Problème Messenger Skinner
Résolu
Timon-dlp
Messages postés
27
Statut
Membre
-
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
Comme beaucoup de monde ayant installer puis désinstaller Messenger Skinner, j'ai le probleme de fenetres intempestive qui s'ouvre sous Firefox et Explorer.
Je suis sous Vista Home SP1.
Pourriez-vous m'aider?
Merci.
Comme beaucoup de monde ayant installer puis désinstaller Messenger Skinner, j'ai le probleme de fenetres intempestive qui s'ouvre sous Firefox et Explorer.
Je suis sous Vista Home SP1.
Pourriez-vous m'aider?
Merci.
A voir également:
- Problème Messenger Skinner
- Cette personne n'est pas disponible sur messenger - Guide
- Spam messenger - Guide
- Yahoo messenger - Télécharger - Messagerie
- Bloquer sur messenger - Guide
- Restreindre messenger - Forum Facebook Messenger
32 réponses
slt,
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.
Télécharge maintenant Navilog1 depuis-ce lien :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, Fais un Clic-droit sur le raccourci Navilog1 présent sur ton bureau et choisis "Exécuter
en tant qu'administrateur".
Au menu principal, Fais le choix 1
Laisse toi guider et patiente.
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche le blocnote va s'ouvrir.
Copie-colle l'intégralité du rapport dans une réponse.
Referme le blocnote
Le rapport fixnavi.txt est en outre sauvegardé dans %systemdrive%.
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.
Télécharge maintenant Navilog1 depuis-ce lien :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, Fais un Clic-droit sur le raccourci Navilog1 présent sur ton bureau et choisis "Exécuter
en tant qu'administrateur".
Au menu principal, Fais le choix 1
Laisse toi guider et patiente.
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche le blocnote va s'ouvrir.
Copie-colle l'intégralité du rapport dans une réponse.
Referme le blocnote
Le rapport fixnavi.txt est en outre sauvegardé dans %systemdrive%.
Voici le rapport après l'analyse :
Search Navipromo version 3.5.2 commencé le mer. 02/04/2008 à 19:07:06,17
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Lolo"
Mise à jour le 29.03.2008 à 22h00 par IL-MAFIOSO
Microsoft Windows Vista 6.0.6001
Internet Explorer : 7.0.6001.18000
Système de fichiers : NTFS
Executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans C:\Windows ***
*** Recherche dossiers dans C:\Program Files ***
*** Recherche dossiers dans C:\ProgramData ***
*** Recherche dossiers dans C:\ProgramData\Microsoft\Windows\Start Menu\Programs ***
*** Recherche dossiers dans c:\users\lolo\appdata\roaming\microsoft\windows\start menu\programs ***
*** Recherche dossiers dans C:\Users\Lolo\AppData\Roaming ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Aucun Fichier trouvé
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans C:\Windows\system32 *
* Recherche dans C:\Users\Lolo\AppData\Local\Microsoft *
* Recherche dans C:\Users\Lolo\AppData\Local *
* Recherche dans "C:\Users\ADMINI~1\AppData\Local" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans C:\Windows\system32 :
* Dans C:\Users\Lolo\AppData\Local\Microsoft :
* Dans C:\Users\Lolo\AppData\Local :
* Dans "C:\Users\ADMINI~1\AppData\Local" :
3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche fichiers connus :
*** Analyse terminée le mer. 02/04/2008 à 19:42:21,72 ***
Search Navipromo version 3.5.2 commencé le mer. 02/04/2008 à 19:07:06,17
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Lolo"
Mise à jour le 29.03.2008 à 22h00 par IL-MAFIOSO
Microsoft Windows Vista 6.0.6001
Internet Explorer : 7.0.6001.18000
Système de fichiers : NTFS
Executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans C:\Windows ***
*** Recherche dossiers dans C:\Program Files ***
*** Recherche dossiers dans C:\ProgramData ***
*** Recherche dossiers dans C:\ProgramData\Microsoft\Windows\Start Menu\Programs ***
*** Recherche dossiers dans c:\users\lolo\appdata\roaming\microsoft\windows\start menu\programs ***
*** Recherche dossiers dans C:\Users\Lolo\AppData\Roaming ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Aucun Fichier trouvé
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans C:\Windows\system32 *
* Recherche dans C:\Users\Lolo\AppData\Local\Microsoft *
* Recherche dans C:\Users\Lolo\AppData\Local *
* Recherche dans "C:\Users\ADMINI~1\AppData\Local" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans C:\Windows\system32 :
* Dans C:\Users\Lolo\AppData\Local\Microsoft :
* Dans C:\Users\Lolo\AppData\Local :
* Dans "C:\Users\ADMINI~1\AppData\Local" :
3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche fichiers connus :
*** Analyse terminée le mer. 02/04/2008 à 19:42:21,72 ***
Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic
Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
____________
colle un rapport hijackthis
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
manuel :
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic
Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
____________
colle un rapport hijackthis
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
manuel :
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
Voici le rapport de Combofix :
ComboFix 08-04-01.2 - Lolo 2008-04-02 21:03:20.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.980 [GMT 2:00]
Endroit: C:\Users\Lolo\Desktop\KillBagle.exe
* Création d'un nouveau point de restauration
* Resident AV is active
.
TimedOut: progfile.dat
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\Lolo\AppData\Local\Microsoft\Windows\Temporary Internet Files\101.gif
C:\Users\Lolo\AppData\Local\Microsoft\Windows\Temporary Internet Files\102.gif
C:\Users\Lolo\AppData\Local\Microsoft\Windows\Temporary Internet Files\103.gif
C:\Users\Lolo\AppData\Local\Microsoft\Windows\Temporary Internet Files\104.gif
C:\Users\Lolo\AppData\Local\Microsoft\Windows\Temporary Internet Files\105.gif
C:\Users\Lolo\AppData\Local\Microsoft\Windows\Temporary Internet Files\106.gif
C:\Users\Lolo\AppData\Roaming\inst.exe
C:\Windows\system32\~.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-02 to 2008-04-02 ))))))))))))))))))))))))))))))))))))
.
2008-04-02 18:34 . 2008-04-02 18:36 <REP> d-------- C:\Program Files\RegCleaner
2008-04-02 18:32 . 2008-04-02 18:32 553,687 --a------ C:\regcleaner_regcleaner_4.3.0.780_francais_10573.exe
2008-04-02 03:26 . 2008-04-02 03:26 <REP> d-------- C:\Users\Lolo\AppData\Roaming\Convivea
2008-04-02 01:38 . 2008-04-02 19:42 <REP> d-------- C:\Program Files\Navilog1
2008-03-28 21:02 . 2008-04-01 17:54 54,156 --ah----- C:\Windows\QTFont.qfn
2008-03-28 21:02 . 2008-03-28 21:02 1,409 --a------ C:\Windows\QTFont.for
2008-03-27 22:09 . 2008-03-27 22:09 <REP> d-------- C:\Program Files\Clean Virus MSN
2008-03-24 03:39 . 2008-03-24 03:39 <REP> d-------- C:\Users\Lolo\AppData\Roaming\GameHouse
2008-03-24 03:37 . 2008-03-24 03:37 <REP> d-------- C:\Users\Lolo\AppData\Roaming\Magic Academy
2008-03-24 03:35 . 2008-03-24 03:35 <REP> d-------- C:\Program Files\BFG
2008-03-24 03:33 . 2008-03-24 03:33 <REP> d-------- C:\Users\Lolo\AppData\Roaming\Mysteryville2
2008-03-24 03:23 . 2008-03-24 03:23 <REP> d-------- C:\Program Files\ReflexiveArcade
2008-03-24 03:16 . 2008-03-24 03:16 <REP> d-------- C:\Users\Lolo\AppData\Roaming\Sandlot Games
2008-03-24 03:15 . 2008-03-24 03:15 <REP> d-------- C:\Users\All Users\Trymedia
2008-03-24 03:15 . 2008-03-24 03:15 <REP> d-------- C:\ProgramData\Trymedia
2008-03-24 03:14 . 2008-03-27 00:05 9,216 --a------ C:\Windows\System32\host.db
2008-03-24 03:14 . 2008-03-24 03:14 1,426 --a------ C:\Windows\System32\host5.zip
2008-03-23 13:32 . 2008-03-23 13:32 <REP> d-------- C:\Users\All Users\NannyMania
2008-03-23 13:32 . 2008-03-23 13:32 <REP> d-------- C:\ProgramData\NannyMania
2008-03-22 12:27 . 2008-03-22 12:27 <REP> d-------- C:\Users\Lolo\AppData\Roaming\GAMEON
2008-03-22 02:07 . 2008-03-22 02:11 <REP> d-------- C:\Users\Lolo\AppData\Roaming\Off Road
2008-03-21 18:27 . 2008-03-21 18:27 <REP> d-------- C:\Program Files\DVD Shrink
2008-03-20 03:28 . 2008-03-20 02:52 152,576 --a------ C:\Windows\System32\SPWizUI.dll
2008-03-20 03:28 . 2008-03-20 02:52 47,560 --a------ C:\Windows\System32\SPReview.exe
2008-03-20 03:05 . 2008-01-19 00:33 193,024 --a------ C:\Windows\System32\recdisc.exe
2008-03-20 03:05 . 2008-01-19 00:36 6,656 --a------ C:\Windows\System32\sdspres.dll
2008-03-20 03:04 . 2008-01-19 00:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
2008-03-20 03:03 . 2008-01-19 00:36 142,336 --a------ C:\Windows\System32\spp.dll
2008-03-20 03:03 . 2008-01-19 00:36 28,160 --a------ C:\Windows\System32\sxproxy.dll
2008-03-20 03:00 . 2008-01-19 00:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll
2008-03-20 02:58 . 2008-01-19 00:36 2,588,160 --a------ C:\Windows\System32\UIHub.dll
2008-03-20 02:54 . 2008-01-19 00:33 44,032 --a------ C:\Windows\System32\cbsra.exe
2008-03-20 02:52 . 2008-03-20 03:33 196,608 --a------ C:\Windows\SPInstall.etl
2008-03-19 11:45 . 2008-03-21 02:10 <REP> d-------- C:\Users\All Users\DVD Shrink
2008-03-19 11:45 . 2008-03-21 02:10 <REP> d-------- C:\ProgramData\DVD Shrink
2008-03-19 09:07 . 2008-03-19 09:07 <REP> d-------- C:\Users\All Users\Awem
2008-03-19 09:07 . 2008-03-19 09:07 <REP> d-------- C:\ProgramData\Awem
2008-03-19 03:50 . 2008-04-02 03:28 <REP> d-------- C:\Program Files\Bit Che
2008-03-18 03:53 . 2008-03-24 15:02 <REP> d-------- C:\Program Files\SpeedFan
2008-03-18 03:52 . 2008-03-18 03:53 45 --a------ C:\Windows\System32\initdebug.nfo
2008-03-16 11:06 . 2008-03-24 12:13 <REP> d-------- C:\Users\All Users\PlayFirst
2008-03-16 11:06 . 2008-03-24 12:13 <REP> d-------- C:\ProgramData\PlayFirst
2008-03-15 11:40 . 2008-03-15 11:59 <REP> d-------- C:\Users\Lolo\AppData\Roaming\Pirateville
2008-03-15 00:49 . 2008-03-15 00:49 1,817,491 --a------ C:\Columbo Saison 10 & 11.jpg
2008-03-15 00:48 . 2008-03-15 00:48 1,603,187 --a------ C:\Columbo Saison 6 & 7.jpg
2008-03-15 00:48 . 2008-03-15 00:48 1,501,361 --a------ C:\Columbo Saison 8 & 9.jpg
2008-03-15 00:47 . 2008-03-15 00:47 1,780,936 --a------ C:\Columbo Saison 5.jpg
2008-03-14 17:21 . 2008-03-14 17:21 10,284 --a------ C:\Pour le respect des autres locataires.docx
2008-03-14 08:51 . 2008-03-24 12:13 <REP> d-------- C:\Users\Lolo\AppData\Roaming\PlayFirst
2008-03-13 09:04 . 2008-03-13 09:04 <REP> d-------- C:\Users\All Users\MythPeople
2008-03-13 09:04 . 2008-03-13 09:04 <REP> d-------- C:\ProgramData\MythPeople
2008-03-10 23:39 . 2008-02-24 19:18 936,953 --a------ C:\Columbo Saison 1.jpg
2008-03-10 23:32 . 2008-03-13 18:26 4,521,919 --a------ C:\Columbo Saison 3.jpg
2008-03-10 23:32 . 2008-03-10 23:32 1,519,545 --a------ C:\Columbo Saison 4.jpg
2008-03-10 20:49 . 2008-03-10 20:49 <REP> d-------- C:\Users\Lolo\AppData\Roaming\My Games
2008-03-10 08:57 . 2008-03-10 08:57 <REP> d-------- C:\Users\All Users\HipSoft
2008-03-10 08:57 . 2008-03-10 08:57 <REP> d-------- C:\ProgramData\HipSoft
2008-03-09 17:07 . 2008-03-09 17:07 <REP> d-------- C:\Users\All Users\Sandlot Games
2008-03-09 17:07 . 2008-03-09 17:07 <REP> d-------- C:\ProgramData\Sandlot Games
2008-03-08 19:43 . 2008-03-08 19:43 <REP> d-------- C:\Users\Lolo\AppData\Roaming\Fuzzy Games
2008-03-08 16:35 . 2008-03-08 16:35 <REP> d-------- C:\Users\Lolo\AppData\Roaming\Serif
2008-03-08 12:06 . 2008-03-08 12:06 <REP> d-------- C:\Users\All Users\Farm Frenzy
2008-03-08 12:06 . 2008-03-08 12:06 <REP> d-------- C:\ProgramData\Farm Frenzy
2008-03-07 16:03 . 2008-03-07 16:03 <REP> d-------- C:\Users\Lolo\AppData\Roaming\Micro Application
2008-03-06 19:41 . 2008-03-06 19:41 <REP> d-------- C:\Program Files\Lavasoft
2008-03-06 19:28 . 2008-03-10 23:42 7,912,465 --a------ C:\Columbo Saison 2.jpg
2008-03-06 18:32 . 2008-03-06 18:32 <REP> d-------- C:\Program Files\Alcohol Soft
2008-03-06 02:52 . 2008-03-06 02:52 <REP> d-------- C:\Windows\MVUNINST
2008-03-06 02:52 . 1996-08-24 12:11 289,552 --a------ C:\Windows\System32\temp.003
2008-03-06 02:52 . 1993-10-14 18:51 28,672 --a------ C:\Windows\System32\temp.002
2008-03-04 02:06 . 2008-03-04 02:06 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-03-03 06:40 . 2008-03-03 06:40 599,552 --a------ C:\Windows\System32\CnxtAp32.dll
2008-03-03 05:10 . 2008-03-03 05:10 182,272 --a------ C:\Windows\System32\drivers\CHDRT32.sys
2008-03-02 14:55 . 2008-03-02 14:55 <REP> d-------- C:\Program Files\StuffPlug3
2008-03-02 14:41 . 2008-03-02 14:41 <REP> d-------- C:\Program Files\MessengerPlus! 3
2008-03-02 04:00 . 2008-03-02 04:00 <REP> d-------- C:\Users\Lolo\AppData\Roaming\Droppix
2008-03-02 04:00 . 2004-06-05 20:33 139,264 --a------ C:\Windows\System32\RLAPEDec.ax
2008-03-02 04:00 . 2004-04-27 17:05 98,304 --a------ C:\Windows\System32\RLMPCDec.ax
2008-03-02 03:59 . 2008-03-02 04:01 <REP> d-------- C:\Users\All Users\Droppix
2008-03-02 03:59 . 2008-03-02 04:01 <REP> d-------- C:\ProgramData\Droppix
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-02 18:59 --------- d-----w C:\Users\Lolo\AppData\Roaming\utorrent
2008-04-02 18:56 41,520 ----a-w C:\Users\Lolo\AppData\Roaming\nvModes.dat
2008-04-02 14:06 --------- d---a-w C:\ProgramData\TEMP
2008-04-02 01:00 --------- d-----w C:\Users\Lolo\AppData\Roaming\DMCache
2008-04-02 00:16 --------- d-----w C:\ProgramData\WLInstaller
2008-04-01 14:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-31 16:00 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-31 02:01 --------- d-----w C:\Program Files\Zylom Games
2008-03-31 01:56 --------- d-----w C:\Users\Lolo\AppData\Roaming\Zylom
2008-03-22 12:07 --------- d-----w C:\Program Files\DVD-RB PRO
2008-03-20 21:05 --------- d-----w C:\Program Files\Windows Live
2008-03-20 02:19 --------- d-----w C:\ProgramData\NVIDIA
2008-03-20 02:17 174 --sha-w C:\Program Files\desktop.ini
2008-03-20 02:05 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-20 02:05 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-03-20 02:05 --------- d-----w C:\Program Files\Windows Mail
2008-03-20 02:05 --------- d-----w C:\Program Files\Windows Journal
2008-03-20 02:05 --------- d-----w C:\Program Files\Windows Defender
2008-03-20 02:05 --------- d-----w C:\Program Files\Windows Collaboration
2008-03-20 02:05 --------- d-----w C:\Program Files\Windows Calendar
2008-03-20 01:40 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-03-20 01:39 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-03-15 00:52 --------- d-----w C:\Program Files\Custom Technology
2008-03-12 13:39 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-11 19:37 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-11 01:41 --------- d-----w C:\Program Files\Ripp-it_AM
2008-03-08 14:34 --------- d-----w C:\Program Files\Micro Application
2008-03-06 17:41 --------- d-----w C:\ProgramData\Lavasoft
2008-03-06 17:40 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-06 16:28 716,272 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-03-06 00:52 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-03-02 02:19 --------- d-----w C:\Program Files\DAEMON Tools Pro
2008-03-01 00:01 --------- d-----w C:\Users\Lolo\AppData\Roaming\DAEMON Tools Pro
2008-02-23 08:51 --------- d-----w C:\Users\Lolo\AppData\Roaming\Wildfire
2008-02-20 20:51 --------- d-----w C:\Program Files\FairUse Wizard 2 Full Edition
2008-02-14 16:04 --------- d-----w C:\Program Files\DivX
2008-02-13 14:03 --------- d-----w C:\Users\Lolo\AppData\Roaming\Camfrog
2008-02-13 02:09 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-10 02:44 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-02-10 02:42 13,904,959 ----a-w C:\klcodec375f.exe
2008-02-10 02:35 --------- d-----w C:\Users\Lolo\AppData\Roaming\Uniblue
2008-02-10 02:18 --------- d-----w C:\Users\Lolo\AppData\Roaming\Download Manager
2008-02-10 02:10 36,734 ----a-w C:\Windows\System32\OggDSuninst.exe
2008-02-09 23:56 47,360 ----a-w C:\Users\Lolo\AppData\Roaming\pcouffin.sys
2008-02-09 23:56 --------- d-----w C:\Users\Lolo\AppData\Roaming\Vso
2008-02-09 02:04 43,698 ----a-w C:\Windows\System32\xvid-uninstall.exe
2008-02-09 02:04 --------- d-----w C:\Program Files\Gabest
2008-02-09 02:04 --------- d-----w C:\Program Files\AviSynth 2.5
2008-02-09 02:04 --------- d-----w C:\Program Files\AutoGK
2008-02-08 23:49 --------- d-----w C:\Program Files\VirtualDJ
2008-02-07 22:05 --------- d-----w C:\Program Files\ESET
2008-02-07 00:41 --------- d-----w C:\Program Files\GV Everest Pokernet
2008-02-07 00:37 --------- d-----w C:\Program Files\Everest Poker
2008-02-04 12:35 --------- d-----w C:\Users\Lolo\AppData\Roaming\dvdcss
2008-02-04 01:26 202,240 ----a-w C:\Windows\System32\ratatouille_screensaver.scr
2008-02-04 00:18 --------- d-----w C:\Program Files\Common Files\Canopus Shared
2008-02-04 00:06 --------- d-----w C:\Users\Lolo\AppData\Roaming\Grass Valley
2008-02-04 00:05 --------- d-----w C:\ProgramData\Grass Valley
2008-02-03 19:10 9,282 ----a-w C:\Windows\System32\Pvt.tmp
2008-02-03 19:10 34,308 ----a-w C:\Windows\System32\Chip.dll
2008-02-01 10:17 587,264 ----a-w C:\Windows\WLXPGSS.SCR
2008-01-26 16:52 47,227,312 ----a-w C:\Lexmark 1290 Vista.exe
2008-01-25 22:52 21,764 ----a-w C:\Windows\System32\CoreAAC-uninstall.exe.vir
2008-01-25 01:55 229,376 ----a-w C:\Windows\System32\UCI32A27.dll
2008-01-24 17:27 1,614 ----a-w C:\Users\Lolo\AppData\Roaming\filterclsid.dat
2008-01-18 22:44 986,680 ----a-w C:\Windows\System32\winload.exe
2008-01-18 22:44 926,776 ----a-w C:\Windows\System32\winresume.exe
2008-01-18 22:43 614,968 ----a-w C:\Windows\System32\ci.dll
2008-01-18 22:43 376,376 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-01-18 22:43 3,600,440 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-01-18 22:43 3,548,728 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-01-18 22:43 247,352 ----a-w C:\Windows\System32\clfs.sys
2008-01-18 22:42 94,776 ----a-w C:\Windows\System32\MigAutoPlay.exe
2008-01-18 22:42 51,768 ----a-w C:\Windows\System32\PSHED.DLL
2008-01-18 22:42 177,208 ----a-w C:\Windows\System32\halmacpi.dll
2008-01-18 22:42 141,880 ----a-w C:\Windows\System32\halacpi.dll
2008-01-18 22:41 24,120 ----a-w C:\Windows\System32\BOOTVID.DLL
2008-01-18 22:41 21,560 ----a-w C:\Windows\System32\kdusb.dll
2008-01-18 22:41 19,512 ----a-w C:\Windows\System32\kdcom.dll
2008-01-18 22:38 46,080 ----a-w C:\Windows\System32\NAPCRYPT.DLL
2008-01-18 22:38 4,595,712 ----a-w C:\Windows\System32\AuthFWSnapin.dll
2008-01-18 22:38 242,744 ----a-w C:\Windows\System32\rsaenh.dll
2008-01-18 22:38 155,704 ----a-w C:\Windows\System32\dssenh.dll
2008-01-18 22:38 131,640 ----a-w C:\Windows\System32\basecsp.dll
2008-01-18 22:38 103,936 ----a-w C:\Windows\System32\NAPHLPR.DLL
2008-01-18 22:38 1,203,792 ----a-w C:\Windows\System32\ntdll.dll
2008-01-18 22:36 99,840 ----a-w C:\Windows\System32\ulib.dll
2008-01-18 22:35 98,304 ----a-w C:\Windows\System32\mssitlb.dll
2008-01-18 22:34 98,816 ----a-w C:\Windows\System32\mfps.dll
2008-01-18 22:33 98,304 ----a-w C:\Windows\System32\makecab.exe
2008-01-18 22:32 258,048 ----a-w C:\Windows\System32\winspool.drv
2008-01-18 22:32 21,504 ----a-w C:\Windows\System32\msacm32.drv
2008-01-18 22:32 166,912 ----a-w C:\Windows\System32\wdmaud.drv
2008-01-18 22:32 1,370,624 ----a-w C:\Windows\System32\Aurora.scr
2008-01-18 22:31 7,680 ----a-w C:\Windows\System32\spwizres.dll
2008-01-18 22:31 57,856 ----a-w C:\Windows\System32\nlsbres.dll
2008-01-18 22:31 118,272 ----a-w C:\Windows\System32\RDPENCDD.dll
2008-01-18 22:30 17,920 ----a-w C:\Windows\System32\netevent.dll
2008-01-18 22:29 705,536 ----a-w C:\Windows\System32\imagesp1.dll
2008-01-18 22:29 58,880 ----a-w C:\Windows\System32\msobjs.dll
2007-02-20 12:52 22 --sha-w C:\Windows\SMINST\HPCD.sys
.
[code]<pre>
----a-w 325,204 2006-12-21 19:56:28 C:\SwSetup\SP34746\WCAMC\FW_210_Silence Install .exe
</pre>/code
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 00:33 1233920]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 00:33 125952]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-05-16 11:58 213936]
"LaunchList"="C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 15:41 145496]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 17:58 217544]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-05-16 11:58 213936]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 00:33 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 00:38 1008184]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 02:50 1021224]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 11:58 159744]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 10:56 317152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2006-12-24 08:06 77824]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-02-22 21:37 949376]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-05-16 11:58 86960]
"RemoteControl"="C:\Program Files\PowerDVD\PDVDServ.exe" [2007-02-07 16:24 71216]
"LanguageShortcut"="C:\Program Files\PowerDVD\Language\Language.exe" [2007-02-07 16:21 54832]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-05-16 11:58 213936]
"lxczbmgr.exe"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2007-04-19 16:45 74672]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-11-07 01:05 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-11-07 01:05 8534560]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-11-07 01:05 81920]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"beidsystemtray"=C:\Program Files\Belgium Identity Card\beidsystemtray.exe
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
"HP Health Check Scheduler"=C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"hpWirelessAssistant"=%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1897857066-2759574336-2263923183-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{72853EFD-30BD-4E06-8425-703415C3B68E}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{220BE648-9BC4-4083-83A0-98A30EFE77BB}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{E517C793-9D77-4476-9073-BC434F1A2224}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{9DB41400-601B-4225-AE87-460A33E11CC3}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{6CB26672-6B31-452D-B9CA-9C98FB8D3CBA}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{23DDEF48-4AA5-4F2E-9576-1932BF79BE30}"= UDP:C:\Program Files\utorrent\utorrent.exe:µTorrent
"{8458CC8D-BF30-4652-9F1D-EB1C29BC2722}"= TCP:C:\Program Files\utorrent\utorrent.exe:µTorrent
"{AD9E0DBF-7721-4D2B-9580-CC27B4BAF9A8}"= UDP:C:\Program Files\utorrent\utorrent.exe:µTorrent
"{EC1DA4BB-01B9-4C86-B67F-91E9C77618C0}"= TCP:C:\Program Files\utorrent\utorrent.exe:µTorrent
"TCP Query User{B5A370BB-2C23-4F05-8C96-1D1BD4103A93}D:\\jeux\\trackmania united\\tmunited.exe"= UDP:D:\jeux\trackmania united\tmunited.exe:TmUnited
"UDP Query User{DFBF639C-DBC0-4111-9B5C-BBE5C03699CB}D:\\jeux\\trackmania united\\tmunited.exe"= TCP:D:\jeux\trackmania united\tmunited.exe:TmUnited
"TCP Query User{6764DDE2-3A3B-46C3-AC21-87CAA934B206}D:\\jeux\\trackmania united\\tmunited.exe"= UDP:D:\jeux\trackmania united\tmunited.exe:TmUnited
"UDP Query User{AB210022-020B-4C44-9699-8CFDCEE7FC33}D:\\jeux\\trackmania united\\tmunited.exe"= TCP:D:\jeux\trackmania united\tmunited.exe:TmUnited
"TCP Query User{F5292BF5-38F2-4B2F-BF91-9C78B7F27172}D:\\jeux\\test drive unlimited\\testdriveunlimited.exe"= UDP:D:\jeux\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited
"UDP Query User{05D5F671-39EC-4640-8C7F-49F60A55369A}D:\\jeux\\test drive unlimited\\testdriveunlimited.exe"= TCP:D:\jeux\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited
"TCP Query User{9F688DB2-89E4-4F4C-961D-2276D001B8EF}D:\\jeux\\test drive unlimited\\testdriveunlimited.exe"= UDP:D:\jeux\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited
"UDP Query User{3AEFF2CA-4AE3-40E5-8D40-35D3F31F18AD}D:\\jeux\\test drive unlimited\\testdriveunlimited.exe"= TCP:D:\jeux\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited
"TCP Query User{79B02069-80A1-4B16-AC21-5A9D371DB6C0}D:\\jeux\\tom clancy's rainbow six vegas\\binaries\\r6vegas_game.exe"= UDP:D:\jeux\tom clancy's rainbow six vegas\binaries\r6vegas_game.exe:R6Vegas_Game
"UDP Query User{D1E3D494-58A9-4505-8A90-8B0F609C43D5}D:\\jeux\\tom clancy's rainbow six vegas\\binaries\\r6vegas_game.exe"= TCP:D:\jeux\tom clancy's rainbow six vegas\binaries\r6vegas_game.exe:R6Vegas_Game
"TCP Query User{70BD6710-FC39-4A87-9742-FF5F666D3908}C:\\users\\lolo\\appdata\\local\\temp\\occ.exe"= UDP:C:\users\lolo\appdata\local\temp\occ.exe:occ.exe
"UDP Query User{5CB8F39D-0C4D-43E9-9422-45A49BDB80FE}C:\\users\\lolo\\appdata\\local\\temp\\occ.exe"= TCP:C:\users\lolo\appdata\local\temp\occ.exe:occ.exe
"TCP Query User{B2C17496-55D4-4A04-A53E-D5E4F51A3BFE}D:\\race driver 3\\rd3.exe"= UDP:D:\race driver 3\rd3.exe:RaceDriver 3 Application
"UDP Query User{CB935976-F0B9-4BD1-9C25-A8A9ACB1B887}D:\\race driver 3\\rd3.exe"= TCP:D:\race driver 3\rd3.exe:RaceDriver 3 Application
"TCP Query User{48D1C7EE-DCD2-4170-8E88-E3A28EFE38DC}D:\\jeux\\need for speed underground 2\\speed2.exe"= UDP:D:\jeux\need for speed underground 2\speed2.exe:speed2
"UDP Query User{F6AC4EBC-6DD9-49E7-8589-8639B4886096}D:\\jeux\\need for speed underground 2\\speed2.exe"= TCP:D:\jeux\need for speed underground 2\speed2.exe:speed2
"{3AED6A77-3AB4-4669-B60B-B1E001DD6D1C}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{4CB40EFB-A50B-4BFF-851B-3149DC22FE12}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{24066E41-9C59-4590-AC61-4B124BD38FBB}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{E375C2B2-E078-48F7-A494-321BC6D5825F}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{36149FD5-9B94-48D1-96C8-8A9F057E92F1}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{DFA4D09D-78C1-4B20-AFBC-82F69BA6CEC5}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{E18FBB1D-2E26-4CE1-A6A5-2837E1893540}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:umi
"{2D9D6CB1-D5D0-45ED-A9C9-D26B1215BADE}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:umi
"{7ED7C847-EC45-43A0-A521-771675D52F00}"= UDP:C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
"{8CDF0DC6-539F-476F-8CA3-364287AE8782}"= TCP:C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
"{94362A2E-B603-4E6B-ADB9-35868F28BE7B}"= UDP:C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
"{AECC4C16-FA01-4F40-ABE3-B4F844556BD7}"= TCP:C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
"{A488C665-AAF5-4A09-8305-A53A54D0F054}"= UDP:C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:umi
"{F99CCE3B-5BB0-49D8-B804-DFBBBDABAB61}"= TCP:C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:umi
"{4FD19E50-CBED-4113-AB0D-50B5FB9D2EE2}"= C:\Program Files\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"TCP Query User{03741388-B074-4DC0-A0C6-A8C71B40C70E}C:\\program files\\pando networks\\pando\\pando.exe"= UDP:C:\program files\pando networks\pando\pando.exe:pando
"UDP Query User{087C0B24-A738-4156-8DAC-30DC6DF2800E}C:\\program files\\pando networks\\pando\\pando.exe"= TCP:C:\program files\pando networks\pando\pando.exe:pando
"{B87CA749-1B6C-43F0-83E0-39291B7826BC}"= UDP:C:\Program Files\Internet Explorer\iexplore.exe:Internet Explorer
"{C306F3A0-F76D-496A-BDC9-B3C26DB824CF}"= TCP:C:\Program Files\Internet Explorer\iexplore.exe:Internet Explorer
"{C293549C-5256-431A-8009-39D8EDD68697}"= UDP:D:\Jeux\Sega Rally\SEGA Rally.exe:SEGA Rally
"{36CBF181-10E9-4733-95D2-6488D8BFE2CE}"= TCP:D:\Jeux\Sega Rally\SEGA Rally.exe:SEGA Rally
"{1487782C-1723-4876-B12D-46AF2CB3C61E}"= UDP:D:\Jeux\Sega Rally\SEGA Rally_SSE1.exe:SEGA Rally
"{637B940C-F099-46D4-999F-6EA93FB385FE}"= TCP:D:\Jeux\Sega Rally\SEGA Rally_SSE1.exe:SEGA Rally
"TCP Query User{5EC4E0EC-7446-4054-8283-A754ACD258F6}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{D04127CE-6F94-4242-8E16-A94F31F9E39B}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{01333095-B341-4992-A9D2-48138D70631D}C:\\program files\\colin mc rae dirt\\dirt.exe"= UDP:C:\program files\colin mc rae dirt\dirt.exe:DiRT Executable
"UDP Query User{AABEF87C-8644-4726-B1F7-550364ED9CD8}C:\\program files\\colin mc rae dirt\\dirt.exe"= TCP:C:\program files\colin mc rae dirt\dirt.exe:DiRT Executable
"TCP Query User{0A81F0E7-528E-41FD-B3AA-EB2CE12BBA4E}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{F597D0C0-4DC9-453F-A91B-8C42973E64A5}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{CAC9F6EC-9A5F-4FCB-AC79-E633859DC3B0}C:\\program files\\bittornado\\btdownloadgui.exe"= UDP:C:\program files\bittornado\btdownloadgui.exe:btdownloadgui
"UDP Query User{A0DB91F0-4CA7-45C5-BE53-EF1B68759E0B}C:\\program files\\bittornado\\btdownloadgui.exe"= TCP:C:\program files\bittornado\btdownloadgui.exe:btdownloadgui
"TCP Query User{D4218A78-66A0-4B1D-A9BB-D52D77AA9C58}D:\\jeux\\counter-strike source\\hl2.exe"= UDP:D:\jeux\counter-strike source\hl2.exe:hl2
"UDP Query User{AA379E76-D70E-49F5-AB76-31E8AFA7F049}D:\\jeux\\counter-strike source\\hl2.exe"= TCP:D:\jeux\counter-strike source\hl2.exe:hl2
"TCP Query User{009B3D83-471A-4EE2-99DD-68F56DB64B44}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{F567359C-56B6-4822-8090-404FB1DFEDCA}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{3B12DC92-D7ED-4685-BE59-C6D1B2BB5C67}C:\\program files\\ip anonymizer\\ip anonymizer.exe"= UDP:C:\program files\ip anonymizer\ip anonymizer.exe:IP Anonymizer
"UDP Query User{A777F77D-2105-43D3-BF0B-E37938CDBA53}C:\\program files\\ip anonymizer\\ip anonymizer.exe"= TCP:C:\program files\ip anonymizer\ip anonymizer.exe:IP Anonymizer
"TCP Query User{6BA67CAB-E47F-4151-85E9-AACEAC5A1DD3}D:\\jeux\\timeshift\\bin\\timeshift.exe"= UDP:D:\jeux\timeshift\bin\timeshift.exe:TimeShift
"UDP Query User{E699186E-FC28-45E6-8DF7-DB26E79D7269}D:\\jeux\\timeshift\\bin\\timeshift.exe"= TCP:D:\jeux\timeshift\bin\timeshift.exe:TimeShift
"TCP Query User{9F32F731-B115-4D4B-A927-ADD1237B57FF}D:\\jeux\\wsop 2008\\wsopbftb.exe"= UDP:D:\jeux\wsop 2008\wsopbftb.exe:WSOPBFTB
"UDP Query User{95D19295-EC2B-4B53-A44A-46EF771E592E}D:\\jeux\\wsop 2008\\wsopbftb.exe"= TCP:D:\jeux\wsop 2008\wsopbftb.exe:WSOPBFTB
"TCP Query User{6186C069-9CAE-4529-936B-BA012B36F5A5}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{6C798A3B-7029-4836-BBE2-6BAC392769B4}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{EF633D9E-75DB-4124-B206-92AAB6D50A07}"= UDP:C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:Studio
"{5572A77E-EE1F-45FC-97DB-96513EC6C10E}"= TCP:C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:Studio
"TCP Query User{EBAAE7DA-6B37-4B97-B8F3-542FD7FA0152}C:\\program files\\hp\\hp software update\\hpwucli.exe"= UDP:C:\program files\hp\hp software update\hpwucli.exe:HP Software Update Client
"UDP Query User{942474FE-BB69-454D-86B5-A2B1747E9B58}C:\\program files\\hp\\hp software update\\hpwucli.exe"= TCP:C:\program files\hp\hp software update\hpwucli.exe:HP Software Update Client
"{AD7C4758-B804-441F-8D8A-DDDD646FCA6D}"= UDP:C:\Windows\System32\lxczcoms.exe:Lexmark Communications System
"{01922C27-5CB7-4423-A249-64CE76B6138F}"= TCP:C:\Windows\System32\lxczcoms.exe:Lexmark Communications System
"{E6E31F8A-5F7F-4575-8065-6866D2812E43}"= UDP:C:\Windows\System32\lxczcoms.exe:Lexmark Communications System
"{14CA88A2-957B-4419-876D-299C3C8214B2}"= TCP:C:\Windows\System32\lxczcoms.exe:Lexmark Communications System
"{1465CABD-CCD6-45AB-A57B-35E6BC924A12}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxczpswx.exe:Printer Status Window
"{6D2970C5-005A-4FE8-BD33-7921A1039FB0}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxczpswx.exe:Printer Status Window
"TCP Query User{18984BD9-9232-4E93-924F-5BBC4A9BD037}C:\\program files\\warez\\warez.exe"= UDP:C:\program files\warez\warez.exe:Warez
"UDP Query User{0A184DFF-8667-4A17-8038-BC0F7BB6D02B}C:\\program files\\warez\\warez.exe"= TCP:C:\program files\warez\warez.exe:Warez
"TCP Query User{94A66FD9-AB7A-49AC-A8D9-0A7FD1AE8DAC}C:\\program files\\camfrog\\camfrog video chat\\camfrog video chat.exe"= UDP:C:\program files\camfrog\camfrog video chat\camfrog video chat.exe:Camfrog Client Module
"UDP Query User{F3012F8D-DE4F-4A57-A416-54CCEE315C49}C:\\program files\\camfrog\\camfrog video chat\\camfrog video chat.exe"= TCP:C:\program files\camfrog\camfrog video chat\camfrog video chat.exe:Camfrog Client Module
"{56866078-4E35-4AF0-8005-EC6E028D9062}"= C:\Program Files\Windows Live\Messenger\wlcsdk.exe:Windows Live Messenger (Phone)
"TCP Query User{DB25FD8B-4723-4D4A-9F21-4BD2BD2387E2}C:\\program files\\emule hardstyle xs\\emule.exe"= UDP:C:\program files\emule hardstyle xs\emule.exe:eMule
"UDP Query User{73059536-DC7E-4647-80E4-A3C6AEE600E5}C:\\program files\\emule hardstyle xs\\emule.exe"= TCP:C:\program files\emule hardstyle xs\emule.exe:eMule
"{01B03A99-5322-40CC-8B17-93A745EE1EEC}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DB8FBF3C-AF4D-49E2-99E0-A070C1C27011}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{19F41D87-5416-442E-AC08-20EE75904277}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\PowerDVD\[u]0/u00.fcl [2006-11-02 16:51]
R2 eID CRL Service;eID CRL Service;C:\Windows\system32\beidservicecrl.exe [2006-06-20 13:38]
R2 lxcz_device;lxcz_device;C:\Windows\system32\lxczcoms.exe [2007-04-19 16:43]
R2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2008-01-19 00:33]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 06:27]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 05:10]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2006-12-18 23:31]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2006-12-18 23:31]
S3 ACSSCR;ACR38 Smart Card Reader;C:\Windows\system32\DRIVERS\a38usbxp.sys [2004-04-30 14:35]
S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 09:30]
S3 eID Privacy Service;eID Privacy Service;C:\Windows\system32\beidservicepcsc.exe [2006-06-21 09:47]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\Windows\system32\DRIVERS\ss_bus.sys [2007-05-02 12:11]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\Windows\system32\DRIVERS\ss_mdfl.sys [2007-05-02 12:11]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\Windows\system32\DRIVERS\ss_mdm.sys [2007-05-02 12:11]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-01-14 02:22]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-28 20:21:09 C:\Windows\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-04-01 19:18:25 C:\Windows\Tasks\User_Feed_Synchronization-{BEF72AAC-735F-47EE-8E3F-4BD6E692961A}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-02 21:07:21
Windows 6.0.6001 Service Pack 1 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-04-02 21:08:02
ComboFix-quarantined-files.txt 2008-04-02 19:07:59
Pre-Run: 26,544,562,176 octets libres
Post-Run: 26,507,583,488 octets libres
.
2008-03-26 00:18:33 --- E O F ---
ComboFix 08-04-01.2 - Lolo 2008-04-02 21:03:20.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.980 [GMT 2:00]
Endroit: C:\Users\Lolo\Desktop\KillBagle.exe
* Création d'un nouveau point de restauration
* Resident AV is active
.
TimedOut: progfile.dat
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\Lolo\AppData\Local\Microsoft\Windows\Temporary Internet Files\101.gif
C:\Users\Lolo\AppData\Local\Microsoft\Windows\Temporary Internet Files\102.gif
C:\Users\Lolo\AppData\Local\Microsoft\Windows\Temporary Internet Files\103.gif
C:\Users\Lolo\AppData\Local\Microsoft\Windows\Temporary Internet Files\104.gif
C:\Users\Lolo\AppData\Local\Microsoft\Windows\Temporary Internet Files\105.gif
C:\Users\Lolo\AppData\Local\Microsoft\Windows\Temporary Internet Files\106.gif
C:\Users\Lolo\AppData\Roaming\inst.exe
C:\Windows\system32\~.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-02 to 2008-04-02 ))))))))))))))))))))))))))))))))))))
.
2008-04-02 18:34 . 2008-04-02 18:36 <REP> d-------- C:\Program Files\RegCleaner
2008-04-02 18:32 . 2008-04-02 18:32 553,687 --a------ C:\regcleaner_regcleaner_4.3.0.780_francais_10573.exe
2008-04-02 03:26 . 2008-04-02 03:26 <REP> d-------- C:\Users\Lolo\AppData\Roaming\Convivea
2008-04-02 01:38 . 2008-04-02 19:42 <REP> d-------- C:\Program Files\Navilog1
2008-03-28 21:02 . 2008-04-01 17:54 54,156 --ah----- C:\Windows\QTFont.qfn
2008-03-28 21:02 . 2008-03-28 21:02 1,409 --a------ C:\Windows\QTFont.for
2008-03-27 22:09 . 2008-03-27 22:09 <REP> d-------- C:\Program Files\Clean Virus MSN
2008-03-24 03:39 . 2008-03-24 03:39 <REP> d-------- C:\Users\Lolo\AppData\Roaming\GameHouse
2008-03-24 03:37 . 2008-03-24 03:37 <REP> d-------- C:\Users\Lolo\AppData\Roaming\Magic Academy
2008-03-24 03:35 . 2008-03-24 03:35 <REP> d-------- C:\Program Files\BFG
2008-03-24 03:33 . 2008-03-24 03:33 <REP> d-------- C:\Users\Lolo\AppData\Roaming\Mysteryville2
2008-03-24 03:23 . 2008-03-24 03:23 <REP> d-------- C:\Program Files\ReflexiveArcade
2008-03-24 03:16 . 2008-03-24 03:16 <REP> d-------- C:\Users\Lolo\AppData\Roaming\Sandlot Games
2008-03-24 03:15 . 2008-03-24 03:15 <REP> d-------- C:\Users\All Users\Trymedia
2008-03-24 03:15 . 2008-03-24 03:15 <REP> d-------- C:\ProgramData\Trymedia
2008-03-24 03:14 . 2008-03-27 00:05 9,216 --a------ C:\Windows\System32\host.db
2008-03-24 03:14 . 2008-03-24 03:14 1,426 --a------ C:\Windows\System32\host5.zip
2008-03-23 13:32 . 2008-03-23 13:32 <REP> d-------- C:\Users\All Users\NannyMania
2008-03-23 13:32 . 2008-03-23 13:32 <REP> d-------- C:\ProgramData\NannyMania
2008-03-22 12:27 . 2008-03-22 12:27 <REP> d-------- C:\Users\Lolo\AppData\Roaming\GAMEON
2008-03-22 02:07 . 2008-03-22 02:11 <REP> d-------- C:\Users\Lolo\AppData\Roaming\Off Road
2008-03-21 18:27 . 2008-03-21 18:27 <REP> d-------- C:\Program Files\DVD Shrink
2008-03-20 03:28 . 2008-03-20 02:52 152,576 --a------ C:\Windows\System32\SPWizUI.dll
2008-03-20 03:28 . 2008-03-20 02:52 47,560 --a------ C:\Windows\System32\SPReview.exe
2008-03-20 03:05 . 2008-01-19 00:33 193,024 --a------ C:\Windows\System32\recdisc.exe
2008-03-20 03:05 . 2008-01-19 00:36 6,656 --a------ C:\Windows\System32\sdspres.dll
2008-03-20 03:04 . 2008-01-19 00:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
2008-03-20 03:03 . 2008-01-19 00:36 142,336 --a------ C:\Windows\System32\spp.dll
2008-03-20 03:03 . 2008-01-19 00:36 28,160 --a------ C:\Windows\System32\sxproxy.dll
2008-03-20 03:00 . 2008-01-19 00:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll
2008-03-20 02:58 . 2008-01-19 00:36 2,588,160 --a------ C:\Windows\System32\UIHub.dll
2008-03-20 02:54 . 2008-01-19 00:33 44,032 --a------ C:\Windows\System32\cbsra.exe
2008-03-20 02:52 . 2008-03-20 03:33 196,608 --a------ C:\Windows\SPInstall.etl
2008-03-19 11:45 . 2008-03-21 02:10 <REP> d-------- C:\Users\All Users\DVD Shrink
2008-03-19 11:45 . 2008-03-21 02:10 <REP> d-------- C:\ProgramData\DVD Shrink
2008-03-19 09:07 . 2008-03-19 09:07 <REP> d-------- C:\Users\All Users\Awem
2008-03-19 09:07 . 2008-03-19 09:07 <REP> d-------- C:\ProgramData\Awem
2008-03-19 03:50 . 2008-04-02 03:28 <REP> d-------- C:\Program Files\Bit Che
2008-03-18 03:53 . 2008-03-24 15:02 <REP> d-------- C:\Program Files\SpeedFan
2008-03-18 03:52 . 2008-03-18 03:53 45 --a------ C:\Windows\System32\initdebug.nfo
2008-03-16 11:06 . 2008-03-24 12:13 <REP> d-------- C:\Users\All Users\PlayFirst
2008-03-16 11:06 . 2008-03-24 12:13 <REP> d-------- C:\ProgramData\PlayFirst
2008-03-15 11:40 . 2008-03-15 11:59 <REP> d-------- C:\Users\Lolo\AppData\Roaming\Pirateville
2008-03-15 00:49 . 2008-03-15 00:49 1,817,491 --a------ C:\Columbo Saison 10 & 11.jpg
2008-03-15 00:48 . 2008-03-15 00:48 1,603,187 --a------ C:\Columbo Saison 6 & 7.jpg
2008-03-15 00:48 . 2008-03-15 00:48 1,501,361 --a------ C:\Columbo Saison 8 & 9.jpg
2008-03-15 00:47 . 2008-03-15 00:47 1,780,936 --a------ C:\Columbo Saison 5.jpg
2008-03-14 17:21 . 2008-03-14 17:21 10,284 --a------ C:\Pour le respect des autres locataires.docx
2008-03-14 08:51 . 2008-03-24 12:13 <REP> d-------- C:\Users\Lolo\AppData\Roaming\PlayFirst
2008-03-13 09:04 . 2008-03-13 09:04 <REP> d-------- C:\Users\All Users\MythPeople
2008-03-13 09:04 . 2008-03-13 09:04 <REP> d-------- C:\ProgramData\MythPeople
2008-03-10 23:39 . 2008-02-24 19:18 936,953 --a------ C:\Columbo Saison 1.jpg
2008-03-10 23:32 . 2008-03-13 18:26 4,521,919 --a------ C:\Columbo Saison 3.jpg
2008-03-10 23:32 . 2008-03-10 23:32 1,519,545 --a------ C:\Columbo Saison 4.jpg
2008-03-10 20:49 . 2008-03-10 20:49 <REP> d-------- C:\Users\Lolo\AppData\Roaming\My Games
2008-03-10 08:57 . 2008-03-10 08:57 <REP> d-------- C:\Users\All Users\HipSoft
2008-03-10 08:57 . 2008-03-10 08:57 <REP> d-------- C:\ProgramData\HipSoft
2008-03-09 17:07 . 2008-03-09 17:07 <REP> d-------- C:\Users\All Users\Sandlot Games
2008-03-09 17:07 . 2008-03-09 17:07 <REP> d-------- C:\ProgramData\Sandlot Games
2008-03-08 19:43 . 2008-03-08 19:43 <REP> d-------- C:\Users\Lolo\AppData\Roaming\Fuzzy Games
2008-03-08 16:35 . 2008-03-08 16:35 <REP> d-------- C:\Users\Lolo\AppData\Roaming\Serif
2008-03-08 12:06 . 2008-03-08 12:06 <REP> d-------- C:\Users\All Users\Farm Frenzy
2008-03-08 12:06 . 2008-03-08 12:06 <REP> d-------- C:\ProgramData\Farm Frenzy
2008-03-07 16:03 . 2008-03-07 16:03 <REP> d-------- C:\Users\Lolo\AppData\Roaming\Micro Application
2008-03-06 19:41 . 2008-03-06 19:41 <REP> d-------- C:\Program Files\Lavasoft
2008-03-06 19:28 . 2008-03-10 23:42 7,912,465 --a------ C:\Columbo Saison 2.jpg
2008-03-06 18:32 . 2008-03-06 18:32 <REP> d-------- C:\Program Files\Alcohol Soft
2008-03-06 02:52 . 2008-03-06 02:52 <REP> d-------- C:\Windows\MVUNINST
2008-03-06 02:52 . 1996-08-24 12:11 289,552 --a------ C:\Windows\System32\temp.003
2008-03-06 02:52 . 1993-10-14 18:51 28,672 --a------ C:\Windows\System32\temp.002
2008-03-04 02:06 . 2008-03-04 02:06 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-03-03 06:40 . 2008-03-03 06:40 599,552 --a------ C:\Windows\System32\CnxtAp32.dll
2008-03-03 05:10 . 2008-03-03 05:10 182,272 --a------ C:\Windows\System32\drivers\CHDRT32.sys
2008-03-02 14:55 . 2008-03-02 14:55 <REP> d-------- C:\Program Files\StuffPlug3
2008-03-02 14:41 . 2008-03-02 14:41 <REP> d-------- C:\Program Files\MessengerPlus! 3
2008-03-02 04:00 . 2008-03-02 04:00 <REP> d-------- C:\Users\Lolo\AppData\Roaming\Droppix
2008-03-02 04:00 . 2004-06-05 20:33 139,264 --a------ C:\Windows\System32\RLAPEDec.ax
2008-03-02 04:00 . 2004-04-27 17:05 98,304 --a------ C:\Windows\System32\RLMPCDec.ax
2008-03-02 03:59 . 2008-03-02 04:01 <REP> d-------- C:\Users\All Users\Droppix
2008-03-02 03:59 . 2008-03-02 04:01 <REP> d-------- C:\ProgramData\Droppix
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-02 18:59 --------- d-----w C:\Users\Lolo\AppData\Roaming\utorrent
2008-04-02 18:56 41,520 ----a-w C:\Users\Lolo\AppData\Roaming\nvModes.dat
2008-04-02 14:06 --------- d---a-w C:\ProgramData\TEMP
2008-04-02 01:00 --------- d-----w C:\Users\Lolo\AppData\Roaming\DMCache
2008-04-02 00:16 --------- d-----w C:\ProgramData\WLInstaller
2008-04-01 14:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-31 16:00 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-31 02:01 --------- d-----w C:\Program Files\Zylom Games
2008-03-31 01:56 --------- d-----w C:\Users\Lolo\AppData\Roaming\Zylom
2008-03-22 12:07 --------- d-----w C:\Program Files\DVD-RB PRO
2008-03-20 21:05 --------- d-----w C:\Program Files\Windows Live
2008-03-20 02:19 --------- d-----w C:\ProgramData\NVIDIA
2008-03-20 02:17 174 --sha-w C:\Program Files\desktop.ini
2008-03-20 02:05 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-20 02:05 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-03-20 02:05 --------- d-----w C:\Program Files\Windows Mail
2008-03-20 02:05 --------- d-----w C:\Program Files\Windows Journal
2008-03-20 02:05 --------- d-----w C:\Program Files\Windows Defender
2008-03-20 02:05 --------- d-----w C:\Program Files\Windows Collaboration
2008-03-20 02:05 --------- d-----w C:\Program Files\Windows Calendar
2008-03-20 01:40 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-03-20 01:39 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-03-15 00:52 --------- d-----w C:\Program Files\Custom Technology
2008-03-12 13:39 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-11 19:37 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-11 01:41 --------- d-----w C:\Program Files\Ripp-it_AM
2008-03-08 14:34 --------- d-----w C:\Program Files\Micro Application
2008-03-06 17:41 --------- d-----w C:\ProgramData\Lavasoft
2008-03-06 17:40 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-06 16:28 716,272 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-03-06 00:52 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-03-02 02:19 --------- d-----w C:\Program Files\DAEMON Tools Pro
2008-03-01 00:01 --------- d-----w C:\Users\Lolo\AppData\Roaming\DAEMON Tools Pro
2008-02-23 08:51 --------- d-----w C:\Users\Lolo\AppData\Roaming\Wildfire
2008-02-20 20:51 --------- d-----w C:\Program Files\FairUse Wizard 2 Full Edition
2008-02-14 16:04 --------- d-----w C:\Program Files\DivX
2008-02-13 14:03 --------- d-----w C:\Users\Lolo\AppData\Roaming\Camfrog
2008-02-13 02:09 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-10 02:44 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-02-10 02:42 13,904,959 ----a-w C:\klcodec375f.exe
2008-02-10 02:35 --------- d-----w C:\Users\Lolo\AppData\Roaming\Uniblue
2008-02-10 02:18 --------- d-----w C:\Users\Lolo\AppData\Roaming\Download Manager
2008-02-10 02:10 36,734 ----a-w C:\Windows\System32\OggDSuninst.exe
2008-02-09 23:56 47,360 ----a-w C:\Users\Lolo\AppData\Roaming\pcouffin.sys
2008-02-09 23:56 --------- d-----w C:\Users\Lolo\AppData\Roaming\Vso
2008-02-09 02:04 43,698 ----a-w C:\Windows\System32\xvid-uninstall.exe
2008-02-09 02:04 --------- d-----w C:\Program Files\Gabest
2008-02-09 02:04 --------- d-----w C:\Program Files\AviSynth 2.5
2008-02-09 02:04 --------- d-----w C:\Program Files\AutoGK
2008-02-08 23:49 --------- d-----w C:\Program Files\VirtualDJ
2008-02-07 22:05 --------- d-----w C:\Program Files\ESET
2008-02-07 00:41 --------- d-----w C:\Program Files\GV Everest Pokernet
2008-02-07 00:37 --------- d-----w C:\Program Files\Everest Poker
2008-02-04 12:35 --------- d-----w C:\Users\Lolo\AppData\Roaming\dvdcss
2008-02-04 01:26 202,240 ----a-w C:\Windows\System32\ratatouille_screensaver.scr
2008-02-04 00:18 --------- d-----w C:\Program Files\Common Files\Canopus Shared
2008-02-04 00:06 --------- d-----w C:\Users\Lolo\AppData\Roaming\Grass Valley
2008-02-04 00:05 --------- d-----w C:\ProgramData\Grass Valley
2008-02-03 19:10 9,282 ----a-w C:\Windows\System32\Pvt.tmp
2008-02-03 19:10 34,308 ----a-w C:\Windows\System32\Chip.dll
2008-02-01 10:17 587,264 ----a-w C:\Windows\WLXPGSS.SCR
2008-01-26 16:52 47,227,312 ----a-w C:\Lexmark 1290 Vista.exe
2008-01-25 22:52 21,764 ----a-w C:\Windows\System32\CoreAAC-uninstall.exe.vir
2008-01-25 01:55 229,376 ----a-w C:\Windows\System32\UCI32A27.dll
2008-01-24 17:27 1,614 ----a-w C:\Users\Lolo\AppData\Roaming\filterclsid.dat
2008-01-18 22:44 986,680 ----a-w C:\Windows\System32\winload.exe
2008-01-18 22:44 926,776 ----a-w C:\Windows\System32\winresume.exe
2008-01-18 22:43 614,968 ----a-w C:\Windows\System32\ci.dll
2008-01-18 22:43 376,376 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-01-18 22:43 3,600,440 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-01-18 22:43 3,548,728 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-01-18 22:43 247,352 ----a-w C:\Windows\System32\clfs.sys
2008-01-18 22:42 94,776 ----a-w C:\Windows\System32\MigAutoPlay.exe
2008-01-18 22:42 51,768 ----a-w C:\Windows\System32\PSHED.DLL
2008-01-18 22:42 177,208 ----a-w C:\Windows\System32\halmacpi.dll
2008-01-18 22:42 141,880 ----a-w C:\Windows\System32\halacpi.dll
2008-01-18 22:41 24,120 ----a-w C:\Windows\System32\BOOTVID.DLL
2008-01-18 22:41 21,560 ----a-w C:\Windows\System32\kdusb.dll
2008-01-18 22:41 19,512 ----a-w C:\Windows\System32\kdcom.dll
2008-01-18 22:38 46,080 ----a-w C:\Windows\System32\NAPCRYPT.DLL
2008-01-18 22:38 4,595,712 ----a-w C:\Windows\System32\AuthFWSnapin.dll
2008-01-18 22:38 242,744 ----a-w C:\Windows\System32\rsaenh.dll
2008-01-18 22:38 155,704 ----a-w C:\Windows\System32\dssenh.dll
2008-01-18 22:38 131,640 ----a-w C:\Windows\System32\basecsp.dll
2008-01-18 22:38 103,936 ----a-w C:\Windows\System32\NAPHLPR.DLL
2008-01-18 22:38 1,203,792 ----a-w C:\Windows\System32\ntdll.dll
2008-01-18 22:36 99,840 ----a-w C:\Windows\System32\ulib.dll
2008-01-18 22:35 98,304 ----a-w C:\Windows\System32\mssitlb.dll
2008-01-18 22:34 98,816 ----a-w C:\Windows\System32\mfps.dll
2008-01-18 22:33 98,304 ----a-w C:\Windows\System32\makecab.exe
2008-01-18 22:32 258,048 ----a-w C:\Windows\System32\winspool.drv
2008-01-18 22:32 21,504 ----a-w C:\Windows\System32\msacm32.drv
2008-01-18 22:32 166,912 ----a-w C:\Windows\System32\wdmaud.drv
2008-01-18 22:32 1,370,624 ----a-w C:\Windows\System32\Aurora.scr
2008-01-18 22:31 7,680 ----a-w C:\Windows\System32\spwizres.dll
2008-01-18 22:31 57,856 ----a-w C:\Windows\System32\nlsbres.dll
2008-01-18 22:31 118,272 ----a-w C:\Windows\System32\RDPENCDD.dll
2008-01-18 22:30 17,920 ----a-w C:\Windows\System32\netevent.dll
2008-01-18 22:29 705,536 ----a-w C:\Windows\System32\imagesp1.dll
2008-01-18 22:29 58,880 ----a-w C:\Windows\System32\msobjs.dll
2007-02-20 12:52 22 --sha-w C:\Windows\SMINST\HPCD.sys
.
[code]<pre>
----a-w 325,204 2006-12-21 19:56:28 C:\SwSetup\SP34746\WCAMC\FW_210_Silence Install .exe
</pre>/code
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 00:33 1233920]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 00:33 125952]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-05-16 11:58 213936]
"LaunchList"="C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 15:41 145496]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 17:58 217544]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-05-16 11:58 213936]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 00:33 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 00:38 1008184]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 02:50 1021224]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 11:58 159744]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 10:56 317152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2006-12-24 08:06 77824]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-02-22 21:37 949376]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-05-16 11:58 86960]
"RemoteControl"="C:\Program Files\PowerDVD\PDVDServ.exe" [2007-02-07 16:24 71216]
"LanguageShortcut"="C:\Program Files\PowerDVD\Language\Language.exe" [2007-02-07 16:21 54832]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-05-16 11:58 213936]
"lxczbmgr.exe"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2007-04-19 16:45 74672]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-11-07 01:05 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-11-07 01:05 8534560]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-11-07 01:05 81920]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"beidsystemtray"=C:\Program Files\Belgium Identity Card\beidsystemtray.exe
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
"HP Health Check Scheduler"=C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"hpWirelessAssistant"=%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1897857066-2759574336-2263923183-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{72853EFD-30BD-4E06-8425-703415C3B68E}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{220BE648-9BC4-4083-83A0-98A30EFE77BB}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{E517C793-9D77-4476-9073-BC434F1A2224}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{9DB41400-601B-4225-AE87-460A33E11CC3}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{6CB26672-6B31-452D-B9CA-9C98FB8D3CBA}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{23DDEF48-4AA5-4F2E-9576-1932BF79BE30}"= UDP:C:\Program Files\utorrent\utorrent.exe:µTorrent
"{8458CC8D-BF30-4652-9F1D-EB1C29BC2722}"= TCP:C:\Program Files\utorrent\utorrent.exe:µTorrent
"{AD9E0DBF-7721-4D2B-9580-CC27B4BAF9A8}"= UDP:C:\Program Files\utorrent\utorrent.exe:µTorrent
"{EC1DA4BB-01B9-4C86-B67F-91E9C77618C0}"= TCP:C:\Program Files\utorrent\utorrent.exe:µTorrent
"TCP Query User{B5A370BB-2C23-4F05-8C96-1D1BD4103A93}D:\\jeux\\trackmania united\\tmunited.exe"= UDP:D:\jeux\trackmania united\tmunited.exe:TmUnited
"UDP Query User{DFBF639C-DBC0-4111-9B5C-BBE5C03699CB}D:\\jeux\\trackmania united\\tmunited.exe"= TCP:D:\jeux\trackmania united\tmunited.exe:TmUnited
"TCP Query User{6764DDE2-3A3B-46C3-AC21-87CAA934B206}D:\\jeux\\trackmania united\\tmunited.exe"= UDP:D:\jeux\trackmania united\tmunited.exe:TmUnited
"UDP Query User{AB210022-020B-4C44-9699-8CFDCEE7FC33}D:\\jeux\\trackmania united\\tmunited.exe"= TCP:D:\jeux\trackmania united\tmunited.exe:TmUnited
"TCP Query User{F5292BF5-38F2-4B2F-BF91-9C78B7F27172}D:\\jeux\\test drive unlimited\\testdriveunlimited.exe"= UDP:D:\jeux\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited
"UDP Query User{05D5F671-39EC-4640-8C7F-49F60A55369A}D:\\jeux\\test drive unlimited\\testdriveunlimited.exe"= TCP:D:\jeux\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited
"TCP Query User{9F688DB2-89E4-4F4C-961D-2276D001B8EF}D:\\jeux\\test drive unlimited\\testdriveunlimited.exe"= UDP:D:\jeux\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited
"UDP Query User{3AEFF2CA-4AE3-40E5-8D40-35D3F31F18AD}D:\\jeux\\test drive unlimited\\testdriveunlimited.exe"= TCP:D:\jeux\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited
"TCP Query User{79B02069-80A1-4B16-AC21-5A9D371DB6C0}D:\\jeux\\tom clancy's rainbow six vegas\\binaries\\r6vegas_game.exe"= UDP:D:\jeux\tom clancy's rainbow six vegas\binaries\r6vegas_game.exe:R6Vegas_Game
"UDP Query User{D1E3D494-58A9-4505-8A90-8B0F609C43D5}D:\\jeux\\tom clancy's rainbow six vegas\\binaries\\r6vegas_game.exe"= TCP:D:\jeux\tom clancy's rainbow six vegas\binaries\r6vegas_game.exe:R6Vegas_Game
"TCP Query User{70BD6710-FC39-4A87-9742-FF5F666D3908}C:\\users\\lolo\\appdata\\local\\temp\\occ.exe"= UDP:C:\users\lolo\appdata\local\temp\occ.exe:occ.exe
"UDP Query User{5CB8F39D-0C4D-43E9-9422-45A49BDB80FE}C:\\users\\lolo\\appdata\\local\\temp\\occ.exe"= TCP:C:\users\lolo\appdata\local\temp\occ.exe:occ.exe
"TCP Query User{B2C17496-55D4-4A04-A53E-D5E4F51A3BFE}D:\\race driver 3\\rd3.exe"= UDP:D:\race driver 3\rd3.exe:RaceDriver 3 Application
"UDP Query User{CB935976-F0B9-4BD1-9C25-A8A9ACB1B887}D:\\race driver 3\\rd3.exe"= TCP:D:\race driver 3\rd3.exe:RaceDriver 3 Application
"TCP Query User{48D1C7EE-DCD2-4170-8E88-E3A28EFE38DC}D:\\jeux\\need for speed underground 2\\speed2.exe"= UDP:D:\jeux\need for speed underground 2\speed2.exe:speed2
"UDP Query User{F6AC4EBC-6DD9-49E7-8589-8639B4886096}D:\\jeux\\need for speed underground 2\\speed2.exe"= TCP:D:\jeux\need for speed underground 2\speed2.exe:speed2
"{3AED6A77-3AB4-4669-B60B-B1E001DD6D1C}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{4CB40EFB-A50B-4BFF-851B-3149DC22FE12}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{24066E41-9C59-4590-AC61-4B124BD38FBB}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{E375C2B2-E078-48F7-A494-321BC6D5825F}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{36149FD5-9B94-48D1-96C8-8A9F057E92F1}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{DFA4D09D-78C1-4B20-AFBC-82F69BA6CEC5}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{E18FBB1D-2E26-4CE1-A6A5-2837E1893540}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:umi
"{2D9D6CB1-D5D0-45ED-A9C9-D26B1215BADE}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:umi
"{7ED7C847-EC45-43A0-A521-771675D52F00}"= UDP:C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
"{8CDF0DC6-539F-476F-8CA3-364287AE8782}"= TCP:C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
"{94362A2E-B603-4E6B-ADB9-35868F28BE7B}"= UDP:C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
"{AECC4C16-FA01-4F40-ABE3-B4F844556BD7}"= TCP:C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
"{A488C665-AAF5-4A09-8305-A53A54D0F054}"= UDP:C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:umi
"{F99CCE3B-5BB0-49D8-B804-DFBBBDABAB61}"= TCP:C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:umi
"{4FD19E50-CBED-4113-AB0D-50B5FB9D2EE2}"= C:\Program Files\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"TCP Query User{03741388-B074-4DC0-A0C6-A8C71B40C70E}C:\\program files\\pando networks\\pando\\pando.exe"= UDP:C:\program files\pando networks\pando\pando.exe:pando
"UDP Query User{087C0B24-A738-4156-8DAC-30DC6DF2800E}C:\\program files\\pando networks\\pando\\pando.exe"= TCP:C:\program files\pando networks\pando\pando.exe:pando
"{B87CA749-1B6C-43F0-83E0-39291B7826BC}"= UDP:C:\Program Files\Internet Explorer\iexplore.exe:Internet Explorer
"{C306F3A0-F76D-496A-BDC9-B3C26DB824CF}"= TCP:C:\Program Files\Internet Explorer\iexplore.exe:Internet Explorer
"{C293549C-5256-431A-8009-39D8EDD68697}"= UDP:D:\Jeux\Sega Rally\SEGA Rally.exe:SEGA Rally
"{36CBF181-10E9-4733-95D2-6488D8BFE2CE}"= TCP:D:\Jeux\Sega Rally\SEGA Rally.exe:SEGA Rally
"{1487782C-1723-4876-B12D-46AF2CB3C61E}"= UDP:D:\Jeux\Sega Rally\SEGA Rally_SSE1.exe:SEGA Rally
"{637B940C-F099-46D4-999F-6EA93FB385FE}"= TCP:D:\Jeux\Sega Rally\SEGA Rally_SSE1.exe:SEGA Rally
"TCP Query User{5EC4E0EC-7446-4054-8283-A754ACD258F6}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{D04127CE-6F94-4242-8E16-A94F31F9E39B}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{01333095-B341-4992-A9D2-48138D70631D}C:\\program files\\colin mc rae dirt\\dirt.exe"= UDP:C:\program files\colin mc rae dirt\dirt.exe:DiRT Executable
"UDP Query User{AABEF87C-8644-4726-B1F7-550364ED9CD8}C:\\program files\\colin mc rae dirt\\dirt.exe"= TCP:C:\program files\colin mc rae dirt\dirt.exe:DiRT Executable
"TCP Query User{0A81F0E7-528E-41FD-B3AA-EB2CE12BBA4E}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{F597D0C0-4DC9-453F-A91B-8C42973E64A5}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{CAC9F6EC-9A5F-4FCB-AC79-E633859DC3B0}C:\\program files\\bittornado\\btdownloadgui.exe"= UDP:C:\program files\bittornado\btdownloadgui.exe:btdownloadgui
"UDP Query User{A0DB91F0-4CA7-45C5-BE53-EF1B68759E0B}C:\\program files\\bittornado\\btdownloadgui.exe"= TCP:C:\program files\bittornado\btdownloadgui.exe:btdownloadgui
"TCP Query User{D4218A78-66A0-4B1D-A9BB-D52D77AA9C58}D:\\jeux\\counter-strike source\\hl2.exe"= UDP:D:\jeux\counter-strike source\hl2.exe:hl2
"UDP Query User{AA379E76-D70E-49F5-AB76-31E8AFA7F049}D:\\jeux\\counter-strike source\\hl2.exe"= TCP:D:\jeux\counter-strike source\hl2.exe:hl2
"TCP Query User{009B3D83-471A-4EE2-99DD-68F56DB64B44}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{F567359C-56B6-4822-8090-404FB1DFEDCA}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{3B12DC92-D7ED-4685-BE59-C6D1B2BB5C67}C:\\program files\\ip anonymizer\\ip anonymizer.exe"= UDP:C:\program files\ip anonymizer\ip anonymizer.exe:IP Anonymizer
"UDP Query User{A777F77D-2105-43D3-BF0B-E37938CDBA53}C:\\program files\\ip anonymizer\\ip anonymizer.exe"= TCP:C:\program files\ip anonymizer\ip anonymizer.exe:IP Anonymizer
"TCP Query User{6BA67CAB-E47F-4151-85E9-AACEAC5A1DD3}D:\\jeux\\timeshift\\bin\\timeshift.exe"= UDP:D:\jeux\timeshift\bin\timeshift.exe:TimeShift
"UDP Query User{E699186E-FC28-45E6-8DF7-DB26E79D7269}D:\\jeux\\timeshift\\bin\\timeshift.exe"= TCP:D:\jeux\timeshift\bin\timeshift.exe:TimeShift
"TCP Query User{9F32F731-B115-4D4B-A927-ADD1237B57FF}D:\\jeux\\wsop 2008\\wsopbftb.exe"= UDP:D:\jeux\wsop 2008\wsopbftb.exe:WSOPBFTB
"UDP Query User{95D19295-EC2B-4B53-A44A-46EF771E592E}D:\\jeux\\wsop 2008\\wsopbftb.exe"= TCP:D:\jeux\wsop 2008\wsopbftb.exe:WSOPBFTB
"TCP Query User{6186C069-9CAE-4529-936B-BA012B36F5A5}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{6C798A3B-7029-4836-BBE2-6BAC392769B4}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{EF633D9E-75DB-4124-B206-92AAB6D50A07}"= UDP:C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:Studio
"{5572A77E-EE1F-45FC-97DB-96513EC6C10E}"= TCP:C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:Studio
"TCP Query User{EBAAE7DA-6B37-4B97-B8F3-542FD7FA0152}C:\\program files\\hp\\hp software update\\hpwucli.exe"= UDP:C:\program files\hp\hp software update\hpwucli.exe:HP Software Update Client
"UDP Query User{942474FE-BB69-454D-86B5-A2B1747E9B58}C:\\program files\\hp\\hp software update\\hpwucli.exe"= TCP:C:\program files\hp\hp software update\hpwucli.exe:HP Software Update Client
"{AD7C4758-B804-441F-8D8A-DDDD646FCA6D}"= UDP:C:\Windows\System32\lxczcoms.exe:Lexmark Communications System
"{01922C27-5CB7-4423-A249-64CE76B6138F}"= TCP:C:\Windows\System32\lxczcoms.exe:Lexmark Communications System
"{E6E31F8A-5F7F-4575-8065-6866D2812E43}"= UDP:C:\Windows\System32\lxczcoms.exe:Lexmark Communications System
"{14CA88A2-957B-4419-876D-299C3C8214B2}"= TCP:C:\Windows\System32\lxczcoms.exe:Lexmark Communications System
"{1465CABD-CCD6-45AB-A57B-35E6BC924A12}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxczpswx.exe:Printer Status Window
"{6D2970C5-005A-4FE8-BD33-7921A1039FB0}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxczpswx.exe:Printer Status Window
"TCP Query User{18984BD9-9232-4E93-924F-5BBC4A9BD037}C:\\program files\\warez\\warez.exe"= UDP:C:\program files\warez\warez.exe:Warez
"UDP Query User{0A184DFF-8667-4A17-8038-BC0F7BB6D02B}C:\\program files\\warez\\warez.exe"= TCP:C:\program files\warez\warez.exe:Warez
"TCP Query User{94A66FD9-AB7A-49AC-A8D9-0A7FD1AE8DAC}C:\\program files\\camfrog\\camfrog video chat\\camfrog video chat.exe"= UDP:C:\program files\camfrog\camfrog video chat\camfrog video chat.exe:Camfrog Client Module
"UDP Query User{F3012F8D-DE4F-4A57-A416-54CCEE315C49}C:\\program files\\camfrog\\camfrog video chat\\camfrog video chat.exe"= TCP:C:\program files\camfrog\camfrog video chat\camfrog video chat.exe:Camfrog Client Module
"{56866078-4E35-4AF0-8005-EC6E028D9062}"= C:\Program Files\Windows Live\Messenger\wlcsdk.exe:Windows Live Messenger (Phone)
"TCP Query User{DB25FD8B-4723-4D4A-9F21-4BD2BD2387E2}C:\\program files\\emule hardstyle xs\\emule.exe"= UDP:C:\program files\emule hardstyle xs\emule.exe:eMule
"UDP Query User{73059536-DC7E-4647-80E4-A3C6AEE600E5}C:\\program files\\emule hardstyle xs\\emule.exe"= TCP:C:\program files\emule hardstyle xs\emule.exe:eMule
"{01B03A99-5322-40CC-8B17-93A745EE1EEC}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DB8FBF3C-AF4D-49E2-99E0-A070C1C27011}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{19F41D87-5416-442E-AC08-20EE75904277}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\PowerDVD\[u]0/u00.fcl [2006-11-02 16:51]
R2 eID CRL Service;eID CRL Service;C:\Windows\system32\beidservicecrl.exe [2006-06-20 13:38]
R2 lxcz_device;lxcz_device;C:\Windows\system32\lxczcoms.exe [2007-04-19 16:43]
R2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2008-01-19 00:33]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 06:27]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 05:10]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2006-12-18 23:31]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2006-12-18 23:31]
S3 ACSSCR;ACR38 Smart Card Reader;C:\Windows\system32\DRIVERS\a38usbxp.sys [2004-04-30 14:35]
S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 09:30]
S3 eID Privacy Service;eID Privacy Service;C:\Windows\system32\beidservicepcsc.exe [2006-06-21 09:47]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\Windows\system32\DRIVERS\ss_bus.sys [2007-05-02 12:11]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\Windows\system32\DRIVERS\ss_mdfl.sys [2007-05-02 12:11]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\Windows\system32\DRIVERS\ss_mdm.sys [2007-05-02 12:11]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-01-14 02:22]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-28 20:21:09 C:\Windows\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-04-01 19:18:25 C:\Windows\Tasks\User_Feed_Synchronization-{BEF72AAC-735F-47EE-8E3F-4BD6E692961A}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-02 21:07:21
Windows 6.0.6001 Service Pack 1 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-04-02 21:08:02
ComboFix-quarantined-files.txt 2008-04-02 19:07:59
Pre-Run: 26,544,562,176 octets libres
Post-Run: 26,507,583,488 octets libres
.
2008-03-26 00:18:33 --- E O F ---
colle un rapport hijackthis
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
manuel :
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."k
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
manuel :
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."k
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Et voici le rapport de Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:13:32, on 2/04/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\DllHost.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\hijackthis\eden.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es127.255.255.255 serial.alcohol-soft.com
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://timon-dlp.spaces.live.com/PhotoUpload/VistaMsnPUpldfr-be.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eID CRL Service - Zetes - C:\Windows\system32\beidservicecrl.exe
O23 - Service: eID Privacy Service - Zetes - C:\Windows\system32\beidservicepcsc.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcz_device - - C:\Windows\system32\lxczcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:13:32, on 2/04/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\DllHost.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\hijackthis\eden.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es127.255.255.255 serial.alcohol-soft.com
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://timon-dlp.spaces.live.com/PhotoUpload/VistaMsnPUpldfr-be.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eID CRL Service - Zetes - C:\Windows\system32\beidservicecrl.exe
O23 - Service: eID Privacy Service - Zetes - C:\Windows\system32\beidservicepcsc.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcz_device - - C:\Windows\system32\lxczcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
ok
c'est pas finit tu es détourné quand tu surf
telecharge et lance rhost
http://siri.urz.free.fr/RHosts.php
puis recolle moi un hijackhtis
c'est pas finit tu es détourné quand tu surf
telecharge et lance rhost
http://siri.urz.free.fr/RHosts.php
puis recolle moi un hijackhtis
essaye de desactiver le compte utilisateur avant
sinon
# télécharger Hoster :
http://www.funkytoad.com/download/HostsXpert.zip
# Dézipper le dossier sur le bureau.
# Lancer Hoster et cliquer sur Restore Microsoft's Hosts File
sinon
# télécharger Hoster :
http://www.funkytoad.com/download/HostsXpert.zip
# Dézipper le dossier sur le bureau.
# Lancer Hoster et cliquer sur Restore Microsoft's Hosts File
Voici le rapport apres avoir restaurer avec HostsXpert :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:22:37, on 2/04/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\hijackthis\eden.exe
C:\Windows\system32\DllHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://timon-dlp.spaces.live.com/PhotoUpload/VistaMsnPUpldfr-be.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eID CRL Service - Zetes - C:\Windows\system32\beidservicecrl.exe
O23 - Service: eID Privacy Service - Zetes - C:\Windows\system32\beidservicepcsc.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcz_device - - C:\Windows\system32\lxczcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:22:37, on 2/04/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\hijackthis\eden.exe
C:\Windows\system32\DllHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://timon-dlp.spaces.live.com/PhotoUpload/VistaMsnPUpldfr-be.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eID CRL Service - Zetes - C:\Windows\system32\beidservicecrl.exe
O23 - Service: eID Privacy Service - Zetes - C:\Windows\system32\beidservicepcsc.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcz_device - - C:\Windows\system32\lxczcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
ok le rapport est clean
par sureté:
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
secuser en ligne :
http://www.secuser.com/outils/antivirus.htm
scan en ligne firefox
https://www.trendmicro.com/fr_fr/business.html
par sureté:
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
secuser en ligne :
http://www.secuser.com/outils/antivirus.htm
scan en ligne firefox
https://www.trendmicro.com/fr_fr/business.html
Je fais une analyse avec Bit Defender en ligne mais ca risque de prendre un peu de temps ;)
Je post le rapport une fois terminer.
Je post le rapport une fois terminer.
Ok mais je viens de voir que j'ai encore des fenetres publicitaires qui s'ouvre et mon fond d'ecran qui est tout noir.
Est-ce normal?
Est-ce normal?
non pas normal? c'est depuis quand? depuis combofix???
______________
smit fraud fix (colle le rapport)
1/ telecharger :
http://siri.urz.free.fr/Fix/SmitfraudFix.php
2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes.
______________
smit fraud fix (colle le rapport)
1/ telecharger :
http://siri.urz.free.fr/Fix/SmitfraudFix.php
2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes.
SmitFraudFix v2.309
Scan done at 21:46:55,18, mer. 02/04/2008
Run from C:\Users\Lolo\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\beidservicecrl.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\ESET\nod32kui.exe
C:\Windows\system32\lxczcoms.exe
C:\Program Files\PowerDVD\PDVDServ.exe
C:\Program Files\Eset\nod32krn.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\MsPMSPSv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Lolo
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Lolo\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Lolo\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) PRO/Wireless 3945ABG Network Connection #2
DNS Server Search Order: 212.68.193.110
DNS Server Search Order: 192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{252C82CB-31D7-4F3B-9711-0793C85412B6}: DhcpNameServer=212.68.193.110 192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{5BCB9D9D-71DF-489C-83C0-19299FEBC6A6}: DhcpNameServer=212.68.193.110 192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{252C82CB-31D7-4F3B-9711-0793C85412B6}: DhcpNameServer=212.68.193.110 192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5BCB9D9D-71DF-489C-83C0-19299FEBC6A6}: DhcpNameServer=212.68.193.110 192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{252C82CB-31D7-4F3B-9711-0793C85412B6}: DhcpNameServer=212.68.193.110 192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{5BCB9D9D-71DF-489C-83C0-19299FEBC6A6}: DhcpNameServer=212.68.193.110 192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.68.193.110 192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.68.193.110 192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.68.193.110 192.168.0.1
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Scan done at 21:46:55,18, mer. 02/04/2008
Run from C:\Users\Lolo\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\beidservicecrl.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\ESET\nod32kui.exe
C:\Windows\system32\lxczcoms.exe
C:\Program Files\PowerDVD\PDVDServ.exe
C:\Program Files\Eset\nod32krn.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\MsPMSPSv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Lolo
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Lolo\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Lolo\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) PRO/Wireless 3945ABG Network Connection #2
DNS Server Search Order: 212.68.193.110
DNS Server Search Order: 192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{252C82CB-31D7-4F3B-9711-0793C85412B6}: DhcpNameServer=212.68.193.110 192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{5BCB9D9D-71DF-489C-83C0-19299FEBC6A6}: DhcpNameServer=212.68.193.110 192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{252C82CB-31D7-4F3B-9711-0793C85412B6}: DhcpNameServer=212.68.193.110 192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5BCB9D9D-71DF-489C-83C0-19299FEBC6A6}: DhcpNameServer=212.68.193.110 192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{252C82CB-31D7-4F3B-9711-0793C85412B6}: DhcpNameServer=212.68.193.110 192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{5BCB9D9D-71DF-489C-83C0-19299FEBC6A6}: DhcpNameServer=212.68.193.110 192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.68.193.110 192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.68.193.110 192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.68.193.110 192.168.0.1
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
ok combofix a viré des images , essaye des remettre une nouvelle image en fond d'ecran et dis si ca persiste
tu vire combofix et smitfraudfix de ton ordi
puis
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
secuser en ligne :
http://www.secuser.com/outils/antivirus.htm
scan en ligne firefox
https://www.trendmicro.com/fr_fr/business.html
puis
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
secuser en ligne :
http://www.secuser.com/outils/antivirus.htm
scan en ligne firefox
https://www.trendmicro.com/fr_fr/business.html
