Sujet Précédent Sujet Suivant

Infecté par BAGLE

Fermé
kalliste2b Messages postés 122 Date d'inscription jeudi 23 août 2007 Statut Membre Dernière intervention 5 novembre 2013 - 29 mars 2008 à 23:57
 Utilisateur anonyme - 30 mars 2008 à 18:19
Salut,

Mon antivirus NORTON n'est plus actif
le mode sans echec ne fonctionne plus
certains programmes anti spywares et autres tel que AVG anti virus, spybot etc ... ne s'ouvrent plus
Mon PC s'eteint et redemarre
Je n'arrive plus à lire les PPS

Toutes ces anomalies me semblent symptomatiques à la
présence désatreuse de BAGLE

Je mets sur ce forum différents rapports
rapport ELIBAGLA https://www.sendspace.com/file/smtggb
rapport Hijackthis http://www.sendspace.com/delete/95aqpx/56vtn
rapport combifix https://www.sendspace.com/file/doqa8n
rapport navilog https://www.sendspace.com/file/j63kod
rapport clean part 1 https://www.sendspace.com/file/yj9me6
rapport clean part 2 https://www.sendspace.com/file/ym3dum

Je suis tres perturbé devant tous ces problemes
J'espere qu'une solution me sera proposée
dans cette attente merci infiniment

5 réponses

Réponse 1 / 5
Utilisateur anonyme
30 mars 2008 à 00:03
Bonsoir

Je pense que tu ne penses pas que l'on va aller cliquer sur tes liens.

Il est plus simple de copier/coller tes rapports ici.
0
Réponse 2 / 5
kalliste2b Messages postés 122 Date d'inscription jeudi 23 août 2007 Statut Membre Dernière intervention 5 novembre 2013
30 mars 2008 à 00:40
Ok tu as raison
rapport ELIBAGLA

Sat Mar 29 23:13:52 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.

Sun Mar 30 00:06:37 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle (rootkit)
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Eliminado Bagle
Restaurada Clave: "SafeBoot\Minimal y Network"

Sun Mar 30 00:06:44 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\system volume information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP302\A0067053.EXE --> Eliminado Bagle
C:\system volume information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP302\A0067054.EXE --> Eliminado Bagle
C:\system volume information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP304\A0068430.SYS --> Eliminado Bagle (rootkit)
C:\system volume information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP304\A0068453.SYS --> Eliminado Bagle (rootkit)

Nº Total de Directorios: 11753
Nº Total de Ficheros: 125448
Nº de Ficheros Analizados: 14487
Nº de Ficheros Infectados: 4
Nº de Ficheros Limpiados: 4

Sun Mar 30 00:15:24 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Sun Mar 30 00:15:37 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad L:\

Sun Mar 30 00:16:27 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Sun Mar 30 00:16:36 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad M:\

Nº Total de Directorios: 687
Nº Total de Ficheros: 7447
Nº de Ficheros Analizados: 1073
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sun Mar 30 00:17:06 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad N:\

Nº Total de Directorios: 7
Nº Total de Ficheros: 44
Nº de Ficheros Analizados: 0
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sun Mar 30 00:17:16 2008
EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad L:\

RAPPORT Hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 20:38:01, on 29/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Virtual Magnifying Glass\Magnifying Glass.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\IncrediMail\bin\ImApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.liberad.com/_index.asp?lg=fr&dem=1&id=9052
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://portail.free.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb126\Dealio.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNavExtBho Class - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Magnifying Glass] "C:\Program Files\Virtual Magnifying Glass\Magnifying Glass.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\yves\Application Data\Dealio\kb126\res\DealioSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

rapport combofix
ComboFix 08-03-29.1 - yves 2008-03-29 21:38:51.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.342 [GMT 1:00]
Endroit: C:\Documents and Settings\yves\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\yves\Menu Démarrer\Programmes\Uninstall.lnk
C:\WINDOWS\system32\drivers\down
C:\WINDOWS\system32\drivers\down\100140.exe
C:\WINDOWS\system32\drivers\down\100953.exe
C:\WINDOWS\system32\drivers\down\101078.exe
C:\WINDOWS\system32\drivers\down\101187.exe
C:\WINDOWS\system32\drivers\down\102375.exe
C:\WINDOWS\system32\drivers\down\102828.exe
C:\WINDOWS\system32\drivers\down\103093.exe
C:\WINDOWS\system32\drivers\down\103234.exe
C:\WINDOWS\system32\drivers\down\105093.exe
C:\WINDOWS\system32\drivers\down\105484.exe
C:\WINDOWS\system32\drivers\down\107406.exe
C:\WINDOWS\system32\drivers\down\108046.exe
C:\WINDOWS\system32\drivers\down\110218.exe
C:\WINDOWS\system32\drivers\down\110796.exe
C:\WINDOWS\system32\drivers\down\113859.exe
C:\WINDOWS\system32\drivers\down\113890.exe
C:\WINDOWS\system32\drivers\down\115359.exe
C:\WINDOWS\system32\drivers\down\116531.exe
C:\WINDOWS\system32\drivers\down\117140.exe
C:\WINDOWS\system32\drivers\down\119390.exe
C:\WINDOWS\system32\drivers\down\119906.exe
C:\WINDOWS\system32\drivers\down\122234.exe
C:\WINDOWS\system32\drivers\down\125640.exe
C:\WINDOWS\system32\drivers\down\127859.exe
C:\WINDOWS\system32\drivers\down\128578.exe
C:\WINDOWS\system32\drivers\down\129171.exe
C:\WINDOWS\system32\drivers\down\131031.exe
C:\WINDOWS\system32\drivers\down\131156.exe
C:\WINDOWS\system32\drivers\down\132828.exe
C:\WINDOWS\system32\drivers\down\134093.exe
C:\WINDOWS\system32\drivers\down\134625.exe
C:\WINDOWS\system32\drivers\down\135718.exe
C:\WINDOWS\system32\drivers\down\136687.exe
C:\WINDOWS\system32\drivers\down\136968.exe
C:\WINDOWS\system32\drivers\down\137953.exe
C:\WINDOWS\system32\drivers\down\139078.exe
C:\WINDOWS\system32\drivers\down\141796.exe
C:\WINDOWS\system32\drivers\down\142593.exe
C:\WINDOWS\system32\drivers\down\142937.exe
C:\WINDOWS\system32\drivers\down\143468.exe
C:\WINDOWS\system32\drivers\down\145156.exe
C:\WINDOWS\system32\drivers\down\146437.exe
C:\WINDOWS\system32\drivers\down\147093.exe
C:\WINDOWS\system32\drivers\down\147765.exe
C:\WINDOWS\system32\drivers\down\149046.exe
C:\WINDOWS\system32\drivers\down\150937.exe
C:\WINDOWS\system32\drivers\down\151125.exe
C:\WINDOWS\system32\drivers\down\153046.exe
C:\WINDOWS\system32\drivers\down\153328.exe
C:\WINDOWS\system32\drivers\down\154281.exe
C:\WINDOWS\system32\drivers\down\157546.exe
C:\WINDOWS\system32\drivers\down\157859.exe
C:\WINDOWS\system32\drivers\down\158875.exe
C:\WINDOWS\system32\drivers\down\160296.exe
C:\WINDOWS\system32\drivers\down\160484.exe
C:\WINDOWS\system32\drivers\down\163265.exe
C:\WINDOWS\system32\drivers\down\163500.exe
C:\WINDOWS\system32\drivers\down\163656.exe
C:\WINDOWS\system32\drivers\down\164562.exe
C:\WINDOWS\system32\drivers\down\166078.exe
C:\WINDOWS\system32\drivers\down\169015.exe
C:\WINDOWS\system32\drivers\down\169828.exe
C:\WINDOWS\system32\drivers\down\170109.exe
C:\WINDOWS\system32\drivers\down\171828.exe
C:\WINDOWS\system32\drivers\down\172703.exe
C:\WINDOWS\system32\drivers\down\173468.exe
C:\WINDOWS\system32\drivers\down\173593.exe
C:\WINDOWS\system32\drivers\down\174750.exe
C:\WINDOWS\system32\drivers\down\176312.exe
C:\WINDOWS\system32\drivers\down\178046.exe
C:\WINDOWS\system32\drivers\down\179156.exe
C:\WINDOWS\system32\drivers\down\179250.exe
C:\WINDOWS\system32\drivers\down\179640.exe
C:\WINDOWS\system32\drivers\down\179984.exe
C:\WINDOWS\system32\drivers\down\180984.exe
C:\WINDOWS\system32\drivers\down\181828.exe
C:\WINDOWS\system32\drivers\down\182125.exe
C:\WINDOWS\system32\drivers\down\184453.exe
C:\WINDOWS\system32\drivers\down\184906.exe
C:\WINDOWS\system32\drivers\down\185250.exe
C:\WINDOWS\system32\drivers\down\186031.exe
C:\WINDOWS\system32\drivers\down\187656.exe
C:\WINDOWS\system32\drivers\down\188046.exe
C:\WINDOWS\system32\drivers\down\189406.exe
C:\WINDOWS\system32\drivers\down\191062.exe
C:\WINDOWS\system32\drivers\down\193187.exe
C:\WINDOWS\system32\drivers\down\195421.exe
C:\WINDOWS\system32\drivers\down\195625.exe
C:\WINDOWS\system32\drivers\down\196734.exe
C:\WINDOWS\system32\drivers\down\196796.exe
C:\WINDOWS\system32\drivers\down\198609.exe
C:\WINDOWS\system32\drivers\down\200296.exe
C:\WINDOWS\system32\drivers\down\200421.exe
C:\WINDOWS\system32\drivers\down\201046.exe
C:\WINDOWS\system32\drivers\down\202234.exe
C:\WINDOWS\system32\drivers\down\204578.exe
C:\WINDOWS\system32\drivers\down\206171.exe
C:\WINDOWS\system32\drivers\down\206546.exe
C:\WINDOWS\system32\drivers\down\208265.exe
C:\WINDOWS\system32\drivers\down\208406.exe
C:\WINDOWS\system32\drivers\down\209406.exe
C:\WINDOWS\system32\drivers\down\210718.exe
C:\WINDOWS\system32\drivers\down\211250.exe
C:\WINDOWS\system32\drivers\down\211953.exe
C:\WINDOWS\system32\drivers\down\213453.exe
C:\WINDOWS\system32\drivers\down\214203.exe
C:\WINDOWS\system32\drivers\down\214562.exe
C:\WINDOWS\system32\drivers\down\215281.exe
C:\WINDOWS\system32\drivers\down\217859.exe
C:\WINDOWS\system32\drivers\down\218312.exe
C:\WINDOWS\system32\drivers\down\223031.exe
C:\WINDOWS\system32\drivers\down\224390.exe
C:\WINDOWS\system32\drivers\down\226343.exe
C:\WINDOWS\system32\drivers\down\230421.exe
C:\WINDOWS\system32\drivers\down\231968.exe
C:\WINDOWS\system32\drivers\down\232265.exe
C:\WINDOWS\system32\drivers\down\233312.exe
C:\WINDOWS\system32\drivers\down\235640.exe
C:\WINDOWS\system32\drivers\down\237421.exe
C:\WINDOWS\system32\drivers\down\241781.exe
C:\WINDOWS\system32\drivers\down\244734.exe
C:\WINDOWS\system32\drivers\down\245250.exe
C:\WINDOWS\system32\drivers\down\251171.exe
C:\WINDOWS\system32\drivers\down\251328.exe
C:\WINDOWS\system32\drivers\down\257281.exe
C:\WINDOWS\system32\drivers\down\258984.exe
C:\WINDOWS\system32\drivers\down\265984.exe
C:\WINDOWS\system32\drivers\down\267250.exe
C:\WINDOWS\system32\drivers\down\273093.exe
C:\WINDOWS\system32\drivers\down\277296.exe
C:\WINDOWS\system32\drivers\down\66171.exe
C:\WINDOWS\system32\drivers\down\67734.exe
C:\WINDOWS\system32\drivers\down\68515.exe
C:\WINDOWS\system32\drivers\down\68875.exe
C:\WINDOWS\system32\drivers\down\69921.exe
C:\WINDOWS\system32\drivers\down\71890.exe
C:\WINDOWS\system32\drivers\down\72640.exe
C:\WINDOWS\system32\drivers\down\73109.exe
C:\WINDOWS\system32\drivers\down\75000.exe
C:\WINDOWS\system32\drivers\down\79937.exe
C:\WINDOWS\system32\drivers\down\83156.exe
C:\WINDOWS\system32\drivers\down\87421.exe
C:\WINDOWS\system32\drivers\down\88218.exe
C:\WINDOWS\system32\drivers\down\91968.exe
C:\WINDOWS\system32\drivers\down\92875.exe
C:\WINDOWS\system32\drivers\down\95593.exe
C:\WINDOWS\system32\drivers\down\97781.exe
C:\WINDOWS\system32\drivers\down\97843.exe
C:\WINDOWS\system32\drivers\down\98515.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-02-28 to 2008-03-29 ))))))))))))))))))))))))))))))))))))
.

2008-03-29 19:50 . 2008-03-29 19:50 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-29 18:46 . 2008-03-29 18:46 <REP> d-------- C:\Muestras
2008-03-29 17:49 . 2008-03-29 17:49 <REP> d-------- C:\Program Files\CCleaner
2008-03-29 12:40 . 2008-03-29 13:46 <REP> d-------- C:\Program Files\CDex_170b2
2008-03-29 12:30 . 2008-03-29 12:30 <REP> d-------- C:\Documents and Settings\yves\Application Data\AccurateRip
2008-03-29 12:30 . 2008-03-29 12:30 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.bmp
2008-03-29 12:30 . 2008-03-29 12:30 12,915 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2008-03-28 20:39 . 2008-03-28 20:39 <REP> d--h----- C:\WINDOWS\PIF
2008-03-28 14:01 . 2008-03-28 14:02 <REP> d-------- C:\Documents and Settings\yves\Application Data\Sites
2008-03-28 14:01 . 2008-03-28 14:02 <REP> d-------- C:\Documents and Settings\yves\Application Data\Dynamique
2008-03-28 14:01 . 2008-03-28 14:02 <REP> d-------- C:\Documents and Settings\yves\Application Data\Classes de site
2008-03-28 14:00 . 2008-03-28 18:48 <REP> d-------- C:\Program Files\vmntoolbar
2008-03-28 14:00 . 2008-03-28 14:05 <REP> d-------- C:\Program Files\Visicom Media
2008-03-28 13:28 . 2008-03-28 13:31 <REP> d-------- C:\Program Files\Crystal FTP Free
2008-03-28 13:28 . 2008-03-28 13:28 <REP> d-------- C:\Documents and Settings\yves\Application Data\Crystal FTP
2008-03-26 13:16 . 2008-03-26 15:40 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-26 13:16 . 2008-03-26 13:16 3,120 --a------ C:\WINDOWS\MF_C421.lfa
2008-03-26 13:16 . 2008-03-26 13:16 3,120 --a------ C:\WINDOWS\MF_C420.lfa
2008-03-26 13:15 . 2008-03-26 20:28 <REP> d-------- C:\Program Files\Blaze Media Pro
2008-03-25 21:41 . 2008-03-25 21:44 <REP> d-------- C:\Program Files\Monkey's Audio
2008-03-25 20:23 . 2008-03-29 12:29 4,230,520 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2008-03-25 20:23 . 2008-03-25 21:37 27,958 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Monkeys Audio Codec.bmp
2008-03-25 20:23 . 2008-03-25 21:38 2,275 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Monkeys Audio Codec.dat
2008-03-24 11:02 . 2008-03-24 11:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NtiDvdCopy
2008-03-22 18:28 . 2008-03-22 18:28 <REP> d-------- C:\Program Files\Fichiers communs\DVDVIDEOSOFT
2008-03-22 18:28 . 2008-03-22 18:28 <REP> d-------- C:\Program Files\DVDVIDEOSOFT
2008-03-22 18:24 . 2008-03-22 18:24 <REP> d-------- C:\Documents and Settings\yves\Application Data\Search Settings
2008-03-22 17:54 . 2008-03-22 17:54 <REP> d-------- C:\Program Files\Search Settings
2008-03-22 17:53 . 2008-03-22 18:24 <REP> d-------- C:\Program Files\Free FLV Converter
2008-03-22 17:53 . 2008-03-22 17:54 <REP> d-------- C:\Program Files\Dealio
2008-03-22 17:53 . 2007-06-18 23:22 364,544 --a------ C:\WINDOWS\system32\PropertyGrid.ocx
2008-03-22 17:53 . 2005-10-13 13:42 208,500 --a------ C:\WINDOWS\system32\ReyXpBasics.tlb
2008-03-22 17:53 . 2004-03-09 00:00 84,512 --a------ C:\WINDOWS\system32\PICCLP32.OCX
2008-03-22 17:53 . 2005-09-28 01:31 24,576 --a------ C:\WINDOWS\system32\ControlSubX.ocx
2008-03-22 17:53 . 1998-07-13 00:00 9,728 --a------ C:\WINDOWS\system32\PCCLPFR.DLL
2008-03-21 20:54 . 2008-03-21 20:54 <REP> d-------- C:\Program Files\LimeWire
2008-03-21 20:54 . 2008-03-21 21:56 <REP> d-------- C:\Documents and Settings\yves\Application Data\LimeWire
2008-03-21 13:30 . 2008-03-21 13:30 <REP> d-------- C:\Program Files\Alcohol Soft
2008-03-20 12:07 . 2008-03-20 12:07 <REP> d--hs---- C:\WINDOWS\ftpcache
2008-03-20 12:06 . 2008-03-20 12:06 <REP> d-------- C:\Program Files\Vente Flash
2008-03-18 11:41 . 2008-03-18 11:41 <REP> d-------- C:\Program Files\ExplorerXP
2008-03-18 10:15 . 2008-03-18 10:43 <REP> d-------- C:\Program Files\Windows scrabble
2008-03-13 08:38 . 2008-03-13 08:38 <REP> d-------- C:\Program Files\Stardock
2008-03-13 08:38 . 2008-03-13 08:38 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\{A850D4D9-871B-4234-908D-21C457767270}
2008-03-12 17:28 . 2008-03-12 17:30 <REP> d-------- C:\Program Files\Virtual Magnifying Glass
2008-03-12 14:34 . 2008-03-12 14:53 <REP> d-------- C:\Documents and Settings\yves\Application Data\gtk-2.0
2008-03-12 14:34 . 2008-03-12 14:34 <REP> d-------- C:\Documents and Settings\yves\.thumbnails
2008-03-12 14:31 . 2008-03-12 14:55 <REP> d-------- C:\Documents and Settings\yves\.gimp-2.4
2008-03-12 14:30 . 2008-03-12 14:30 <REP> d-------- C:\Program Files\GIMP-2.0
2008-03-11 18:57 . 2008-03-11 18:57 <REP> d-------- C:\Program Files\Conjugaison
2008-03-10 22:54 . 2008-03-14 17:09 <REP> d-------- C:\Program Files\OCCT
2008-03-09 21:49 . 2008-03-09 21:49 <REP> d-------- C:\Documents and Settings\yves\Application Data\Ulead Systems
2008-03-09 21:43 . 2008-03-09 21:43 <REP> d-------- C:\Program Files\Fichiers communs\Ulead Systems
2008-03-09 21:43 . 2008-03-09 21:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-03-06 11:19 . 2008-03-06 11:19 <REP> d-------- C:\Program Files\SFRWidget
2008-03-01 09:51 . 2008-03-01 09:51 <REP> d-------- C:\Program Files\IObit

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-29 19:37 --------- d-----w C:\Program Files\Hijackthis Version Française
2008-03-29 18:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-29 15:38 --------- d-----w C:\Program Files\Unlocker
2008-03-29 14:21 --------- d-----w C:\Program Files\eMule
2008-03-29 13:38 --------- d-----w C:\Program Files\ZGuideTV
2008-03-29 13:07 --------- d-----w C:\Documents and Settings\yves\Application Data\FileZilla
2008-03-29 13:05 --------- d-----w C:\Program Files\FileZilla Client
2008-03-29 11:32 --------- d-----w C:\Program Files\dBpowerAMP
2008-03-28 17:46 --------- d-----w C:\Documents and Settings\yves\Application Data\Dealio
2008-03-27 13:19 --------- d-----w C:\Program Files\MediaCoder
2008-03-26 23:10 --------- d-----w C:\Documents and Settings\yves\Application Data\XnView
2008-03-26 18:04 --------- d-----w C:\Documents and Settings\yves\Application Data\U3
2008-03-26 08:35 --------- d-----w C:\Program Files\Radio Fr Solo
2008-03-26 05:07 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-03-25 12:40 --------- d-----w C:\Documents and Settings\yves\Application Data\Image Zone Express
2008-03-21 12:18 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-03-17 18:31 --------- d-----w C:\Documents and Settings\yves\Application Data\Simple Sudoku
2008-03-12 08:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-09 20:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-09 20:43 --------- d-----w C:\Program Files\Ulead Systems
2008-03-09 20:43 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-03-07 09:55 --------- d-----w C:\Program Files\IncrediMail
2008-03-06 21:00 --------- d-----w C:\Program Files\Micro Application
2008-03-06 13:03 --------- d-----w C:\Program Files\7-Zip
2008-02-28 18:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\IM
2008-02-28 18:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\IncrediMail
2008-02-24 12:28 --------- d-----w C:\Program Files\Simple Sudoku
2008-02-24 12:28 --------- d-----w C:\Program Files\Nvu
2008-02-24 12:28 --------- d-----w C:\Program Files\ExtracteurIcones
2008-02-24 12:28 --------- d-----w C:\Program Files\EnveloppesEditor1.09
2008-02-24 12:28 --------- d-----w C:\Program Files\CartaGoGo
2008-02-24 12:26 --------- d-----w C:\Documents and Settings\yves\Application Data\GlarySoft
2008-02-24 12:17 --------- d-----w C:\Program Files\Glary Utilities
2008-02-22 18:54 --------- d-----w C:\Program Files\Fichiers communs\Vbox
2008-02-22 18:54 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-21 20:06 --------- d-----w C:\Program Files\Logiciels Sebastien GRENIER
2008-02-21 08:31 --------- d-----w C:\Documents and Settings\yves\Application Data\AchrafCherti
2008-02-21 08:28 --------- d-----w C:\Program Files\UltraSplitter
2008-02-20 11:15 --------- d-----w C:\Program Files\XnView
2008-02-20 11:08 --------- d-----w C:\Program Files\KC Softwares
2008-02-16 19:22 --------- d-----w C:\Documents and Settings\yves\Application Data\Ashampoo
2008-02-16 19:10 --------- d-----w C:\Program Files\Ashampoo
2008-02-16 17:35 --------- d-----w C:\Program Files\scrabbleproB1.0.7
2008-02-15 16:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\espionServerData
2008-02-15 16:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-02-15 16:30 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
2008-02-15 16:26 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-02-14 19:14 --------- d-----w C:\Documents and Settings\yves\Application Data\Leadertech
2008-02-12 15:43 --------- d-----w C:\Program Files\Photodex Presenter
2008-02-12 15:43 --------- d-----w C:\Program Files\Photodex
2008-02-11 19:48 --------- d-----w C:\Program Files\Photo Story 3 for Windows
2008-02-11 12:48 --------- d-----w C:\Program Files\Fichiers communs\Micro Application Shared
2008-02-10 09:54 --------- d-----w C:\Program Files\NCH Software
2008-02-10 08:28 --------- d-----w C:\Program Files\IVCsoft
2008-02-09 23:00 --------- d-----w C:\Program Files\Konvertor
2008-02-07 10:15 --------- d-----w C:\Documents and Settings\yves\Application Data\COWON
2008-02-05 08:02 --------- d-----w C:\Program Files\FDSoftware
2008-02-01 07:39 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-02-01 07:39 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-02-01 07:39 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-02-01 07:39 --------- d-----w C:\Program Files\Symantec
2008-01-21 15:47 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-01-21 15:47 253,952 ------w C:\WINDOWS\Setup1.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 09:42 495616]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 21:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-02-03 10:22 160568]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-02-25 13:07 243072]
"Magnifying Glass"="C:\Program Files\Virtual Magnifying Glass\Magnifying Glass.exe" [2006-06-06 18:42 441344]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2004-06-18 06:05 659456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-03-29 20:07 52840]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-11 23:19 7626752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Acer Empowering Technology.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Acer Empowering Technology.lnk
backup=C:\WINDOWS\pss\Acer Empowering Technology.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Acer WLAN 11g USB Dongle.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Acer WLAN 11g USB Dongle.lnk
backup=C:\WINDOWS\pss\Acer WLAN 11g USB Dongle.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]
--a------ 2006-04-18 18:54 49152 C:\WINDOWS\system32\SysMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
--a------ 2007-09-25 22:26 69632 C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 03:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cloneur Expert Monitor]
--a------ 2007-09-25 22:26 439211 C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-10 21:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 11:48 157592 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
--a------ 2006-03-17 14:00 345088 C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-09-29 13:01 67584 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
--a------ 2006-06-01 13:40 413696 C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
--a------ 2004-08-10 21:00 44032 C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-10 21:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
--a------ 2008-02-25 13:07 243072 C:\Program Files\IncrediMail\bin\IncMail.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 2004-08-10 21:00 59392 C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
--a------ 2005-05-11 16:15 45056 c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-07-11 23:19 7626752 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-07-11 23:19 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-07-11 23:19 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-10 21:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-10 21:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-06-01 01:48 16208384 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2006-05-16 03:04 2879488 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 03:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
--a------ 2006-09-23 12:08 61440 C:\Acer\WR_PopUp\WarReg_PopUp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Radio Fr Solo\\Radio_Fr_Solo.exe"=
"C:\\Program Files\\Radio Fr Solo\\RFSUpdate.exe"=
"C:\\Program Files\\Radio Fr Solo\\RFScheduler.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Adobe\\Photoshop Elements 6.0\\AdobePhotoshopElementsMediaServer.exe"=
"C:\\Program Files\\Logiciels Sebastien GRENIER\\Sudoku\\sudoku.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncrediMail_Install.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"C:\\Program Files\\Crystal FTP Free\\crystalftp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58787:TCP"= 58787:TCP:Pando P2P TCP Listening Port
"58787:UDP"= 58787:UDP:Pando P2P UDP Listening Port

R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 00:45]
R2 KeyP;KeyP;C:\WINDOWS\system32\DRIVERS\KeyP.sys [1996-02-22 08:10]
R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2008-01-07 12:09]
S3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 13:46]
S3 psdfilter;psdfilter;C:\WINDOWS\system32\Drivers\psdfilter.sys [2006-04-07 19:17]
S3 psdvdisk;psdvdisk;C:\WINDOWS\system32\Drivers\psdvdisk.sys [2006-03-08 16:10]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 10:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9e75f2f-de0b-11dc-bc9e-001921514e5a}]
\Shell\AutoRun\command - N:\LaunchU3.exe -a

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-03-28 21:02:00 C:\WINDOWS\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - yves.job"

rapport navilog
Search Navipromo version 3.5.1 commencé le 2008-03-29 à 22:04:42.25

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "yves"

Mise à jour le 23.03.2008 à 22h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS

Executé en mode normal

*** Recherche Programmes installés ***




*** Recherche dossiers dans C:\WINDOWS ***



*** Recherche dossiers dans C:\Program Files ***



*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***




*** Recherche dossiers dans "C:\Documents and Settings\yves\applic~1" ***



*** Recherche dossiers dans "C:\Documents and Settings\yves\locals~1\applic~1" ***



*** Recherche dossiers dans "C:\Documents and Settings\yves\menudm~1\progra~1" ***


*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

* Recherche dans "C:\Documents and Settings\yves\locals~1\applic~1" *

* Recherche dans "C:\docume~1\Administrateur\locals~1\applic~1" *



*** Recherche fichiers ***




*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans C:\WINDOWS\system32 :


* Dans "C:\Documents and Settings\yves\locals~1\applic~1" :


* Dans "C:\docume~1\Administrateur\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 2008-03-29 à 22:10:12.50 ***

rapport clean part 1
C:\WINDOWS\System32\nvapps.xml -->2008-03-29 20:35:06
C:\WINDOWS\System32\wpa.dbl -->2008-03-29 16:32:58
C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat -->2008-03-29 12:30:40
C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.bmp -->2008-03-29 12:30:20
C:\WINDOWS\System32\SpoonUninstall.exe -->2008-03-29 12:29:14
C:\WINDOWS\System32\FNTCACHE.DAT -->2008-03-29 09:36:31
C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Monkeys Audio Codec.dat -->2008-03-25 21:38:39
C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Monkeys Audio Codec.bmp -->2008-03-25 21:37:24
C:\WINDOWS\System32\BASSMOD.dll -->2008-03-07 00:07:45
C:\WINDOWS\System32\MRT.exe -->2008-03-05 17:30:54
C:\WINDOWS\System32\pxafs.dll -->2008-02-15 17:26:38
C:\WINDOWS\System32\pxdrv.dll -->2008-02-15 17:26:37
C:\WINDOWS\System32\pxcpyi64.exe -->2008-02-15 17:26:37
C:\WINDOWS\System32\pxcpya64.exe -->2008-02-15 17:26:37
C:\WINDOWS\System32\pxsfs.dll -->2008-02-15 17:26:36
C:\WINDOWS\System32\pxmas.dll -->2008-02-15 17:26:36
C:\WINDOWS\System32\pxinsi64.exe -->2008-02-15 17:26:36
C:\WINDOWS\System32\pxinsa64.exe -->2008-02-15 17:26:36
C:\WINDOWS\System32\pxhpinst.exe -->2008-02-15 17:26:36
C:\WINDOWS\System32\pxwave.dll -->2008-02-15 17:26:35
C:\WINDOWS\System32\px.dll -->2008-02-15 17:26:32
C:\WINDOWS\System32\PerfStringBackup.INI -->2008-02-06 09:06:03
C:\WINDOWS\System32\perfh00C.dat -->2008-02-06 09:06:03
C:\WINDOWS\System32\perfh009.dat -->2008-02-06 09:06:03
C:\WINDOWS\System32\perfc00C.dat -->2008-02-06 09:06:03

C:\WINDOWS\0.log -->2008-03-29 21:42:49
C:\WINDOWS\ModemLog_PCI SoftV92 Modem.txt -->2008-03-29 21:42:48
C:\WINDOWS\WindowsUpdate.log -->2008-03-29 21:42:43
C:\WINDOWS\wiadebug.log -->2008-03-29 21:42:41
C:\WINDOWS\wiaservc.log -->2008-03-29 21:42:40
C:\WINDOWS\system.ini -->2008-03-29 21:42:20
C:\WINDOWS\bootstat.dat -->2008-03-29 21:42:09
C:\WINDOWS\SchedLgU.Txt -->2008-03-29 21:41:23
C:\WINDOWS\setupapi.log -->2008-03-29 20:09:59
C:\WINDOWS\ntbtlog.txt -->2008-03-29 19:14:39
C:\WINDOWS\PR1V2.INI -->2008-03-29 18:12:08
C:\WINDOWS\MF_C421.lfa -->2008-03-26 13:16:33
C:\WINDOWS\MF_C420.lfa -->2008-03-26 13:16:33
C:\WINDOWS\Radio_Fr.ini -->2008-03-26 09:35:41
C:\WINDOWS\ULEAD32.INI -->2008-03-08 09:45:09

rapport clean part 2
C:\WINDOWS\System32\SpoonUninstall.exe -->2008-03-29 12:29:14
C:\WINDOWS\System32\MRT.exe -->2008-03-05 17:30:54
C:\WINDOWS\System32\pxcpyi64.exe -->2008-02-15 17:26:37
C:\WINDOWS\System32\pxcpya64.exe -->2008-02-15 17:26:37
C:\WINDOWS\System32\pxinsi64.exe -->2008-02-15 17:26:36
C:\WINDOWS\System32\pxinsa64.exe -->2008-02-15 17:26:36
C:\WINDOWS\System32\pxhpinst.exe -->2008-02-15 17:26:36
C:\WINDOWS\System32\BASSMOD.dll -->2008-03-07 00:07:45
C:\WINDOWS\System32\pxafs.dll -->2008-02-15 17:26:38
C:\WINDOWS\System32\pxdrv.dll -->2008-02-15 17:26:37
C:\WINDOWS\System32\pxsfs.dll -->2008-02-15 17:26:36
C:\WINDOWS\System32\pxmas.dll -->2008-02-15 17:26:36
C:\WINDOWS\System32\pxwave.dll -->2008-02-15 17:26:35
C:\WINDOWS\System32\px.dll -->2008-02-15 17:26:32

Besoin d'aide
merci a tous
0
Réponse 3 / 5
Utilisateur anonyme
30 mars 2008 à 01:27
Supprime ton hijackthis qui est obsolète

==================== HIJACKTHIS ======================

HijackThis

• Télécharger HijackThis
• Installer HijackThis en se laissant guider (Accepter le répertoire proposé sans rien changer)
• Fermer HijackThis
• Télécharger sur le bureau HJTNew (Si le Pare-Feu ou l'Anti-virus se manifeste, Ignorer)
• Fermer toutes les applications
• Se débrancher d'Internet (Enlever le cable, c'est encore la meilleure solution)
• Lancer HJTNew.exe (Si le Pare-Feu ou l'Anti-virus se manifeste, Ignorer)
Ne pas s'étonner pour HJTNew, rien ne s'affiche, juste une fenêtre qui s'ouvre et se ferme aussitôt. C'est normal.
• Click sur Do a system scan and save a logfile
• Copier/Coller le rapport dans le prochain message
• Supprimer HJTNew.exe (sinon l'Anti-virus risque de se manifester souvent) puis
• Attendre la suite
_
0
Réponse 4 / 5
kalliste2b Messages postés 122 Date d'inscription jeudi 23 août 2007 Statut Membre Dernière intervention 5 novembre 2013
30 mars 2008 à 08:35
Bonjour,

j'ai suivi tes instructions
voici le nouveau rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:30, on 2008-03-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Virtual Magnifying Glass\Magnifying Glass.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\MonJack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.liberad.com/_index.asp?lg=fr&dem=1&id=9052
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://portail.free.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb126\Dealio.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNavExtBho Class - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Magnifying Glass] "C:\Program Files\Virtual Magnifying Glass\Magnifying Glass.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] E:\prhyper.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\yves\Application Data\Dealio\kb126\res\DealioSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 5
Utilisateur anonyme
30 mars 2008 à 18:19
======================= BT Fix ==========================

• Téléchargez BTFix (par bibi26)
• Décompresser l'archive (clique droit sur l'archive -> extraire tout) sur le Bureau.
Il doit y avoir maintenant un dossier du nom de BTFix.
• Sur le Bureau, ouvrir le dossier BTFix.
• Double-click sur le fichier BTFix.exe.
• Click sur Rechercher
• En fin de procédure il affiche le rapport.
• Copier/Coller le rapport dans le prochain message


-------- Désinfection

• Ouvrir BTFix.
• Cliquer sur Nettoyer.
• Un rapport va apparaitre, le copier/coller dans la prochaine réponse.
• Copier/coller un nouveau rapport HiJackThis
0

Discussions similaires

Virus détecté
Koony -
MisteryBean -

6 réponses
infecté par des virus
Lisy59120 -
Lisy59120 -

5 réponses
Infection d'une URL.blacklist
marina41 -
Malekal_morte- -

6 réponses
mustapha
mustapha -
Ainillia -

1 réponse
y a t'il des virus qu'avast ne detecte pas
davivid -
Utilisateur anonyme -

24 réponses