Multi infections
Sura
-
sura -
sura -
Bonjour,
Mon ordinateur est infecté. les symptômes sont les suivants :
- processus "windows" prenant 100% UC apparaissant de temps à autres
- internet lent, impossibilté d'ouvrir un dossier sur le bureau
- popup permanents
- ancien problème : winologon.exe = 100% uc, mais n'apparaît plus depuis un moment
- spybot releve en permanence des infections virtuamonde
Voici le rapport hijacthis
Logfile of HijackThis v1.99.1
Scan saved at 17:48:20, on 26/01/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
H:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
H:\Program Files\Google\Google Updater\GoogleUpdater.exe
H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
H:\WINDOWS\System32\nvsvc32.exe
H:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
H:\Program Files\MSN Messenger\usnsvc.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=H:\WINDOWS\System32\ddabc.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [a0cbf2bf] rundll32.exe "H:\WINDOWS\System32\wxekfele.dll",b
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Holdem Genius Auto Attacher.lnk = H:\Program Files\Holdem Genius\HG_Watcher.exe
O4 - Global Startup: B4Playing Smart Tool.lnk = H:\Program Files\B4Playing\B4PlayingSmartTool\B4PClient.exe
O4 - Global Startup: Google Updater.lnk = H:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - H:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - H:\Poker\Titan Poker\casino.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - H:\WINDOWS\System32\windows
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\System32\nvsvc32.exe
Devoir formater me pose beaucoup de problème pour sauvegarder mes données, et je vous serai très reconnaissant si vous parveniez à m'éviter ca.
Je suis à votre entière disposition dans le cas ou vous voudriez bien me répondre.
Sura
Mon ordinateur est infecté. les symptômes sont les suivants :
- processus "windows" prenant 100% UC apparaissant de temps à autres
- internet lent, impossibilté d'ouvrir un dossier sur le bureau
- popup permanents
- ancien problème : winologon.exe = 100% uc, mais n'apparaît plus depuis un moment
- spybot releve en permanence des infections virtuamonde
Voici le rapport hijacthis
Logfile of HijackThis v1.99.1
Scan saved at 17:48:20, on 26/01/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
H:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
H:\Program Files\Google\Google Updater\GoogleUpdater.exe
H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
H:\WINDOWS\System32\nvsvc32.exe
H:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
H:\Program Files\MSN Messenger\usnsvc.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=H:\WINDOWS\System32\ddabc.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [a0cbf2bf] rundll32.exe "H:\WINDOWS\System32\wxekfele.dll",b
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Holdem Genius Auto Attacher.lnk = H:\Program Files\Holdem Genius\HG_Watcher.exe
O4 - Global Startup: B4Playing Smart Tool.lnk = H:\Program Files\B4Playing\B4PlayingSmartTool\B4PClient.exe
O4 - Global Startup: Google Updater.lnk = H:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - H:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - H:\Poker\Titan Poker\casino.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - H:\WINDOWS\System32\windows
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\System32\nvsvc32.exe
Devoir formater me pose beaucoup de problème pour sauvegarder mes données, et je vous serai très reconnaissant si vous parveniez à m'éviter ca.
Je suis à votre entière disposition dans le cas ou vous voudriez bien me répondre.
Sura
A voir également:
- Multi infections
- Sfr multi - Accueil - Opérateurs & Forfaits
- Youtube multi downloader - Télécharger - Conversion & Codecs
- Multi boot windows - Guide
- Multi timer - Télécharger - Bureautique
- Multi exp pokemon diamant - Forum Jeux vidéo
27 réponses
Même en affichant ceci?
¤Affiche tous les fichiers et dossiers :
Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage
Coche « afficher les fichiers et dossiers cachés »
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décoche « masquer les extensions dont le type est connu »
Puis fais «Ok» pour valider les changements.
Et appliquer !
¤Affiche tous les fichiers et dossiers :
Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage
Coche « afficher les fichiers et dossiers cachés »
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décoche « masquer les extensions dont le type est connu »
Puis fais «Ok» pour valider les changements.
Et appliquer !
ah d'accord, il était protégé par le système, voila le rapport
Scanner results
Scan taken on 01 Feb 2008 12:11:03 (GMT)
A-Squared Found Adware.Win32.CommAd.a
AntiVir Found ADSPY/CommAd.A
ArcaVir Found Trojan.Delf.Hp
Avast Found Win32:Trojan-gen {Other}
AVG Antivirus Found Generic.GMD
BitDefender Found Adware.CommAd.A
ClamAV Found Adware.CommAd-2
CPsecure Found Malware.W32.CommAd.A
Dr.Web Found Trojan.Proxy.493
F-Prot Antivirus Found W32/Backdoor.AJHB
F-Secure Anti-Virus Found not-a-virus:AdWare.Win32.CommAd.a (4, 1, 400)
Fortinet Found Adware/Isearch
Ikarus Found Trojan-Downloader.Win32.Banload.F
Kaspersky Anti-Virus Found not-a-virus:AdWare.Win32.CommAd.a
NOD32 Found Win32/Adware.CommAd application
Norman Virus Control Found W32/CommAd.B
Panda Antivirus Found nothing
Rising Antivirus Found Backdoor.BlackHole.ax
Sophos Antivirus Found nothing
VirusBuster Found Adware.CommAd.A
VBA32 Found AdWare.Win32.CommAd.a
Scanner results
Scan taken on 01 Feb 2008 12:11:03 (GMT)
A-Squared Found Adware.Win32.CommAd.a
AntiVir Found ADSPY/CommAd.A
ArcaVir Found Trojan.Delf.Hp
Avast Found Win32:Trojan-gen {Other}
AVG Antivirus Found Generic.GMD
BitDefender Found Adware.CommAd.A
ClamAV Found Adware.CommAd-2
CPsecure Found Malware.W32.CommAd.A
Dr.Web Found Trojan.Proxy.493
F-Prot Antivirus Found W32/Backdoor.AJHB
F-Secure Anti-Virus Found not-a-virus:AdWare.Win32.CommAd.a (4, 1, 400)
Fortinet Found Adware/Isearch
Ikarus Found Trojan-Downloader.Win32.Banload.F
Kaspersky Anti-Virus Found not-a-virus:AdWare.Win32.CommAd.a
NOD32 Found Win32/Adware.CommAd application
Norman Virus Control Found W32/CommAd.B
Panda Antivirus Found nothing
Rising Antivirus Found Backdoor.BlackHole.ax
Sophos Antivirus Found nothing
VirusBuster Found Adware.CommAd.A
VBA32 Found AdWare.Win32.CommAd.a
Re
Supprime ceci:
H:\WINDOWS\system32\sys32time.dll
H:\WINDOWS\c3VyYQ
H:\WINDOWS\System32\oljpwrfv.dll
H:\Program Files\kernel
H:\WINDOWS\System32\ddabc.exe
H:\Program Files\?asks
H:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\winvsnet.exe
A+
Supprime ceci:
H:\WINDOWS\system32\sys32time.dll
H:\WINDOWS\c3VyYQ
H:\WINDOWS\System32\oljpwrfv.dll
H:\Program Files\kernel
H:\WINDOWS\System32\ddabc.exe
H:\Program Files\?asks
H:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\winvsnet.exe
A+
Excepté c3vyYQ qui est supprimé, il m'est impossible de trouver aucun des fichiers que tu me demande de supprimer
J'ai bien affichage des dossiers caché + non masquage des applications windows
J'ai bien affichage des dossiers caché + non masquage des applications windows
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
ComboFix 08-01-23.1C - Propri‚taire 2008-02-02 23:24:54.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.1.1252.1.1036.18.458 [GMT 2:00]
Endroit: H:\Documents and Settings\Propri‚taire\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-02 to 2008-02-02 ))))))))))))))))))))))))))))))))))))
.
2008-01-30 07:24 . 2008-01-30 07:24 <REP> d-------- H:\Program Files\Avira
2008-01-29 22:27 . 2008-01-29 22:27 230,454 --a------ H:\WINDOWS\GOM_Wallpaper.bmp
2008-01-29 01:51 . 2008-01-31 01:58 <REP> d-------- H:\VundoFix Backups
2008-01-27 01:02 . 2000-08-31 08:00 51,200 --a------ H:\WINDOWS\Nircmd.exe
2008-01-26 17:23 . 2003-12-12 16:06 1,693,696 --a------ H:\WINDOWS\system32\ltclr13n.dll
2008-01-26 17:23 . 2003-11-04 15:11 155,648 --a------ H:\WINDOWS\system32\lftif13n.dll
2008-01-26 17:23 . 2003-11-04 15:10 98,304 --a------ H:\WINDOWS\system32\lffax13n.dll
2008-01-26 17:18 . 2004-05-14 16:53 462,848 --a------ H:\WINDOWS\system32\ltkrn13n.dll
2008-01-26 17:18 . 2004-05-14 16:53 450,560 --a------ H:\WINDOWS\system32\ltimg13n.dll
2008-01-26 17:18 . 2004-05-14 16:53 401,408 --a------ H:\WINDOWS\system32\lfcmp13n.dll
2008-01-26 17:18 . 2004-05-14 16:53 299,008 --a------ H:\WINDOWS\system32\ltdis13n.dll
2008-01-26 17:18 . 2004-01-12 02:09 206,336 --a------ H:\WINDOWS\system32\ltefx13n.dll
2008-01-26 17:18 . 2004-05-14 16:53 163,840 --a------ H:\WINDOWS\system32\ltfil13n.dll
2008-01-26 17:18 . 2003-11-04 15:10 69,632 --a------ H:\WINDOWS\system32\lfgif13n.dll
2008-01-26 17:18 . 2004-05-14 16:53 57,344 --a------ H:\WINDOWS\system32\lfbmp13n.dll
2008-01-26 15:58 . 2008-01-26 15:58 <REP> d-------- H:\WINDOWS\AU_Temp
2008-01-26 15:09 . 2008-01-26 15:09 <REP> d-------- H:\WINDOWS\report
2008-01-26 15:09 . 2008-01-26 15:29 <REP> d-------- H:\WINDOWS\AU_Backup
2008-01-26 15:09 . 2008-01-26 15:09 1,916,766 --a------ H:\WINDOWS\tsc.ptn
2008-01-26 15:09 . 2008-01-26 15:58 1,163,344 --a------ H:\WINDOWS\vsapi32.dll
2008-01-26 15:09 . 2008-01-26 15:09 267,845 --a------ H:\WINDOWS\tsc.exe
2008-01-26 15:09 . 2008-01-26 15:58 86,094 --a------ H:\WINDOWS\BPMNT.dll
2008-01-26 15:09 . 2008-01-26 15:09 71,749 --a------ H:\WINDOWS\hcextoutput.dll
2008-01-26 15:09 . 2008-01-26 15:58 823 --a------ H:\WINDOWS\tsc.ini
2008-01-26 15:08 . 2008-01-26 15:09 35,262,033 --a------ H:\WINDOWS\VPTNFILE.963
2008-01-26 15:08 . 2008-01-26 15:09 35,262,033 --a------ H:\WINDOWS\LPT$VPN.963
2008-01-26 15:06 . 2008-01-26 15:06 <REP> d-------- H:\WINDOWS\AU_Log
2008-01-26 15:06 . 2008-01-26 15:06 507,904 --a------ H:\WINDOWS\TMUPDATE.DLL
2008-01-26 15:06 . 2008-01-26 15:06 286,720 --a------ H:\WINDOWS\PATCH.EXE
2008-01-26 15:06 . 2008-01-26 15:06 69,689 --a------ H:\WINDOWS\UNZIP.DLL
2008-01-26 15:06 . 2008-01-26 15:58 170 --a------ H:\WINDOWS\GetServer.ini
2008-01-26 03:17 . 2008-01-26 03:18 <REP> d-------- H:\Program Files\TexasCalculatem
2008-01-26 03:12 . 2008-01-26 03:15 <REP> d-------- H:\Program Files\Holdem Genius
2008-01-26 03:08 . 2008-01-26 03:08 <REP> d-------- H:\Program Files\B4Playing
2008-01-23 15:08 . 2008-01-23 15:08 <REP> d-------- H:\Poker
2008-01-22 14:38 . 2008-01-22 14:38 <REP> d-------- H:\WINDOWS\Sun
2008-01-22 14:37 . 2008-01-22 14:37 <REP> d-------- H:\Program Files\Java
2008-01-22 14:37 . 2007-09-24 23:31 69,632 --a------ H:\WINDOWS\system32\javacpl.cpl
2008-01-22 14:36 . 2008-01-22 14:36 <REP> d-------- H:\Program Files\Fichiers communs\Java
2008-01-20 22:00 . 2008-01-20 22:00 <REP> d-------- H:\Program Files\aMSN
2008-01-16 16:47 . 2008-01-16 16:47 <REP> d-------- H:\Program Files\PokerAce Hud
2008-01-08 18:44 . 2008-01-26 14:46 1,938 --a------ H:\WINDOWS\wininit.ini
2008-01-04 21:52 . 2008-02-02 23:25 69 --a------ H:\WINDOWS\NeroDigital.ini
2008-01-04 21:35 . 2008-01-04 21:35 <REP> d-------- H:\Program Files\Nero
2008-01-04 21:35 . 2008-01-04 21:37 <REP> d-------- H:\Program Files\Fichiers communs\Nero
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-30 18:58 --------- d-----w H:\Program Files\bwin
2008-01-26 23:08 --------- d-----w H:\Program Files\MSN Messenger
2008-01-20 12:48 --------- d-----w H:\Program Files\IGZones
2007-12-31 16:51 43,520 ----a-w H:\WINDOWS\system32\CmdLineExt03.dll
2007-12-13 17:09 972,072 ----a-w H:\WINDOWS\UNNeroMediaHome.exe
2007-12-03 16:04 95,600 ----a-w H:\WINDOWS\system32\NeroCo.dll
.
[code]<pre>
----a-w 2,321,600 2008-01-08 15:44:52 H:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater .exe
----a-w 68,856 2008-01-15 10:54:08 H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
</pre>[/code]
((((((((((((((((((((((((((((( snapshot_2008-01-31_ 2.08.22,26 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-27 12:29:01 593,920 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-02-01 16:12:50 593,920 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-01-27 12:29:01 12,288 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-02-01 16:12:50 12,288 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-01-27 12:29:01 86,016 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-02-01 16:12:50 86,016 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-01-27 12:29:01 135,168 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-02-01 16:12:50 135,168 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-01-27 12:29:01 11,264 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-02-01 16:12:50 11,264 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-01-27 12:29:01 27,136 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-02-01 16:12:50 27,136 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-01-27 12:29:01 4,096 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-02-01 16:12:50 4,096 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-01-27 12:29:01 794,624 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-02-01 16:12:50 794,624 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-01-27 12:29:01 249,856 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-02-01 16:12:50 249,856 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-01-27 12:29:01 61,440 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-02-01 16:12:50 61,440 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-01-27 12:29:01 23,040 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-02-01 16:12:50 23,040 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-01-27 12:29:01 286,720 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-02-01 16:12:49 286,720 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-01-27 12:29:01 409,600 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-02-01 16:12:49 409,600 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-01-30 11:35:29 16,384 ----a-w H:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-02-02 10:58:13 16,384 ----a-w H:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-01-30 11:35:29 16,384 ----a-w H:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-02-02 10:58:13 16,384 ----a-w H:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-01-30 11:35:29 98,304 ----a-w H:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-02-02 10:58:13 98,304 ----a-w H:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-31 00:07:07 1,449,984 ----a-w H:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2008-02-02 21:24:51 1,449,984 ----a-w H:\WINDOWS\system32\config\systemprofile\ntuser.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"MsnMsgr"="H:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"SpybotSD TeaTimer"="H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="H:\WINDOWS\System32\NvCpl.dll" [2006-07-12 06:19 7626752]
"SunJavaUpdateSched"="H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [ ]
"avgnt"="H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-30 15:42 249896]
H:\Documents and Settings\Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
Holdem Genius Auto Attacher.lnk - H:\Program Files\Holdem Genius\HG_Watcher.exe [2008-01-26 03:12:18 1286144]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a0cbf2bf]
H:\WINDOWS\System32\oljpwrfv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
H:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 10:43 69632 H:\WINDOWS\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
H:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr .exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kernel]
H:\Program Files\kernel\kernel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
H:\WINDOWS\System32\ddabc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
H:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mvrzptni]
H:\Program Files\?asks\??oolsv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UGA6P_0001_N122M2210]
H:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\winvsnet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-07-12 06:19 7626752 H:\WINDOWS\System32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-07-12 06:19 86016 H:\WINDOWS\System32\NvMcTray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-07-12 06:19 1519616 H:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-06-01 08:48 16208384 H:\WINDOWS\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
H:\WINDOWS\mrofinu572.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2006-05-16 10:04 2879488 H:\WINDOWS\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tacc]
H:\DOCUME~1\PROPRI~1\MESDOC~1\ICROSO~1.NET\winlogon.exe
R0 avgntmgr;avgntmgr;H:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2007-07-18 14:22]
R1 avgntdd;avgntdd;H:\WINDOWS\System32\DRIVERS\avgntdd.sys [2007-08-09 13:04]
S3 MSControlService;Microsoft cache control;H:\WINDOWS\System32\windows []
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-02 23:26:22
Windows 5.1.2600 Service Pack 1 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-02-02 23:26:55
ComboFix-quarantined-files.txt 2008-02-02 21:26:53
ComboFix2.txt 2008-01-31 00:08:52
ComboFix3.txt 2008-01-26 23:15:47
Microsoft Windows XP Édition familiale 5.1.2600.1.1252.1.1036.18.458 [GMT 2:00]
Endroit: H:\Documents and Settings\Propri‚taire\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-02 to 2008-02-02 ))))))))))))))))))))))))))))))))))))
.
2008-01-30 07:24 . 2008-01-30 07:24 <REP> d-------- H:\Program Files\Avira
2008-01-29 22:27 . 2008-01-29 22:27 230,454 --a------ H:\WINDOWS\GOM_Wallpaper.bmp
2008-01-29 01:51 . 2008-01-31 01:58 <REP> d-------- H:\VundoFix Backups
2008-01-27 01:02 . 2000-08-31 08:00 51,200 --a------ H:\WINDOWS\Nircmd.exe
2008-01-26 17:23 . 2003-12-12 16:06 1,693,696 --a------ H:\WINDOWS\system32\ltclr13n.dll
2008-01-26 17:23 . 2003-11-04 15:11 155,648 --a------ H:\WINDOWS\system32\lftif13n.dll
2008-01-26 17:23 . 2003-11-04 15:10 98,304 --a------ H:\WINDOWS\system32\lffax13n.dll
2008-01-26 17:18 . 2004-05-14 16:53 462,848 --a------ H:\WINDOWS\system32\ltkrn13n.dll
2008-01-26 17:18 . 2004-05-14 16:53 450,560 --a------ H:\WINDOWS\system32\ltimg13n.dll
2008-01-26 17:18 . 2004-05-14 16:53 401,408 --a------ H:\WINDOWS\system32\lfcmp13n.dll
2008-01-26 17:18 . 2004-05-14 16:53 299,008 --a------ H:\WINDOWS\system32\ltdis13n.dll
2008-01-26 17:18 . 2004-01-12 02:09 206,336 --a------ H:\WINDOWS\system32\ltefx13n.dll
2008-01-26 17:18 . 2004-05-14 16:53 163,840 --a------ H:\WINDOWS\system32\ltfil13n.dll
2008-01-26 17:18 . 2003-11-04 15:10 69,632 --a------ H:\WINDOWS\system32\lfgif13n.dll
2008-01-26 17:18 . 2004-05-14 16:53 57,344 --a------ H:\WINDOWS\system32\lfbmp13n.dll
2008-01-26 15:58 . 2008-01-26 15:58 <REP> d-------- H:\WINDOWS\AU_Temp
2008-01-26 15:09 . 2008-01-26 15:09 <REP> d-------- H:\WINDOWS\report
2008-01-26 15:09 . 2008-01-26 15:29 <REP> d-------- H:\WINDOWS\AU_Backup
2008-01-26 15:09 . 2008-01-26 15:09 1,916,766 --a------ H:\WINDOWS\tsc.ptn
2008-01-26 15:09 . 2008-01-26 15:58 1,163,344 --a------ H:\WINDOWS\vsapi32.dll
2008-01-26 15:09 . 2008-01-26 15:09 267,845 --a------ H:\WINDOWS\tsc.exe
2008-01-26 15:09 . 2008-01-26 15:58 86,094 --a------ H:\WINDOWS\BPMNT.dll
2008-01-26 15:09 . 2008-01-26 15:09 71,749 --a------ H:\WINDOWS\hcextoutput.dll
2008-01-26 15:09 . 2008-01-26 15:58 823 --a------ H:\WINDOWS\tsc.ini
2008-01-26 15:08 . 2008-01-26 15:09 35,262,033 --a------ H:\WINDOWS\VPTNFILE.963
2008-01-26 15:08 . 2008-01-26 15:09 35,262,033 --a------ H:\WINDOWS\LPT$VPN.963
2008-01-26 15:06 . 2008-01-26 15:06 <REP> d-------- H:\WINDOWS\AU_Log
2008-01-26 15:06 . 2008-01-26 15:06 507,904 --a------ H:\WINDOWS\TMUPDATE.DLL
2008-01-26 15:06 . 2008-01-26 15:06 286,720 --a------ H:\WINDOWS\PATCH.EXE
2008-01-26 15:06 . 2008-01-26 15:06 69,689 --a------ H:\WINDOWS\UNZIP.DLL
2008-01-26 15:06 . 2008-01-26 15:58 170 --a------ H:\WINDOWS\GetServer.ini
2008-01-26 03:17 . 2008-01-26 03:18 <REP> d-------- H:\Program Files\TexasCalculatem
2008-01-26 03:12 . 2008-01-26 03:15 <REP> d-------- H:\Program Files\Holdem Genius
2008-01-26 03:08 . 2008-01-26 03:08 <REP> d-------- H:\Program Files\B4Playing
2008-01-23 15:08 . 2008-01-23 15:08 <REP> d-------- H:\Poker
2008-01-22 14:38 . 2008-01-22 14:38 <REP> d-------- H:\WINDOWS\Sun
2008-01-22 14:37 . 2008-01-22 14:37 <REP> d-------- H:\Program Files\Java
2008-01-22 14:37 . 2007-09-24 23:31 69,632 --a------ H:\WINDOWS\system32\javacpl.cpl
2008-01-22 14:36 . 2008-01-22 14:36 <REP> d-------- H:\Program Files\Fichiers communs\Java
2008-01-20 22:00 . 2008-01-20 22:00 <REP> d-------- H:\Program Files\aMSN
2008-01-16 16:47 . 2008-01-16 16:47 <REP> d-------- H:\Program Files\PokerAce Hud
2008-01-08 18:44 . 2008-01-26 14:46 1,938 --a------ H:\WINDOWS\wininit.ini
2008-01-04 21:52 . 2008-02-02 23:25 69 --a------ H:\WINDOWS\NeroDigital.ini
2008-01-04 21:35 . 2008-01-04 21:35 <REP> d-------- H:\Program Files\Nero
2008-01-04 21:35 . 2008-01-04 21:37 <REP> d-------- H:\Program Files\Fichiers communs\Nero
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-30 18:58 --------- d-----w H:\Program Files\bwin
2008-01-26 23:08 --------- d-----w H:\Program Files\MSN Messenger
2008-01-20 12:48 --------- d-----w H:\Program Files\IGZones
2007-12-31 16:51 43,520 ----a-w H:\WINDOWS\system32\CmdLineExt03.dll
2007-12-13 17:09 972,072 ----a-w H:\WINDOWS\UNNeroMediaHome.exe
2007-12-03 16:04 95,600 ----a-w H:\WINDOWS\system32\NeroCo.dll
.
[code]<pre>
----a-w 2,321,600 2008-01-08 15:44:52 H:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater .exe
----a-w 68,856 2008-01-15 10:54:08 H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
</pre>[/code]
((((((((((((((((((((((((((((( snapshot_2008-01-31_ 2.08.22,26 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-27 12:29:01 593,920 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-02-01 16:12:50 593,920 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-01-27 12:29:01 12,288 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-02-01 16:12:50 12,288 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-01-27 12:29:01 86,016 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-02-01 16:12:50 86,016 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-01-27 12:29:01 135,168 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-02-01 16:12:50 135,168 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-01-27 12:29:01 11,264 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-02-01 16:12:50 11,264 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-01-27 12:29:01 27,136 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-02-01 16:12:50 27,136 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-01-27 12:29:01 4,096 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-02-01 16:12:50 4,096 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-01-27 12:29:01 794,624 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-02-01 16:12:50 794,624 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-01-27 12:29:01 249,856 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-02-01 16:12:50 249,856 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-01-27 12:29:01 61,440 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-02-01 16:12:50 61,440 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-01-27 12:29:01 23,040 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-02-01 16:12:50 23,040 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-01-27 12:29:01 286,720 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-02-01 16:12:49 286,720 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-01-27 12:29:01 409,600 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-02-01 16:12:49 409,600 ----a-r H:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-01-30 11:35:29 16,384 ----a-w H:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-02-02 10:58:13 16,384 ----a-w H:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-01-30 11:35:29 16,384 ----a-w H:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-02-02 10:58:13 16,384 ----a-w H:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-01-30 11:35:29 98,304 ----a-w H:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-02-02 10:58:13 98,304 ----a-w H:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-31 00:07:07 1,449,984 ----a-w H:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2008-02-02 21:24:51 1,449,984 ----a-w H:\WINDOWS\system32\config\systemprofile\ntuser.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"MsnMsgr"="H:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"SpybotSD TeaTimer"="H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="H:\WINDOWS\System32\NvCpl.dll" [2006-07-12 06:19 7626752]
"SunJavaUpdateSched"="H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [ ]
"avgnt"="H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-30 15:42 249896]
H:\Documents and Settings\Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
Holdem Genius Auto Attacher.lnk - H:\Program Files\Holdem Genius\HG_Watcher.exe [2008-01-26 03:12:18 1286144]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a0cbf2bf]
H:\WINDOWS\System32\oljpwrfv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
H:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 10:43 69632 H:\WINDOWS\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
H:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr .exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kernel]
H:\Program Files\kernel\kernel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
H:\WINDOWS\System32\ddabc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
H:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mvrzptni]
H:\Program Files\?asks\??oolsv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UGA6P_0001_N122M2210]
H:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\winvsnet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-07-12 06:19 7626752 H:\WINDOWS\System32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-07-12 06:19 86016 H:\WINDOWS\System32\NvMcTray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-07-12 06:19 1519616 H:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-06-01 08:48 16208384 H:\WINDOWS\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
H:\WINDOWS\mrofinu572.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2006-05-16 10:04 2879488 H:\WINDOWS\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tacc]
H:\DOCUME~1\PROPRI~1\MESDOC~1\ICROSO~1.NET\winlogon.exe
R0 avgntmgr;avgntmgr;H:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2007-07-18 14:22]
R1 avgntdd;avgntdd;H:\WINDOWS\System32\DRIVERS\avgntdd.sys [2007-08-09 13:04]
S3 MSControlService;Microsoft cache control;H:\WINDOWS\System32\windows []
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-02 23:26:22
Windows 5.1.2600 Service Pack 1 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-02-02 23:26:55
ComboFix-quarantined-files.txt 2008-02-02 21:26:53
ComboFix2.txt 2008-01-31 00:08:52
ComboFix3.txt 2008-01-26 23:15:47
