAPI.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Secur32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SETUPAPI.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\VERSION.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\WINSTA.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\WINTRUST.dll] [Microsoft Corporation, 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\IMAGEHLP.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\WS2_32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\WS2HELP.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\LPK.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\USP10.dll] [Microsoft Corporation, 1.0420.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\MSGINA.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SHELL32.dll] [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
[C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2900.3020 (xpsp.061023-0222)]
[C:\WINDOWS\system32\COMCTL32.dll] [Microsoft Corporation, 5.82 (xpsp.060825-0040)]
[C:\WINDOWS\system32\ODBC32.dll] [Microsoft Corporation, 3.525.1117.0 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\comdlg32.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\odbcint.dll] [Microsoft Corporation, 3.525.1117.0 built by: (_sqlbld)]
[C:\WINDOWS\system32\SHSVCS.dll] [Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)]
[C:\WINDOWS\system32\sfc.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\ole32.dll] [Microsoft Corporation, 5.1.2600.2726 (xp
Re bonjour,
voici donc un nouveau rapport combo fix et un nouvel hijacthis, en espérant que l'on pourra avancé dans ce désastre.
En tout cas merci pour votre aide et votre patience.
Merci de me dire ce qu'il en résulte et la suite à appliquer.
A+
ComboFix 08-01-07.5 - quiros 2008-01-10 16:00:29.7 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.235 [GMT 1:00]
Running from: J:\ComboFix.exe
Command switches used :: D:\Documents and Settings\quiros\Bureau\CFScript.txt
FILE
C:\WINDOWS\System32\drivers\Dkr07.sys
C:\WINDOWS\System32\drivers\Hpw64.sys
C:\WINDOWS\System32\drivers\Tbi20.sys
C:\WINDOWS\System32\drivers\Wel18.sys
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-10 to 2008-01-10 ))))))))))))))))))))))))))))))))))))
.
2008-01-09 20:19 . 2008-01-09 20:19 <REP> d----c--- D:\Documents and Settings\All Users\Application Data\Avira
2008-01-09 20:19 . 2008-01-09 20:19 <REP> d-------- C:\Program Files\Avira
2008-01-09 20:11 . 2004-08-16 18:55 <REP> d--h-c--- D:\Documents and Settings\Administrateur\Voisinage réseau
2008-01-09 20:11 . 2004-08-16 18:55 <REP> d--h-c--- D:\Documents and Settings\Administrateur\Voisinage d'impression
2008-01-09 20:11 . 2005-11-30 07:02 <REP> d--h-c--- D:\Documents and Settings\Administrateur\Modèles
2008-01-09 20:11 . 2007-12-28 16:12 <REP> dr---c--- D:\Documents and Settings\Administrateur\Mes documents
2008-01-09 20:11 . 2005-11-30 07:02 <REP> dr---c--- D:\Documents and Settings\Administrateur\Menu Démarrer
2008-01-09 20:11 . 2005-11-29 23:07 <REP> dr---c--- D:\Documents and Settings\Administrateur\Favoris
2008-01-09 20:11 . 2005-11-24 13:30 <REP> dr---c--- D:\Documents and Settings\Administrateur\Bureau
2008-01-09 20:11 . 2005-11-30 07:02 <REP> d----c--- D:\Documents and Settings\Administrateur\Application Data\You've Got Pictures Screensaver
2008-01-09 20:11 . 2005-11-24 13:21 <REP> d----c--- D:\Documents and Settings\Administrateur\Application Data\Symantec
2008-01-08 20:06 . 2008-01-08 20:06 <REP> d-------- C:\Program Files\Trend Micro
2008-01-08 19:56 . 2008-01-08 19:56 <REP> d-------- C:\Program Files\CCleaner
2008-01-08 19:40 . 2008-01-08 19:40 <REP> d----c--- C:\VundoFix Backups
2008-01-08 19:20 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-07 17:12 . 2008-01-07 17:12 <REP> d----c--- D:\Documents and Settings\All Users\Application Data\ESET
2008-01-06 09:29 . 2008-01-06 09:29 <REP> d----c--- D:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-04 11:32 . 2008-01-04 11:32 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-04 11:32 . 2008-01-04 11:32 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-28 16:14 . 2007-12-28 16:14 <REP> d-------- D:\Documents and Settings\quiros\Application Data\Skype
2007-12-28 16:14 . 2007-12-28 16:14 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Skype
2007-12-25 16:06 . 2007-12-26 13:15 73,216 -r-hs---- C:\WINDOWS\system32\regboot.exe
2007-12-21 08:21 . 2007-12-21 08:21 33,800 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys
2007-12-21 08:20 . 2007-12-21 08:20 30,216 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2007-12-21 08:19 . 2007-12-21 08:19 39,944 --a------ C:\WINDOWS\system32\drivers\eamon.sys
2007-12-19 20:35 . 2007-12-19 20:35 <REP> d-------- C:\Program Files\directx
2007-12-19 20:29 . 2007-12-19 20:29 <REP> d-------- C:\Program Files\Nival Interactive
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-10 14:58 --------- d-----w C:\Program Files\OpenOffice.org1.1.2
2008-01-09 19:35 --------- d-----w D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-07 15:46 --------- d-----w C:\Program Files\eMule
2007-12-04 14:56 93,264 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 18:23 --------- dc----w D:\Documents and Settings\All Users\Application Data\CyberLink
2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-10 23:49 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:49 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:49 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:49 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:49 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:49 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:49 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:49 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:49 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:49 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:49 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:49 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:49 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:49 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:49 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:49 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:49 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:49 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:49 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:49 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:49 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 23:49 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 11:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 11:00 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
.
((((((((((((((((((((((((((((( snapshot@2008-01-08_19.37.17.87 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 11:02:28 163,328 ----a-w C:\WINDOWS\erdnt\10-01-2008\ERDNT.EXE
+ 2008-01-10 14:29:50 5,472,256 ----a-w C:\WINDOWS\erdnt\10-01-2008\Users\[u]0[/u]0000001\ntuser.dat
+ 2008-01-10 14:29:50 258,048 ----a-w C:\WINDOWS\erdnt\10-01-2008\Users\[u]0[/u]0000002\UsrClass.dat
+ 2007-08-09 12:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2007-07-18 13:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2007-09-07 11:05:19 62,016 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 09:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-21 11:17 68856]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2007-11-22 17:10 787696]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-06-01 07:21 5729136]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04 1415824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 18:48 77824 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064]
"CnxDslTaskBar"="C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" [2005-05-20 18:32 278528]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-04-15 13:52 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-13 18:29 155648]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 19:33 57344]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
D:\Documents and Settings\quiros\Menu D‚marrer\Programmes\D‚marrage\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08]
D:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
S1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21]
S3 Cap713x;Cap713x Video Capture;C:\WINDOWS\system32\DRIVERS\Cap713x.sys [2005-01-28 21:19]
S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2005-05-20 18:27]
S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2005-05-20 18:27]
S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys [2005-05-20 18:28]
S3 Dkr07;Dkr07;C:\WINDOWS\System32\drivers\Dkr07.sys []
S3 Hpw64;Hpw64;C:\WINDOWS\System32\drivers\Hpw64.sys []
S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2004-07-14 02:52]
S3 Tbi20;Tbi20;C:\WINDOWS\System32\drivers\Tbi20.sys []
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 15:49]
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 15:50]
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 15:50]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 15:50]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 15:50]
S3 Wel18;Wel18;C:\WINDOWS\System32\drivers\Wel18.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25c06f4c-ba16-11dc-be88-00d0d08b6ede}]
\Shell\Auto\command - sxs.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-08 13:30:00 C:\WINDOWS\Tasks\Configurer mon PC.job"
- C:\Apps\SMP\PCSETUP.EXE
"2005-11-24 19:23:40 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-10 16:02:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-10 16:03:59
ComboFix-quarantined-files.txt 2008-01-10 15:03:29
ComboFix2.txt 2008-01-10 14:34:50
ComboFix3.txt 2008-01-10 14:13:46
ComboFix4.txt 2008-01-08 19:47:17
ComboFix5.txt 2008-01-08 19:24:26
.
2007-12-12 02:03:01 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:06:13, on 10/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IS Service (ISSVC) - Unknown owner - C:\Program Files\Norton Internet Security\ISSVC.exe (file missing)
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
voici donc un nouveau rapport combo fix et un nouvel hijacthis, en espérant que l'on pourra avancé dans ce désastre.
En tout cas merci pour votre aide et votre patience.
Merci de me dire ce qu'il en résulte et la suite à appliquer.
A+
ComboFix 08-01-07.5 - quiros 2008-01-10 16:00:29.7 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.235 [GMT 1:00]
Running from: J:\ComboFix.exe
Command switches used :: D:\Documents and Settings\quiros\Bureau\CFScript.txt
FILE
C:\WINDOWS\System32\drivers\Dkr07.sys
C:\WINDOWS\System32\drivers\Hpw64.sys
C:\WINDOWS\System32\drivers\Tbi20.sys
C:\WINDOWS\System32\drivers\Wel18.sys
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-10 to 2008-01-10 ))))))))))))))))))))))))))))))))))))
.
2008-01-09 20:19 . 2008-01-09 20:19 <REP> d----c--- D:\Documents and Settings\All Users\Application Data\Avira
2008-01-09 20:19 . 2008-01-09 20:19 <REP> d-------- C:\Program Files\Avira
2008-01-09 20:11 . 2004-08-16 18:55 <REP> d--h-c--- D:\Documents and Settings\Administrateur\Voisinage réseau
2008-01-09 20:11 . 2004-08-16 18:55 <REP> d--h-c--- D:\Documents and Settings\Administrateur\Voisinage d'impression
2008-01-09 20:11 . 2005-11-30 07:02 <REP> d--h-c--- D:\Documents and Settings\Administrateur\Modèles
2008-01-09 20:11 . 2007-12-28 16:12 <REP> dr---c--- D:\Documents and Settings\Administrateur\Mes documents
2008-01-09 20:11 . 2005-11-30 07:02 <REP> dr---c--- D:\Documents and Settings\Administrateur\Menu Démarrer
2008-01-09 20:11 . 2005-11-29 23:07 <REP> dr---c--- D:\Documents and Settings\Administrateur\Favoris
2008-01-09 20:11 . 2005-11-24 13:30 <REP> dr---c--- D:\Documents and Settings\Administrateur\Bureau
2008-01-09 20:11 . 2005-11-30 07:02 <REP> d----c--- D:\Documents and Settings\Administrateur\Application Data\You've Got Pictures Screensaver
2008-01-09 20:11 . 2005-11-24 13:21 <REP> d----c--- D:\Documents and Settings\Administrateur\Application Data\Symantec
2008-01-08 20:06 . 2008-01-08 20:06 <REP> d-------- C:\Program Files\Trend Micro
2008-01-08 19:56 . 2008-01-08 19:56 <REP> d-------- C:\Program Files\CCleaner
2008-01-08 19:40 . 2008-01-08 19:40 <REP> d----c--- C:\VundoFix Backups
2008-01-08 19:20 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-07 17:12 . 2008-01-07 17:12 <REP> d----c--- D:\Documents and Settings\All Users\Application Data\ESET
2008-01-06 09:29 . 2008-01-06 09:29 <REP> d----c--- D:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-04 11:32 . 2008-01-04 11:32 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-04 11:32 . 2008-01-04 11:32 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-28 16:14 . 2007-12-28 16:14 <REP> d-------- D:\Documents and Settings\quiros\Application Data\Skype
2007-12-28 16:14 . 2007-12-28 16:14 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Skype
2007-12-25 16:06 . 2007-12-26 13:15 73,216 -r-hs---- C:\WINDOWS\system32\regboot.exe
2007-12-21 08:21 . 2007-12-21 08:21 33,800 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys
2007-12-21 08:20 . 2007-12-21 08:20 30,216 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2007-12-21 08:19 . 2007-12-21 08:19 39,944 --a------ C:\WINDOWS\system32\drivers\eamon.sys
2007-12-19 20:35 . 2007-12-19 20:35 <REP> d-------- C:\Program Files\directx
2007-12-19 20:29 . 2007-12-19 20:29 <REP> d-------- C:\Program Files\Nival Interactive
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-10 14:58 --------- d-----w C:\Program Files\OpenOffice.org1.1.2
2008-01-09 19:35 --------- d-----w D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-07 15:46 --------- d-----w C:\Program Files\eMule
2007-12-04 14:56 93,264 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 18:23 --------- dc----w D:\Documents and Settings\All Users\Application Data\CyberLink
2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-10 23:49 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:49 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:49 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:49 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:49 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:49 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:49 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:49 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:49 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:49 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:49 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:49 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:49 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:49 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:49 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:49 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:49 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:49 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:49 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:49 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:49 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 23:49 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 11:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 11:00 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
.
((((((((((((((((((((((((((((( snapshot@2008-01-08_19.37.17.87 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 11:02:28 163,328 ----a-w C:\WINDOWS\erdnt\10-01-2008\ERDNT.EXE
+ 2008-01-10 14:29:50 5,472,256 ----a-w C:\WINDOWS\erdnt\10-01-2008\Users\[u]0[/u]0000001\ntuser.dat
+ 2008-01-10 14:29:50 258,048 ----a-w C:\WINDOWS\erdnt\10-01-2008\Users\[u]0[/u]0000002\UsrClass.dat
+ 2007-08-09 12:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2007-07-18 13:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2007-09-07 11:05:19 62,016 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 09:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-21 11:17 68856]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2007-11-22 17:10 787696]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-06-01 07:21 5729136]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04 1415824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 18:48 77824 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064]
"CnxDslTaskBar"="C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" [2005-05-20 18:32 278528]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-04-15 13:52 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-13 18:29 155648]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 19:33 57344]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
D:\Documents and Settings\quiros\Menu D‚marrer\Programmes\D‚marrage\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08]
D:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
S1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21]
S3 Cap713x;Cap713x Video Capture;C:\WINDOWS\system32\DRIVERS\Cap713x.sys [2005-01-28 21:19]
S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2005-05-20 18:27]
S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2005-05-20 18:27]
S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys [2005-05-20 18:28]
S3 Dkr07;Dkr07;C:\WINDOWS\System32\drivers\Dkr07.sys []
S3 Hpw64;Hpw64;C:\WINDOWS\System32\drivers\Hpw64.sys []
S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2004-07-14 02:52]
S3 Tbi20;Tbi20;C:\WINDOWS\System32\drivers\Tbi20.sys []
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 15:49]
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 15:50]
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 15:50]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 15:50]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 15:50]
S3 Wel18;Wel18;C:\WINDOWS\System32\drivers\Wel18.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25c06f4c-ba16-11dc-be88-00d0d08b6ede}]
\Shell\Auto\command - sxs.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-08 13:30:00 C:\WINDOWS\Tasks\Configurer mon PC.job"
- C:\Apps\SMP\PCSETUP.EXE
"2005-11-24 19:23:40 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-10 16:02:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-10 16:03:59
ComboFix-quarantined-files.txt 2008-01-10 15:03:29
ComboFix2.txt 2008-01-10 14:34:50
ComboFix3.txt 2008-01-10 14:13:46
ComboFix4.txt 2008-01-08 19:47:17
ComboFix5.txt 2008-01-08 19:24:26
.
2007-12-12 02:03:01 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:06:13, on 10/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IS Service (ISSVC) - Unknown owner - C:\Program Files\Norton Internet Security\ISSVC.exe (file missing)
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
bonsoir,
beaucoup de choses ne sont encore pas bonnes sur ce pc. Je me demande comment la personne a pu être infecté de la sorte.
désolée pour hier et le script, mais dans mon empressement à t'en remettre un qui pouvait fonctionner, j'ai fait une petite erreur :) d'où justement l'intérêt d'installer ERUNT comme je te l'avais expliqué.
il me faut du temps pour tout revoir, et j'ai aussi des topics en cours, je me retrouve avec le tien en + ce n'était pas prévu. dès que je peux je regarde correctement tous tes rapports pour voir la suite à donner, mais dan sl'immédiat, je ne peux pas.
j'espère que tu comprendras. Je n'étais passée à la base que pour seconder jalobservateur.
beaucoup de choses ne sont encore pas bonnes sur ce pc. Je me demande comment la personne a pu être infecté de la sorte.
désolée pour hier et le script, mais dans mon empressement à t'en remettre un qui pouvait fonctionner, j'ai fait une petite erreur :) d'où justement l'intérêt d'installer ERUNT comme je te l'avais expliqué.
il me faut du temps pour tout revoir, et j'ai aussi des topics en cours, je me retrouve avec le tien en + ce n'était pas prévu. dès que je peux je regarde correctement tous tes rapports pour voir la suite à donner, mais dan sl'immédiat, je ne peux pas.
j'espère que tu comprendras. Je n'étais passée à la base que pour seconder jalobservateur.
Bonsoir je te remercie, j'espère que tu pourras le faire quand même assez vite, car l'ordi ne réagit pas du tout.
Penses tu qu'il serait préférable de l'amener chez un réparateur? penses tu qu'on puisse faire quelque chose?. Je ne sais pas non plus comment elle a chopé tout ça, mais elle est très inquiète. L'ordi n'a qu'un an et demi, elle a du faire un crédit pour l'acheter, alors imagine son état d'esprit.
Enfin je te remercie encore pour elle, j'attends de tes nouvelles.
Penses tu qu'il serait préférable de l'amener chez un réparateur? penses tu qu'on puisse faire quelque chose?. Je ne sais pas non plus comment elle a chopé tout ça, mais elle est très inquiète. L'ordi n'a qu'un an et demi, elle a du faire un crédit pour l'acheter, alors imagine son état d'esprit.
Enfin je te remercie encore pour elle, j'attends de tes nouvelles.
--
S"V"P. ((Veuillez lire attentivement les recommandations.))
((Cela évite de répéter)). (Firefox) = ((Navigations + Sécuritaires!!!)) (GMT-5h: Québec, CA)
Bonsoir Chryisi54.
J'ai vraiment de la difficulté à me libérer.
Mais lis attentivement ce que je t'écris.
Il est hautement probable que la machine veule mourrir !
La cause première maintenant que Combo a travaillé et que 'Finalement' Antivir a été en mesure de capter les 7 récalcitrants est à mon avis ceci .
Les Anti-virus à profusion sur cette machine doivent 'ABSOLUMRNT' partir Sauf Antivir bien-sûr !
Voici des outils pour les supprimer +/- efficacement
1 Pour Norton : http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924?Open&src=&docid=20040413131641928&nsf=SUPPORT%5CINTER%5Cnisintl.nsf&view=833aab0c51f1b15a88256da6006a0505&dtype=&prod=&ver=&osv=&osv_lvl=
2: Pour Avast : https://www.avast.com/fr-fr/uninstall-utility
3: pour Nod32: https://www.eset.com/
Et je me suis surement mal expliqué moi aussi dans mon empressement :
Sauf les 2 lignes ici : Dont je te disais de garder un exemplaire de chacune :
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
--------------------------------------------------------------------------------------------------------------------------------------------------------
Toutes les suivantes, tu les coches et tu les fixes.
Soit celles-ci si plusieurs sont encore présentes.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
------------------------------------------------------------------------------------------ ----------------------
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
------------------------------------------------------------------------------------------ ---------------
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
--------------------
O4 - HKLM\..\Run: [Registry Boot] regboot.exe
----------------------------------------------
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
------------------------------------------------------------------------------------------ -------------------------
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
---------------------------------------------
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
--------------------------------------------------------------------
NB: si présentes ??? Pas sensé si tu as supprimé Nod32.
Si processus ? = arrêt. Si service = Désactiver.
Et coches ensuite :
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
----------------------------
O23 - Service: IS Service (ISSVC) - Unknown owner - C:\Program Files\Norton Internet Security\ISSVC.exe (file missing)
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
========================================================================================== =====================
Passes Spybot complet
Pour la suite ,je ne sais pas si je pourrai revenir dans un délai que tu juges raisonable. ?
Mais souviens-toi et recules sur les messages, puis relis quand je t'ai indiqué de ne rien promettre.
Ton log Klingon ,personne à qui j'ai demandé n'en n'ont déjà vu un semblable.
D'ou no promesses !
Jal
S"V"P. ((Veuillez lire attentivement les recommandations.))
((Cela évite de répéter)). (Firefox) = ((Navigations + Sécuritaires!!!)) (GMT-5h: Québec, CA)
Bonsoir Chryisi54.
J'ai vraiment de la difficulté à me libérer.
Mais lis attentivement ce que je t'écris.
Il est hautement probable que la machine veule mourrir !
La cause première maintenant que Combo a travaillé et que 'Finalement' Antivir a été en mesure de capter les 7 récalcitrants est à mon avis ceci .
Les Anti-virus à profusion sur cette machine doivent 'ABSOLUMRNT' partir Sauf Antivir bien-sûr !
Voici des outils pour les supprimer +/- efficacement
1 Pour Norton : http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924?Open&src=&docid=20040413131641928&nsf=SUPPORT%5CINTER%5Cnisintl.nsf&view=833aab0c51f1b15a88256da6006a0505&dtype=&prod=&ver=&osv=&osv_lvl=
2: Pour Avast : https://www.avast.com/fr-fr/uninstall-utility
3: pour Nod32: https://www.eset.com/
Et je me suis surement mal expliqué moi aussi dans mon empressement :
Sauf les 2 lignes ici : Dont je te disais de garder un exemplaire de chacune :
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
--------------------------------------------------------------------------------------------------------------------------------------------------------
Toutes les suivantes, tu les coches et tu les fixes.
Soit celles-ci si plusieurs sont encore présentes.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
------------------------------------------------------------------------------------------ ----------------------
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
------------------------------------------------------------------------------------------ ---------------
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
--------------------
O4 - HKLM\..\Run: [Registry Boot] regboot.exe
----------------------------------------------
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
------------------------------------------------------------------------------------------ -------------------------
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
---------------------------------------------
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
--------------------------------------------------------------------
NB: si présentes ??? Pas sensé si tu as supprimé Nod32.
Si processus ? = arrêt. Si service = Désactiver.
Et coches ensuite :
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
----------------------------
O23 - Service: IS Service (ISSVC) - Unknown owner - C:\Program Files\Norton Internet Security\ISSVC.exe (file missing)
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
========================================================================================== =====================
Passes Spybot complet
Pour la suite ,je ne sais pas si je pourrai revenir dans un délai que tu juges raisonable. ?
Mais souviens-toi et recules sur les messages, puis relis quand je t'ai indiqué de ne rien promettre.
Ton log Klingon ,personne à qui j'ai demandé n'en n'ont déjà vu un semblable.
D'ou no promesses !
Jal
re bonsoir
hello jal
pour ce pc qui est dans un sale état tu le sais, ce que te dis jalobservateur reste vrai ce sera à faire.
J'ai discuté de ton "cas" qui n'est pas terrible évidemment.
il faudrait ré essayer ceci :
(il est bien évident qu'il y a tjs un risque de plantage, vu l'état du pc) à vous de voir
Sélectionne le texte suivant :
# Copie le texte sélectionné (CTRL+C).
# Ouvre le bloc-note (programme>Accessoire>bloc-note).
# Colle le texte copié dans ce bloc-note (CTRL+V).
# Sauvegarde ce fichier sous le nom de CFScript.txt
# Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
# Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
# Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
# Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
# Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
hello jal
pour ce pc qui est dans un sale état tu le sais, ce que te dis jalobservateur reste vrai ce sera à faire.
J'ai discuté de ton "cas" qui n'est pas terrible évidemment.
il faudrait ré essayer ceci :
(il est bien évident qu'il y a tjs un risque de plantage, vu l'état du pc) à vous de voir
Sélectionne le texte suivant :
Driver:: Dkr07 epfwtdir Hpw64 Wel18 Tbi20 File:: C:\Windows\system32\Drivers\Dkr07.sys C:\Windows\system32\Drivers\epfwtdir.sys C:\Windows\system32\Drivers\Hpw64.sys C:\Windows\system32\Drivers\Wel18.sys C:\Windows\system32\Drivers\Tbi20.sys
# Copie le texte sélectionné (CTRL+C).
# Ouvre le bloc-note (programme>Accessoire>bloc-note).
# Colle le texte copié dans ce bloc-note (CTRL+V).
# Sauvegarde ce fichier sous le nom de CFScript.txt
# Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
# Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
# Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
# Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
# Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
Salut JAL
Merci pour ta réponse, tu dis :
""Les Anti-virus à profusion sur cette machine doivent 'ABSOLUMRNT' partir Sauf Antivir bien-sûr !
Voici des outils pour les supprimer +/- efficacement
1 Pour Norton : http://service1.symantec.com/
2: Pour Avast : https://www.avast.com/fr-fr/uninstall-utility
3: pour Nod32: https://www.eset.com/ ""
Mais comment je peux faire puisque je n'ai pas accès à INTERNET?????
Les adresses que tu me donnes sont des adresses du net, alors comment dois-je faire??
de plus j'ai eu un message personnel de PHILAE83, qui ne me rassure en rien , alors je ne sais plus!!!
je vais faire ce que tu me dis (au moins fixer les lignes puisque ça je ne l'ai pas fait encore), plusieurs personnes snt intervenuent sur la discution et il y a eu des divergences, alors moi, je ne sais plus!!!
Merci de m'éclairer sur :
1 Pour Norton : http://service1.symantec.com/
2: Pour Avast : https://www.avast.com/fr-fr/uninstall-utility
3: pour Nod32: https://www.eset.com/ ""
je peux les supprimer sans INTERNET???????????????
A + J'espère
Merci pour ta réponse, tu dis :
""Les Anti-virus à profusion sur cette machine doivent 'ABSOLUMRNT' partir Sauf Antivir bien-sûr !
Voici des outils pour les supprimer +/- efficacement
1 Pour Norton : http://service1.symantec.com/
2: Pour Avast : https://www.avast.com/fr-fr/uninstall-utility
3: pour Nod32: https://www.eset.com/ ""
Mais comment je peux faire puisque je n'ai pas accès à INTERNET?????
Les adresses que tu me donnes sont des adresses du net, alors comment dois-je faire??
de plus j'ai eu un message personnel de PHILAE83, qui ne me rassure en rien , alors je ne sais plus!!!
je vais faire ce que tu me dis (au moins fixer les lignes puisque ça je ne l'ai pas fait encore), plusieurs personnes snt intervenuent sur la discution et il y a eu des divergences, alors moi, je ne sais plus!!!
Merci de m'éclairer sur :
1 Pour Norton : http://service1.symantec.com/
2: Pour Avast : https://www.avast.com/fr-fr/uninstall-utility
3: pour Nod32: https://www.eset.com/ ""
je peux les supprimer sans INTERNET???????????????
A + J'espère
Toujours pour JAL,
de plus maintenant je suis inquiète pour mon PC, car j'ai tout passé par clé USB du miens au sien et du sien au miens, alors j'espère que je ne me suis pas infecté également.
Qu'en penses tu? Faut-il que je poste un Hijacktis pour voir?
Merci de me répondre si tu as 5mnts de disponible, je sais que vous avez du "BOULOT" en pagaille, alors merci d'avance si tu peux me répondre.
Cordialement
Chrysi64
de plus maintenant je suis inquiète pour mon PC, car j'ai tout passé par clé USB du miens au sien et du sien au miens, alors j'espère que je ne me suis pas infecté également.
Qu'en penses tu? Faut-il que je poste un Hijacktis pour voir?
Merci de me répondre si tu as 5mnts de disponible, je sais que vous avez du "BOULOT" en pagaille, alors merci d'avance si tu peux me répondre.
Cordialement
Chrysi64
--
S"V"P. ((Veuillez lire attentivement les recommandations.))
((Cela évite de répéter)). (Firefox) = ((Navigations + Sécuritaires!!!)) (GMT-5h: Québec, CA)
Mais de la même façon que tous les autre logiciel de désinfection que je t'ai indiqué :
SUR TA USB .
Ils sont téléchargeables et logeables sans aucun problème !
Tu peut les exécuter en MSechec comme tous les autres.
Et bien sur comme te le disais Philae : Firefox en dernier si tu tentes de te connecter. Il est évident qu,en sams echec il est très inutile.
Le RUSH c'est BYE BYE les Anti-virus.
S"V"P. ((Veuillez lire attentivement les recommandations.))
((Cela évite de répéter)). (Firefox) = ((Navigations + Sécuritaires!!!)) (GMT-5h: Québec, CA)
Mais de la même façon que tous les autre logiciel de désinfection que je t'ai indiqué :
SUR TA USB .
Ils sont téléchargeables et logeables sans aucun problème !
Tu peut les exécuter en MSechec comme tous les autres.
Et bien sur comme te le disais Philae : Firefox en dernier si tu tentes de te connecter. Il est évident qu,en sams echec il est très inutile.
Le RUSH c'est BYE BYE les Anti-virus.
bonne soirée