Incomprehension
Fermé
nimrode
Messages postés
31
Date d'inscription
mercredi 16 avril 2008
Statut
Membre
Dernière intervention
22 juillet 2008
-
16 avril 2008 à 02:50
jean_louis_57 Messages postés 1353 Date d'inscription dimanche 13 avril 2008 Statut Membre Dernière intervention 12 février 2020 - 15 mai 2008 à 19:00
jean_louis_57 Messages postés 1353 Date d'inscription dimanche 13 avril 2008 Statut Membre Dernière intervention 12 février 2020 - 15 mai 2008 à 19:00
A voir également:
- Incomprehension
- Incompréhension !!! , Mémoire saturée pour rien, besoin d'aide ✓ - Forum Windows 8 / 8.1
- Incompréhension de la fin d'Another Earth - Forum Cinéma / Télé
- Incompréhension de la fin de "jeux d'enfants" - Forum Cinéma / Télé
- Incomprehension sur des attributs "protected" des classes ✓ - Forum Java
42 réponses
jean_louis_57
Messages postés
1353
Date d'inscription
dimanche 13 avril 2008
Statut
Membre
Dernière intervention
12 février 2020
81
19 avril 2008 à 07:49
19 avril 2008 à 07:49
bonjour
marie déja la!!!
marie déja la!!!
nimrode
Messages postés
31
Date d'inscription
mercredi 16 avril 2008
Statut
Membre
Dernière intervention
22 juillet 2008
20 avril 2008 à 03:18
20 avril 2008 à 03:18
bizar l'option afficher n'apparait pas
j'ai cherché partout niete
j'ai cherché partout niete
nimrode
Messages postés
31
Date d'inscription
mercredi 16 avril 2008
Statut
Membre
Dernière intervention
22 juillet 2008
21 avril 2008 à 00:41
21 avril 2008 à 00:41
je vais essayer combofix quand meme
nimrode
Messages postés
31
Date d'inscription
mercredi 16 avril 2008
Statut
Membre
Dernière intervention
22 juillet 2008
22 avril 2008 à 17:09
22 avril 2008 à 17:09
voila le log de combofix
ComboFix 08-04-17.1 - Nimrod 2008-04-22 4:04:15.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.666 [GMT 2:00]
Endroit: C:\Documents and Settings\Nimrod\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\OnlineHelpmate
C:\Documents and Settings\All Users\Application Data\OnlineHelpmate\Abbr
C:\Documents and Settings\All Users\Application Data\OnlineHelpmate\ProdCode
C:\Documents and Settings\All Users\Application Data\salesmonitor
C:\Documents and Settings\All Users\Application Data\storageprotector
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\ac
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\em
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\oid
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\user
C:\Documents and Settings\Nimrod\Application Data\storageprotector
C:\Documents and Settings\Nimrod\Application Data\storageprotector\Logs\update.log
C:\Documents and Settings\Nimrod\Application Data\urlredir.cfg
C:\Program Files\Dcads Advanced Toolbar
C:\Program Files\Fichiers communs\OnlineHelpmate
C:\Program Files\Fichiers communs\OnlineHelpmate\mc.exe
C:\Program Files\Fichiers communs\StorageProtector
C:\Program Files\OnlineHelpmate
C:\Program Files\OnlineHelpmate\secure_del.dll
C:\Program Files\webmediaplayer
C:\Program Files\webmediaplayer\Conditions générales.url
C:\Program Files\webmediaplayer\Confidentialité.url
C:\Program Files\webmediaplayer\resources\languages_v2.xml
C:\Program Files\webmediaplayer\resources\webmedias
C:\Program Files\webmediaplayer\skins\classic.skn
C:\Program Files\webmediaplayer\sqlite3.dll
C:\Program Files\webmediaplayer\uninst.exe
C:\Program Files\webmediaplayer\Website.url
C:\Program Files\WinAble
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\1334000.exe
C:\WINDOWS\system32\drivers\downld\747484.exe
C:\WINDOWS\system32\drivers\downld\750093.exe
C:\WINDOWS\system32\drivers\downld\767062.exe
C:\WINDOWS\system32\drivers\downld\773796.exe
C:\WINDOWS\system32\drivers\downld\774640.exe
C:\WINDOWS\system32\drivers\downld\798812.exe
C:\WINDOWS\system32\drivers\downld\851953.exe
C:\WINDOWS\system32\drivers\downld\867656.exe
C:\WINDOWS\system32\drivers\downld\871437.exe
C:\WINDOWS\system32\drivers\downld\951093.exe
C:\WINDOWS\system32\plugin1.dat
C:\WINDOWS\system32\SysPr.prx
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_DOMAINSERVICE
-------\Legacy_ROSA
-------\Legacy_SROSA
-------\Service_DomainService
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-22 to 2008-04-22 ))))))))))))))))))))))))))))))))))))
.
2008-04-18 19:47 . 2008-04-18 19:48 <REP> d-------- C:\HijackThis
2008-04-18 19:46 . 2007-06-28 14:36 401,720 --a------ C:\HijackThis.exe
2008-04-18 00:59 . 2008-04-18 00:59 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-18 00:59 . 2008-04-18 00:59 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-16 14:53 . 2008-04-16 14:53 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Ipswitch
2008-04-16 14:52 . 2008-04-16 14:52 <REP> d-------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-04-16 14:52 . 2008-04-16 14:54 <REP> d---s---- C:\Documents and Settings\Administrateur\Favoris
2008-04-16 14:52 . 2008-04-16 14:52 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-04-16 14:50 . 2008-04-18 01:48 437 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2008-04-16 14:40 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-16 14:40 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-16 14:40 . 2008-04-14 19:28 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-16 14:40 . 2008-04-12 13:49 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-16 14:40 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-16 14:40 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-16 14:40 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-16 14:40 . 2008-04-18 03:12 3,604 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-16 14:38 . 2008-04-16 14:38 <REP> d-------- C:\Program Files\Sunbelt Software
2008-04-16 02:36 . 2008-04-16 03:37 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-04-16 02:35 . 2008-04-16 02:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-16 02:31 . 2008-03-29 19:23 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-04-16 02:31 . 2008-03-29 19:35 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-04-16 02:31 . 2008-01-17 17:34 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-04-16 02:31 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-16 02:31 . 2008-03-29 19:27 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-04-16 02:31 . 2008-03-29 19:26 26,944 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-04-16 02:31 . 2008-03-29 19:29 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-04-16 02:31 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-04-16 02:30 . 2008-03-29 19:45 1,146,232 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-04-16 00:22 . 2008-04-16 00:22 <REP> d-------- C:\Program Files\Yahoo!
2008-04-16 00:22 . 2008-04-16 00:22 <REP> d-------- C:\Program Files\CCleaner
2008-04-15 23:23 . 2008-04-15 23:23 <REP> d-------- C:\Program Files\ma-config.com
2008-04-15 23:23 . 2008-04-15 23:23 <REP> d-------- C:\Documents and Settings\Nimrod\Application Data\ma-config.com
2008-04-14 20:13 . 2008-04-15 23:00 <REP> d-------- C:\Program Files\DVDFab Platinum
2008-04-14 20:11 . 2008-04-14 20:18 <REP> d-------- C:\Program Files\Ripp-it_AM
2008-04-14 20:11 . 2008-04-14 20:12 <REP> d-------- C:\Program Files\Ripp-It Codec Pack
2008-04-14 20:11 . 2008-04-14 20:11 <REP> d-------- C:\Program Files\MKVToolnix
2008-04-14 20:10 . 2008-04-14 20:10 <REP> d-------- C:\Program Files\RIAM Video Enhancer
2008-04-14 19:12 . 2008-04-14 20:03 <REP> d-------- C:\Program Files\Fichiers communs\AVSMedia
2008-04-14 19:12 . 2003-05-22 13:26 638,976 --a------ C:\WINDOWS\system32\divx.dll
2008-04-14 19:12 . 2003-05-22 00:50 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2008-04-14 19:12 . 2003-05-22 13:26 221,215 --a------ C:\WINDOWS\system32\divxdec.ax
2008-04-14 19:12 . 2003-05-22 00:50 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2008-04-14 19:12 . 2003-05-22 00:50 82,944 --a------ C:\WINDOWS\system32\vct3216.acm
2008-04-14 19:12 . 2004-02-04 22:11 81,920 --a------ C:\WINDOWS\system32\AC3ACM.acm
2008-04-14 19:12 . 2003-05-22 00:50 38,912 --a------ C:\WINDOWS\system32\alf2cd.acm
2008-04-14 19:12 . 2008-04-14 19:12 33,920 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2008-04-14 19:12 . 2000-03-14 21:55 13,239 --a------ C:\WINDOWS\system32\Scg726.acm
2008-04-13 19:17 . 2008-04-14 19:09 <REP> d-------- C:\Program Files\Free Video Converter
2008-04-03 01:30 . 2008-04-03 01:30 <REP> d-------- C:\Documents and Settings\Nimrod\Application Data\vlc
2008-04-03 01:27 . 2008-04-03 01:27 <REP> d-------- C:\Program Files\VideoLAN
2008-04-02 12:38 . 2008-04-08 22:10 <REP> d-------- C:\Documents and Settings\Nimrod\Application Data\MozillaControl
2008-04-02 12:37 . 2008-04-02 12:37 <REP> d-------- C:\Program Files\Mozilla ActiveX Control v1.7.12
2008-04-02 12:15 . 2008-04-02 12:15 <REP> d-------- C:\Program Files\NuxBox
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-22 01:59 --------- d-----w C:\Documents and Settings\Nimrod\Application Data\Free Download Manager
2008-04-18 13:37 --------- d-----w C:\Program Files\Trend Micro
2008-04-18 12:32 --------- d-----w C:\Program Files\Hijackthis Version Française
2008-04-17 23:22 --------- d-----w C:\Documents and Settings\Nimrod\Application Data\Corel
2008-04-17 02:23 --------- d-----r C:\Program Files\eMule
2008-04-15 23:33 --------- d-----w C:\Program Files\Free Download Manager
2008-04-15 23:16 102,400 ----a-w C:\WINDOWS\DUMP36de.tmp
2008-04-15 21:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-15 21:00 --------- d-----w C:\Program Files\AviSynth 2.5
2008-04-15 16:52 --------- d-----w C:\Documents and Settings\Nimrod\Application Data\LimeWire
2008-04-14 18:07 --------- d-----w C:\Documents and Settings\Nimrod\Application Data\My Games
2008-03-19 09:34 --------- d-----w C:\Documents and Settings\Nimrod\Application Data\U3
2008-03-18 21:17 --------- d-----w C:\Program Files\MECAFLUX
2008-03-09 14:56 --------- d-----w C:\Program Files\EA GAMES
2008-03-07 22:18 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-03-07 20:03 --------- d-----w C:\Program Files\THQ
2008-03-07 20:02 --------- d-----w C:\Program Files\Nvu
2008-03-07 20:02 --------- d-----w C:\Program Files\Navman
2008-03-07 20:02 --------- d-----w C:\Program Files\Anno 1701
2008-03-07 20:02 --------- d-----w C:\Program Files\AIM6
2008-03-07 20:02 --------- d-----w C:\Documents and Settings\Nimrod\Application Data\acccore
2008-03-07 20:01 --------- d-----w C:\Program Files\Dynamic Toolbar
2008-03-04 23:19 --------- d-----w C:\Program Files\pspvideo9
2008-03-04 22:40 --------- d-----w C:\Program Files\VideoraiPodConverter
2008-03-04 22:39 --------- d-----w C:\Program Files\BitComet
2008-03-04 10:11 --------- d-----w C:\Program Files\Chaos Shredder2.3FR
2008-02-23 19:01 --------- d-----w C:\Program Files\Bitmanagement Software
2008-02-15 21:46 65,024 ----a-w C:\WINDOWS\IFinst26.exe
2008-01-26 00:00 128 --sha-w C:\Program Files\desktop.ini
2008-01-19 01:07 22,328 ----a-w C:\Documents and Settings\Nimrod\Application Data\PnkBstrK.sys
2006-05-28 14:45 115,459 --sha-r C:\Program Files\andame.zip
2006-05-28 14:45 115,459 --sha-r C:\Program Files\andame.tde
2006-05-28 14:05 221,099 --sha-r C:\Program Files\serial.tde
2007-07-14 00:43 37,664 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-07-14 00:43 9,504 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-19 00:05 630784]
"Connection Manager"="C:\Program Files\BVRP Connection Manager\Nomad.exe" [2006-02-16 16:01 86016]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2007-12-16 21:39 2449455]
"Free Upload Manager"="C:\Program Files\Free Download Manager\fum\fum.exe" [2007-07-29 20:13 253952]
"Free Uploader Oe Integration"="C:\Program Files\Free Download Manager\FUM\fumoei.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WLAN"="C:\WINDOWS\system32\WLan.exe" [2005-11-25 08:52 221184]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-19 15:52 15797248 C:\WINDOWS\RTHDCPL.exe]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 13:48 127118]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43 45056]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 07:55 61440]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 14:46 28160 C:\WINDOWS\KHALMNPR.Exe]
"RegistryMechanic"="C:\Program Files\Registry Mechanic\regmech.exe" [2007-08-20 12:58 2483496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-01-25 01:58 185896]
"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 09:23 132624]
"PSPVideo9"="C:\Program Files\pspvideo9\pspVideo9.exe" [2005-10-30 02:56 606208]
"devenv"="C:\WINDOWS\system\smvss.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
"Connection Manager"="C:\Program Files\BVRP Connection Manager\Nomad.exe" [2006-02-16 16:01 86016]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 17:51 192512]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\APPS\\Inventime\\my.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\WINDOWS\\system32\\muzapp.exe"=
R0 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\DRIVERS\o2media.sys [2006-02-27 15:00]
R0 O2SDRDR;O2SDRDR;C:\WINDOWS\system32\DRIVERS\o2sd.sys [2006-02-20 16:01]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-03-16 09:56]
R1 kioport;kioport Library Driver;C:\WINDOWS\system32\drivers\kioport.sys [2005-04-29 14:02]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2008-04-14 19:12]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 BVRPNDIS;BVRPNDIS Protocol Driver U/I;C:\Program Files\BVRP Connection Manager\BVRPNDIS.SYS [2004-06-02 17:56]
R2 Nomad;Connection Manager;"C:\Program Files\BVRP Connection Manager\NomadSvr.exe" [2005-12-15 12:58]
R3 CIR;Hid Device;C:\WINDOWS\system32\DRIVERS\CIR.sys [2005-09-30 11:37]
R3 kbd;Keyboard;C:\WINDOWS\system32\DRIVERS\kbd.sys [2005-09-30 11:36]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2006-02-14 23:18]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2006-11-15 21:55]
S3 BW2NDIS5;BW2NDIS5;C:\WINDOWS\system32\Drivers\BW2NDIS5.sys []
S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows []
S3 Navcar;Navman In-car Navigator USB Driver Service;C:\WINDOWS\system32\DRIVERS\Navcar.sys [2006-09-18 14:48]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS []
S3 PVUSB;CESG502 USB Driver;C:\WINDOWS\system32\DRIVERS\CESG502.sys [2007-09-28 00:17]
S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2004-09-17 16:04]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2004-09-17 16:05]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2004-09-17 16:05]
S4 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-03-16 09:56]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-21 17:30:00 C:\WINDOWS\Tasks\Extension de garantie.job"
- C:\APPS\SMP\PBCARNOT.EXE
"2008-04-21 17:30:02 C:\WINDOWS\Tasks\Master CD_DVD Creator.job"
- C:\Apps\SMP\MCDCHECK.EXE
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 04:12:57
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
C:\Documents and Settings\Nimrod\Local Settings\Application Data\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 1090 bytes hidden from API
Scan termin‚ avec succŠs
Les fichiers cach‚s: 870
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSControlService]
"ImagePath"="C:\WINDOWS\system32\windows"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySqlInventime]
"ImagePath"="c:\mysql\bin\mysqld-max-nt MySqlInventime"
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\APPS\HIDSERVICE\HidService.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\o2flash.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-22 4:23:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-22 02:23:33
Pre-Run: 12,814,225,408 octets libres
Post-Run: 13,224,013,824 octets libres
.
2008-04-16 00:17:50 --- E O F ---
ComboFix 08-04-17.1 - Nimrod 2008-04-22 4:04:15.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.666 [GMT 2:00]
Endroit: C:\Documents and Settings\Nimrod\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\OnlineHelpmate
C:\Documents and Settings\All Users\Application Data\OnlineHelpmate\Abbr
C:\Documents and Settings\All Users\Application Data\OnlineHelpmate\ProdCode
C:\Documents and Settings\All Users\Application Data\salesmonitor
C:\Documents and Settings\All Users\Application Data\storageprotector
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\ac
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\em
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\oid
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\user
C:\Documents and Settings\Nimrod\Application Data\storageprotector
C:\Documents and Settings\Nimrod\Application Data\storageprotector\Logs\update.log
C:\Documents and Settings\Nimrod\Application Data\urlredir.cfg
C:\Program Files\Dcads Advanced Toolbar
C:\Program Files\Fichiers communs\OnlineHelpmate
C:\Program Files\Fichiers communs\OnlineHelpmate\mc.exe
C:\Program Files\Fichiers communs\StorageProtector
C:\Program Files\OnlineHelpmate
C:\Program Files\OnlineHelpmate\secure_del.dll
C:\Program Files\webmediaplayer
C:\Program Files\webmediaplayer\Conditions générales.url
C:\Program Files\webmediaplayer\Confidentialité.url
C:\Program Files\webmediaplayer\resources\languages_v2.xml
C:\Program Files\webmediaplayer\resources\webmedias
C:\Program Files\webmediaplayer\skins\classic.skn
C:\Program Files\webmediaplayer\sqlite3.dll
C:\Program Files\webmediaplayer\uninst.exe
C:\Program Files\webmediaplayer\Website.url
C:\Program Files\WinAble
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\1334000.exe
C:\WINDOWS\system32\drivers\downld\747484.exe
C:\WINDOWS\system32\drivers\downld\750093.exe
C:\WINDOWS\system32\drivers\downld\767062.exe
C:\WINDOWS\system32\drivers\downld\773796.exe
C:\WINDOWS\system32\drivers\downld\774640.exe
C:\WINDOWS\system32\drivers\downld\798812.exe
C:\WINDOWS\system32\drivers\downld\851953.exe
C:\WINDOWS\system32\drivers\downld\867656.exe
C:\WINDOWS\system32\drivers\downld\871437.exe
C:\WINDOWS\system32\drivers\downld\951093.exe
C:\WINDOWS\system32\plugin1.dat
C:\WINDOWS\system32\SysPr.prx
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_DOMAINSERVICE
-------\Legacy_ROSA
-------\Legacy_SROSA
-------\Service_DomainService
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-22 to 2008-04-22 ))))))))))))))))))))))))))))))))))))
.
2008-04-18 19:47 . 2008-04-18 19:48 <REP> d-------- C:\HijackThis
2008-04-18 19:46 . 2007-06-28 14:36 401,720 --a------ C:\HijackThis.exe
2008-04-18 00:59 . 2008-04-18 00:59 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-18 00:59 . 2008-04-18 00:59 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-16 14:53 . 2008-04-16 14:53 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Ipswitch
2008-04-16 14:52 . 2008-04-16 14:52 <REP> d-------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-04-16 14:52 . 2008-04-16 14:54 <REP> d---s---- C:\Documents and Settings\Administrateur\Favoris
2008-04-16 14:52 . 2008-04-16 14:52 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-04-16 14:50 . 2008-04-18 01:48 437 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2008-04-16 14:40 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-16 14:40 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-16 14:40 . 2008-04-14 19:28 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-16 14:40 . 2008-04-12 13:49 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-16 14:40 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-16 14:40 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-16 14:40 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-16 14:40 . 2008-04-18 03:12 3,604 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-16 14:38 . 2008-04-16 14:38 <REP> d-------- C:\Program Files\Sunbelt Software
2008-04-16 02:36 . 2008-04-16 03:37 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-04-16 02:35 . 2008-04-16 02:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-16 02:31 . 2008-03-29 19:23 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-04-16 02:31 . 2008-03-29 19:35 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-04-16 02:31 . 2008-01-17 17:34 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-04-16 02:31 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-16 02:31 . 2008-03-29 19:27 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-04-16 02:31 . 2008-03-29 19:26 26,944 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-04-16 02:31 . 2008-03-29 19:29 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-04-16 02:31 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-04-16 02:30 . 2008-03-29 19:45 1,146,232 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-04-16 00:22 . 2008-04-16 00:22 <REP> d-------- C:\Program Files\Yahoo!
2008-04-16 00:22 . 2008-04-16 00:22 <REP> d-------- C:\Program Files\CCleaner
2008-04-15 23:23 . 2008-04-15 23:23 <REP> d-------- C:\Program Files\ma-config.com
2008-04-15 23:23 . 2008-04-15 23:23 <REP> d-------- C:\Documents and Settings\Nimrod\Application Data\ma-config.com
2008-04-14 20:13 . 2008-04-15 23:00 <REP> d-------- C:\Program Files\DVDFab Platinum
2008-04-14 20:11 . 2008-04-14 20:18 <REP> d-------- C:\Program Files\Ripp-it_AM
2008-04-14 20:11 . 2008-04-14 20:12 <REP> d-------- C:\Program Files\Ripp-It Codec Pack
2008-04-14 20:11 . 2008-04-14 20:11 <REP> d-------- C:\Program Files\MKVToolnix
2008-04-14 20:10 . 2008-04-14 20:10 <REP> d-------- C:\Program Files\RIAM Video Enhancer
2008-04-14 19:12 . 2008-04-14 20:03 <REP> d-------- C:\Program Files\Fichiers communs\AVSMedia
2008-04-14 19:12 . 2003-05-22 13:26 638,976 --a------ C:\WINDOWS\system32\divx.dll
2008-04-14 19:12 . 2003-05-22 00:50 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2008-04-14 19:12 . 2003-05-22 13:26 221,215 --a------ C:\WINDOWS\system32\divxdec.ax
2008-04-14 19:12 . 2003-05-22 00:50 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2008-04-14 19:12 . 2003-05-22 00:50 82,944 --a------ C:\WINDOWS\system32\vct3216.acm
2008-04-14 19:12 . 2004-02-04 22:11 81,920 --a------ C:\WINDOWS\system32\AC3ACM.acm
2008-04-14 19:12 . 2003-05-22 00:50 38,912 --a------ C:\WINDOWS\system32\alf2cd.acm
2008-04-14 19:12 . 2008-04-14 19:12 33,920 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2008-04-14 19:12 . 2000-03-14 21:55 13,239 --a------ C:\WINDOWS\system32\Scg726.acm
2008-04-13 19:17 . 2008-04-14 19:09 <REP> d-------- C:\Program Files\Free Video Converter
2008-04-03 01:30 . 2008-04-03 01:30 <REP> d-------- C:\Documents and Settings\Nimrod\Application Data\vlc
2008-04-03 01:27 . 2008-04-03 01:27 <REP> d-------- C:\Program Files\VideoLAN
2008-04-02 12:38 . 2008-04-08 22:10 <REP> d-------- C:\Documents and Settings\Nimrod\Application Data\MozillaControl
2008-04-02 12:37 . 2008-04-02 12:37 <REP> d-------- C:\Program Files\Mozilla ActiveX Control v1.7.12
2008-04-02 12:15 . 2008-04-02 12:15 <REP> d-------- C:\Program Files\NuxBox
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-22 01:59 --------- d-----w C:\Documents and Settings\Nimrod\Application Data\Free Download Manager
2008-04-18 13:37 --------- d-----w C:\Program Files\Trend Micro
2008-04-18 12:32 --------- d-----w C:\Program Files\Hijackthis Version Française
2008-04-17 23:22 --------- d-----w C:\Documents and Settings\Nimrod\Application Data\Corel
2008-04-17 02:23 --------- d-----r C:\Program Files\eMule
2008-04-15 23:33 --------- d-----w C:\Program Files\Free Download Manager
2008-04-15 23:16 102,400 ----a-w C:\WINDOWS\DUMP36de.tmp
2008-04-15 21:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-15 21:00 --------- d-----w C:\Program Files\AviSynth 2.5
2008-04-15 16:52 --------- d-----w C:\Documents and Settings\Nimrod\Application Data\LimeWire
2008-04-14 18:07 --------- d-----w C:\Documents and Settings\Nimrod\Application Data\My Games
2008-03-19 09:34 --------- d-----w C:\Documents and Settings\Nimrod\Application Data\U3
2008-03-18 21:17 --------- d-----w C:\Program Files\MECAFLUX
2008-03-09 14:56 --------- d-----w C:\Program Files\EA GAMES
2008-03-07 22:18 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-03-07 20:03 --------- d-----w C:\Program Files\THQ
2008-03-07 20:02 --------- d-----w C:\Program Files\Nvu
2008-03-07 20:02 --------- d-----w C:\Program Files\Navman
2008-03-07 20:02 --------- d-----w C:\Program Files\Anno 1701
2008-03-07 20:02 --------- d-----w C:\Program Files\AIM6
2008-03-07 20:02 --------- d-----w C:\Documents and Settings\Nimrod\Application Data\acccore
2008-03-07 20:01 --------- d-----w C:\Program Files\Dynamic Toolbar
2008-03-04 23:19 --------- d-----w C:\Program Files\pspvideo9
2008-03-04 22:40 --------- d-----w C:\Program Files\VideoraiPodConverter
2008-03-04 22:39 --------- d-----w C:\Program Files\BitComet
2008-03-04 10:11 --------- d-----w C:\Program Files\Chaos Shredder2.3FR
2008-02-23 19:01 --------- d-----w C:\Program Files\Bitmanagement Software
2008-02-15 21:46 65,024 ----a-w C:\WINDOWS\IFinst26.exe
2008-01-26 00:00 128 --sha-w C:\Program Files\desktop.ini
2008-01-19 01:07 22,328 ----a-w C:\Documents and Settings\Nimrod\Application Data\PnkBstrK.sys
2006-05-28 14:45 115,459 --sha-r C:\Program Files\andame.zip
2006-05-28 14:45 115,459 --sha-r C:\Program Files\andame.tde
2006-05-28 14:05 221,099 --sha-r C:\Program Files\serial.tde
2007-07-14 00:43 37,664 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-07-14 00:43 9,504 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-19 00:05 630784]
"Connection Manager"="C:\Program Files\BVRP Connection Manager\Nomad.exe" [2006-02-16 16:01 86016]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2007-12-16 21:39 2449455]
"Free Upload Manager"="C:\Program Files\Free Download Manager\fum\fum.exe" [2007-07-29 20:13 253952]
"Free Uploader Oe Integration"="C:\Program Files\Free Download Manager\FUM\fumoei.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WLAN"="C:\WINDOWS\system32\WLan.exe" [2005-11-25 08:52 221184]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-19 15:52 15797248 C:\WINDOWS\RTHDCPL.exe]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 13:48 127118]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43 45056]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 07:55 61440]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 14:46 28160 C:\WINDOWS\KHALMNPR.Exe]
"RegistryMechanic"="C:\Program Files\Registry Mechanic\regmech.exe" [2007-08-20 12:58 2483496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-01-25 01:58 185896]
"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 09:23 132624]
"PSPVideo9"="C:\Program Files\pspvideo9\pspVideo9.exe" [2005-10-30 02:56 606208]
"devenv"="C:\WINDOWS\system\smvss.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
"Connection Manager"="C:\Program Files\BVRP Connection Manager\Nomad.exe" [2006-02-16 16:01 86016]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 17:51 192512]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\APPS\\Inventime\\my.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\WINDOWS\\system32\\muzapp.exe"=
R0 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\DRIVERS\o2media.sys [2006-02-27 15:00]
R0 O2SDRDR;O2SDRDR;C:\WINDOWS\system32\DRIVERS\o2sd.sys [2006-02-20 16:01]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-03-16 09:56]
R1 kioport;kioport Library Driver;C:\WINDOWS\system32\drivers\kioport.sys [2005-04-29 14:02]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2008-04-14 19:12]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 BVRPNDIS;BVRPNDIS Protocol Driver U/I;C:\Program Files\BVRP Connection Manager\BVRPNDIS.SYS [2004-06-02 17:56]
R2 Nomad;Connection Manager;"C:\Program Files\BVRP Connection Manager\NomadSvr.exe" [2005-12-15 12:58]
R3 CIR;Hid Device;C:\WINDOWS\system32\DRIVERS\CIR.sys [2005-09-30 11:37]
R3 kbd;Keyboard;C:\WINDOWS\system32\DRIVERS\kbd.sys [2005-09-30 11:36]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2006-02-14 23:18]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2006-11-15 21:55]
S3 BW2NDIS5;BW2NDIS5;C:\WINDOWS\system32\Drivers\BW2NDIS5.sys []
S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows []
S3 Navcar;Navman In-car Navigator USB Driver Service;C:\WINDOWS\system32\DRIVERS\Navcar.sys [2006-09-18 14:48]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS []
S3 PVUSB;CESG502 USB Driver;C:\WINDOWS\system32\DRIVERS\CESG502.sys [2007-09-28 00:17]
S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2004-09-17 16:04]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2004-09-17 16:05]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2004-09-17 16:05]
S4 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-03-16 09:56]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-21 17:30:00 C:\WINDOWS\Tasks\Extension de garantie.job"
- C:\APPS\SMP\PBCARNOT.EXE
"2008-04-21 17:30:02 C:\WINDOWS\Tasks\Master CD_DVD Creator.job"
- C:\Apps\SMP\MCDCHECK.EXE
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 04:12:57
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
C:\Documents and Settings\Nimrod\Local Settings\Application Data\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 1090 bytes hidden from API
Scan termin‚ avec succŠs
Les fichiers cach‚s: 870
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSControlService]
"ImagePath"="C:\WINDOWS\system32\windows"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySqlInventime]
"ImagePath"="c:\mysql\bin\mysqld-max-nt MySqlInventime"
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\APPS\HIDSERVICE\HidService.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\o2flash.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-22 4:23:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-22 02:23:33
Pre-Run: 12,814,225,408 octets libres
Post-Run: 13,224,013,824 octets libres
.
2008-04-16 00:17:50 --- E O F ---
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
nimrode
Messages postés
31
Date d'inscription
mercredi 16 avril 2008
Statut
Membre
Dernière intervention
22 juillet 2008
22 avril 2008 à 17:13
22 avril 2008 à 17:13
et voila le rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:12:36, on 22/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\BVRP Connection Manager\NomadSvr.exe
C:\WINDOWS\system32\o2flash.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\WLan.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\BVRP Connection Manager\Nomad.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\MSNMES~1\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [WLAN] C:\WINDOWS\system32\WLan.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RegistryMechanic] "C:\Program Files\Registry Mechanic\regmech.exe" /H
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
O4 - HKLM\..\Run: [devenv] C:\WINDOWS\system\smvss.exe /w
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Connection Manager] "C:\Program Files\BVRP Connection Manager\Nomad.exe" /runstart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [Free Upload Manager] "C:\Program Files\Free Download Manager\fum\fum.exe" -autorun
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Connection Manager] "C:\Program Files\BVRP Connection Manager\Nomad.exe" /runstart (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: SynTPEnh.exe.lnk = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: Connection Manager (Nomad) - Unknown owner - C:\Program Files\BVRP Connection Manager\NomadSvr.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:12:36, on 22/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\BVRP Connection Manager\NomadSvr.exe
C:\WINDOWS\system32\o2flash.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\WLan.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\BVRP Connection Manager\Nomad.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\MSNMES~1\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [WLAN] C:\WINDOWS\system32\WLan.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RegistryMechanic] "C:\Program Files\Registry Mechanic\regmech.exe" /H
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
O4 - HKLM\..\Run: [devenv] C:\WINDOWS\system\smvss.exe /w
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Connection Manager] "C:\Program Files\BVRP Connection Manager\Nomad.exe" /runstart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [Free Upload Manager] "C:\Program Files\Free Download Manager\fum\fum.exe" -autorun
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Connection Manager] "C:\Program Files\BVRP Connection Manager\Nomad.exe" /runstart (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: SynTPEnh.exe.lnk = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: Connection Manager (Nomad) - Unknown owner - C:\Program Files\BVRP Connection Manager\NomadSvr.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
nimrode
Messages postés
31
Date d'inscription
mercredi 16 avril 2008
Statut
Membre
Dernière intervention
22 juillet 2008
22 avril 2008 à 17:14
22 avril 2008 à 17:14
que doit je faire maintenant svp ?
^^Marie^^
Messages postés
113901
Date d'inscription
mardi 6 septembre 2005
Statut
Membre
Dernière intervention
28 août 2020
3 275
23 avril 2008 à 08:17
23 avril 2008 à 08:17
Bonjour
Tu peux relancer ComboFix -- stp
Merci
Tu peux relancer ComboFix -- stp
Merci
nimrode
Messages postés
31
Date d'inscription
mercredi 16 avril 2008
Statut
Membre
Dernière intervention
22 juillet 2008
26 avril 2008 à 01:26
26 avril 2008 à 01:26
voila j'ai relancé une deuxieme fois voici le log
ComboFix 08-04-17.1 - Nimrod 2008-04-24 3:40:32.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.549 [GMT 2:00]
Endroit: C:\Documents and Settings\Nimrod\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-24 to 2008-04-24 ))))))))))))))))))))))))))))))))))))
.
2008-04-18 19:47 . 2008-04-18 19:48 <REP> d-------- C:\HijackThis
2008-04-18 19:46 . 2007-06-28 14:36 401,720 --a------ C:\HijackThis.exe
2008-04-18 00:59 . 2008-04-23 18:47 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-18 00:59 . 2008-04-18 00:59 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-16 14:53 . 2008-04-16 14:53 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Ipswitch
2008-04-16 14:52 . 2008-04-16 14:52 <REP> d-------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-04-16 14:52 . 2008-04-16 14:54 <REP> d---s---- C:\Documents and Settings\Administrateur\Favoris
2008-04-16 14:52 . 2008-04-16 14:52 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-04-16 14:50 . 2008-04-18 01:48 437 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2008-04-16 14:40 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-16 14:40 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-16 14:40 . 2008-04-14 19:28 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-16 14:40 . 2008-04-12 13:49 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-16 14:40 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-16 14:40 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-16 14:40 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-16 14:40 . 2008-04-18 03:12 3,604 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-16 14:38 . 2008-04-16 14:38 <REP> d-------- C:\Program Files\Sunbelt Software
2008-04-16 02:36 . 2008-04-16 03:37 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-04-16 02:35 . 2008-04-16 02:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-16 02:31 . 2008-03-29 19:23 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-04-16 02:31 . 2008-03-29 19:35 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-04-16 02:31 . 2008-01-17 17:34 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-04-16 02:31 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-16 02:31 . 2008-03-29 19:27 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-04-16 02:31 . 2008-03-29 19:26 26,944 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-04-16 02:31 . 2008-03-29 19:29 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-04-16 02:31 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-04-16 02:30 . 2008-03-29 19:45 1,146,232 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-04-16 00:22 . 2008-04-16 00:22 <REP> d-------- C:\Program Files\Yahoo!
2008-04-16 00:22 . 2008-04-16 00:22 <REP> d-------- C:\Program Files\CCleaner
2008-04-15 23:23 . 2008-04-15 23:23 <REP> d-------- C:\Program Files\ma-config.com
2008-04-15 23:23 . 2008-04-15 23:23 <REP> d-------- C:\Documents and Settings\Nimrod\Application Data\ma-config.com
2008-04-14 20:13 . 2008-04-15 23:00 <REP> d-------- C:\Program Files\DVDFab Platinum
2008-04-14 20:11 . 2008-04-14 20:18 <REP> d-------- C:\Program Files\Ripp-it_AM
2008-04-14 20:11 . 2008-04-14 20:12 <REP> d-------- C:\Program Files\Ripp-It Codec Pack
2008-04-14 20:11 . 2008-04-14 20:11 <REP> d-------- C:\Program Files\MKVToolnix
2008-04-14 20:10 . 2008-04-14 20:10 <REP> d-------- C:\Program Files\RIAM Video Enhancer
2008-04-14 19:12 . 2008-04-14 20:03 <REP> d-------- C:\Program Files\Fichiers communs\AVSMedia
2008-04-14 19:12 . 2003-05-22 13:26 638,976 --a------ C:\WINDOWS\system32\divx.dll
2008-04-14 19:12 . 2003-05-22 00:50 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2008-04-14 19:12 . 2003-05-22 13:26 221,215 --a------ C:\WINDOWS\system32\divxdec.ax
2008-04-14 19:12 . 2003-05-22 00:50 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2008-04-14 19:12 . 2003-05-22 00:50 82,944 --a------ C:\WINDOWS\system32\vct3216.acm
2008-04-14 19:12 . 2004-02-04 22:11 81,920 --a------ C:\WINDOWS\system32\AC3ACM.acm
2008-04-14 19:12 . 2003-05-22 00:50 38,912 --a------ C:\WINDOWS\system32\alf2cd.acm
2008-04-14 19:12 . 2008-04-14 19:12 33,920 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2008-04-14 19:12 . 2000-03-14 21:55 13,239 --a------ C:\WINDOWS\system32\Scg726.acm
2008-04-13 19:17 . 2008-04-14 19:09 <REP> d-------- C:\Program Files\Free Video Converter
2008-04-03 01:30 . 2008-04-03 01:30 <REP> d-------- C:\Documents and Settings\Nimrod\Application Data\vlc
2008-04-03 01:27 . 2008-04-03 01:27 <REP> d-------- C:\Program Files\VideoLAN
2008-04-02 12:38 . 2008-04-08 22:10 <REP> d-------- C:\Documents and Settings\Nimrod\Application Data\MozillaControl
2008-04-02 12:37 . 2008-04-02 12:37 <REP> d-------- C:\Program Files\Mozilla ActiveX Control v1.7.12
2008-04-02 12:15 . 2008-04-02 12:15 <REP> d-------- C:\Program Files\NuxBox
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-24 01:46 --------- d-----w C:\Documents and Settings\Nimrod\Application Data\Free Download Manager
2008-04-23 14:00 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-04-23 14:00 --------- d-----w C:\Documents and Settings\Nimrod\Application Data\Corel
2008-04-23 10:54 --------- d-----r C:\Program Files\eMule
2008-04-18 13:37 --------- d-----w C:\Program Files\Trend Micro
2008-04-18 12:32 --------- d-----w C:\Program Files\Hijackthis Version Française
2008-04-15 23:33 --------- d-----w C:\Program Files\Free Download Manager
2008-04-15 23:16 102,400 ----a-w C:\WINDOWS\DUMP36de.tmp
2008-04-15 21:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-15 21:00 --------- d-----w C:\Program Files\AviSynth 2.5
2008-04-15 16:52 --------- d-----w C:\Documents and Settings\Nimrod\Application Data\LimeWire
2008-04-14 18:07 --------- d-----w C:\Documents and Settings\Nimrod\Application Data\My Games
2008-03-19 09:34 --------- d-----w C:\Documents and Settings\Nimrod\Application Data\U3
2008-03-18 21:17 --------- d-----w C:\Program Files\MECAFLUX
2008-03-09 14:56 --------- d-----w C:\Program Files\EA GAMES
2008-03-07 22:18 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-03-07 20:03 --------- d-----w C:\Program Files\THQ
2008-03-07 20:02 --------- d-----w C:\Program Files\Nvu
2008-03-07 20:02 --------- d-----w C:\Program Files\Navman
2008-03-07 20:02 --------- d-----w C:\Program Files\Anno 1701
2008-03-07 20:02 --------- d-----w C:\Program Files\AIM6
2008-03-07 20:02 --------- d-----w C:\Documents and Settings\Nimrod\Application Data\acccore
2008-03-07 20:01 --------- d-----w C:\Program Files\Dynamic Toolbar
2008-03-04 23:19 --------- d-----w C:\Program Files\pspvideo9
2008-03-04 22:40 --------- d-----w C:\Program Files\VideoraiPodConverter
2008-03-04 22:39 --------- d-----w C:\Program Files\BitComet
2008-03-04 10:11 --------- d-----w C:\Program Files\Chaos Shredder2.3FR
2008-02-15 21:46 65,024 ----a-w C:\WINDOWS\IFinst26.exe
2008-02-11 07:39 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll
2008-02-11 07:39 237,568 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll
2008-02-08 11:53 110,592 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll
2008-02-05 06:48 77,824 ----a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe
2008-02-01 07:40 40,960 ----a-w C:\WINDOWS\system32\MAMACExtract.dll
2008-02-01 07:40 110,592 ----a-w C:\WINDOWS\system32\TG_DUMP0708.DLL
2008-01-26 00:00 128 --sha-w C:\Program Files\desktop.ini
2008-01-19 01:07 22,328 ----a-w C:\Documents and Settings\Nimrod\Application Data\PnkBstrK.sys
2006-05-28 14:45 115,459 --sha-r C:\Program Files\andame.zip
2006-05-28 14:45 115,459 --sha-r C:\Program Files\andame.tde
2006-05-28 14:05 221,099 --sha-r C:\Program Files\serial.tde
2007-07-14 00:43 37,664 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-07-14 00:43 9,504 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
.
((((((((((((((((((((((((((((( snapshot@2008-04-22_ 4.22.40.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-22 02:11:37 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-23 13:23:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-19 00:05 630784]
"Connection Manager"="C:\Program Files\BVRP Connection Manager\Nomad.exe" [2006-02-16 16:01 86016]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2007-12-16 21:39 2449455]
"Free Upload Manager"="C:\Program Files\Free Download Manager\fum\fum.exe" [2007-07-29 20:13 253952]
"Free Uploader Oe Integration"="C:\Program Files\Free Download Manager\FUM\fumoei.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WLAN"="C:\WINDOWS\system32\WLan.exe" [2005-11-25 08:52 221184]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-19 15:52 15797248 C:\WINDOWS\RTHDCPL.exe]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 13:48 127118]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43 45056]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 07:55 61440]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 14:46 28160 C:\WINDOWS\KHALMNPR.Exe]
"RegistryMechanic"="C:\Program Files\Registry Mechanic\regmech.exe" [2007-08-20 12:58 2483496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-01-25 01:58 185896]
"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 09:23 132624]
"PSPVideo9"="C:\Program Files\pspvideo9\pspVideo9.exe" [2005-10-30 02:56 606208]
"devenv"="C:\WINDOWS\system\smvss.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
"Connection Manager"="C:\Program Files\BVRP Connection Manager\Nomad.exe" [2006-02-16 16:01 86016]
C:\Documents and Settings\Nimrod\Menu D‚marrer\Programmes\D‚marrage\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 630784]
SynTPEnh.exe.lnk - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-03-10 18:43:30 688218]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 17:51 192512]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\APPS\\Inventime\\my.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\WINDOWS\\system32\\muzapp.exe"=
R0 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\DRIVERS\o2media.sys [2006-02-27 15:00]
R0 O2SDRDR;O2SDRDR;C:\WINDOWS\system32\DRIVERS\o2sd.sys [2006-02-20 16:01]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-03-16 09:56]
R1 kioport;kioport Library Driver;C:\WINDOWS\system32\drivers\kioport.sys [2005-04-29 14:02]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2008-04-14 19:12]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 BVRPNDIS;BVRPNDIS Protocol Driver U/I;C:\Program Files\BVRP Connection Manager\BVRPNDIS.SYS [2004-06-02 17:56]
R2 Nomad;Connection Manager;"C:\Program Files\BVRP Connection Manager\NomadSvr.exe" [2005-12-15 12:58]
R3 CIR;Hid Device;C:\WINDOWS\system32\DRIVERS\CIR.sys [2005-09-30 11:37]
R3 kbd;Keyboard;C:\WINDOWS\system32\DRIVERS\kbd.sys [2005-09-30 11:36]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2006-02-14 23:18]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2006-11-15 21:55]
S3 BW2NDIS5;BW2NDIS5;C:\WINDOWS\system32\Drivers\BW2NDIS5.sys []
S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows []
S3 Navcar;Navman In-car Navigator USB Driver Service;C:\WINDOWS\system32\DRIVERS\Navcar.sys [2006-09-18 14:48]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS []
S3 PVUSB;CESG502 USB Driver;C:\WINDOWS\system32\DRIVERS\CESG502.sys [2007-09-28 00:17]
S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2004-09-17 16:04]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2004-09-17 16:05]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2004-09-17 16:05]
S4 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-03-16 09:56]
*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-23 17:30:00 C:\WINDOWS\Tasks\Extension de garantie.job"
- C:\APPS\SMP\PBCARNOT.EXE
"2008-04-23 17:30:02 C:\WINDOWS\Tasks\Master CD_DVD Creator.job"
- C:\Apps\SMP\MCDCHECK.EXE
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-24 03:45:49
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSControlService]
"ImagePath"="C:\WINDOWS\system32\windows"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySqlInventime]
"ImagePath"="c:\mysql\bin\mysqld-max-nt MySqlInventime"
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
.
Temps d'accomplissement: 2008-04-24 3:48:34
ComboFix-quarantined-files.txt 2008-04-24 01:48:20
ComboFix2.txt 2008-04-22 02:23:43
Pre-Run: 9,988,296,704 octets libres
Post-Run: 9,975,164,928 octets libres
.
2008-04-16 00:17:50 --- E O F ---
ComboFix 08-04-17.1 - Nimrod 2008-04-24 3:40:32.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.549 [GMT 2:00]
Endroit: C:\Documents and Settings\Nimrod\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-24 to 2008-04-24 ))))))))))))))))))))))))))))))))))))
.
2008-04-18 19:47 . 2008-04-18 19:48 <REP> d-------- C:\HijackThis
2008-04-18 19:46 . 2007-06-28 14:36 401,720 --a------ C:\HijackThis.exe
2008-04-18 00:59 . 2008-04-23 18:47 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-18 00:59 . 2008-04-18 00:59 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-16 14:53 . 2008-04-16 14:53 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Ipswitch
2008-04-16 14:52 . 2008-04-16 14:52 <REP> d-------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-04-16 14:52 . 2008-04-16 14:54 <REP> d---s---- C:\Documents and Settings\Administrateur\Favoris
2008-04-16 14:52 . 2008-04-16 14:52 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-04-16 14:50 . 2008-04-18 01:48 437 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2008-04-16 14:40 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-16 14:40 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-16 14:40 . 2008-04-14 19:28 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-16 14:40 . 2008-04-12 13:49 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-16 14:40 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-16 14:40 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-16 14:40 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-16 14:40 . 2008-04-18 03:12 3,604 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-16 14:38 . 2008-04-16 14:38 <REP> d-------- C:\Program Files\Sunbelt Software
2008-04-16 02:36 . 2008-04-16 03:37 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-04-16 02:35 . 2008-04-16 02:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-16 02:31 . 2008-03-29 19:23 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-04-16 02:31 . 2008-03-29 19:35 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-04-16 02:31 . 2008-01-17 17:34 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-04-16 02:31 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-16 02:31 . 2008-03-29 19:27 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-04-16 02:31 . 2008-03-29 19:26 26,944 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-04-16 02:31 . 2008-03-29 19:29 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-04-16 02:31 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-04-16 02:30 . 2008-03-29 19:45 1,146,232 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-04-16 00:22 . 2008-04-16 00:22 <REP> d-------- C:\Program Files\Yahoo!
2008-04-16 00:22 . 2008-04-16 00:22 <REP> d-------- C:\Program Files\CCleaner
2008-04-15 23:23 . 2008-04-15 23:23 <REP> d-------- C:\Program Files\ma-config.com
2008-04-15 23:23 . 2008-04-15 23:23 <REP> d-------- C:\Documents and Settings\Nimrod\Application Data\ma-config.com
2008-04-14 20:13 . 2008-04-15 23:00 <REP> d-------- C:\Program Files\DVDFab Platinum
2008-04-14 20:11 . 2008-04-14 20:18 <REP> d-------- C:\Program Files\Ripp-it_AM
2008-04-14 20:11 . 2008-04-14 20:12 <REP> d-------- C:\Program Files\Ripp-It Codec Pack
2008-04-14 20:11 . 2008-04-14 20:11 <REP> d-------- C:\Program Files\MKVToolnix
2008-04-14 20:10 . 2008-04-14 20:10 <REP> d-------- C:\Program Files\RIAM Video Enhancer
2008-04-14 19:12 . 2008-04-14 20:03 <REP> d-------- C:\Program Files\Fichiers communs\AVSMedia
2008-04-14 19:12 . 2003-05-22 13:26 638,976 --a------ C:\WINDOWS\system32\divx.dll
2008-04-14 19:12 . 2003-05-22 00:50 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2008-04-14 19:12 . 2003-05-22 13:26 221,215 --a------ C:\WINDOWS\system32\divxdec.ax
2008-04-14 19:12 . 2003-05-22 00:50 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2008-04-14 19:12 . 2003-05-22 00:50 82,944 --a------ C:\WINDOWS\system32\vct3216.acm
2008-04-14 19:12 . 2004-02-04 22:11 81,920 --a------ C:\WINDOWS\system32\AC3ACM.acm
2008-04-14 19:12 . 2003-05-22 00:50 38,912 --a------ C:\WINDOWS\system32\alf2cd.acm
2008-04-14 19:12 . 2008-04-14 19:12 33,920 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2008-04-14 19:12 . 2000-03-14 21:55 13,239 --a------ C:\WINDOWS\system32\Scg726.acm
2008-04-13 19:17 . 2008-04-14 19:09 <REP> d-------- C:\Program Files\Free Video Converter
2008-04-03 01:30 . 2008-04-03 01:30 <REP> d-------- C:\Documents and Settings\Nimrod\Application Data\vlc
2008-04-03 01:27 . 2008-04-03 01:27 <REP> d-------- C:\Program Files\VideoLAN
2008-04-02 12:38 . 2008-04-08 22:10 <REP> d-------- C:\Documents and Settings\Nimrod\Application Data\MozillaControl
2008-04-02 12:37 . 2008-04-02 12:37 <REP> d-------- C:\Program Files\Mozilla ActiveX Control v1.7.12
2008-04-02 12:15 . 2008-04-02 12:15 <REP> d-------- C:\Program Files\NuxBox
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-24 01:46 --------- d-----w C:\Documents and Settings\Nimrod\Application Data\Free Download Manager
2008-04-23 14:00 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-04-23 14:00 --------- d-----w C:\Documents and Settings\Nimrod\Application Data\Corel
2008-04-23 10:54 --------- d-----r C:\Program Files\eMule
2008-04-18 13:37 --------- d-----w C:\Program Files\Trend Micro
2008-04-18 12:32 --------- d-----w C:\Program Files\Hijackthis Version Française
2008-04-15 23:33 --------- d-----w C:\Program Files\Free Download Manager
2008-04-15 23:16 102,400 ----a-w C:\WINDOWS\DUMP36de.tmp
2008-04-15 21:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-15 21:00 --------- d-----w C:\Program Files\AviSynth 2.5
2008-04-15 16:52 --------- d-----w C:\Documents and Settings\Nimrod\Application Data\LimeWire
2008-04-14 18:07 --------- d-----w C:\Documents and Settings\Nimrod\Application Data\My Games
2008-03-19 09:34 --------- d-----w C:\Documents and Settings\Nimrod\Application Data\U3
2008-03-18 21:17 --------- d-----w C:\Program Files\MECAFLUX
2008-03-09 14:56 --------- d-----w C:\Program Files\EA GAMES
2008-03-07 22:18 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-03-07 20:03 --------- d-----w C:\Program Files\THQ
2008-03-07 20:02 --------- d-----w C:\Program Files\Nvu
2008-03-07 20:02 --------- d-----w C:\Program Files\Navman
2008-03-07 20:02 --------- d-----w C:\Program Files\Anno 1701
2008-03-07 20:02 --------- d-----w C:\Program Files\AIM6
2008-03-07 20:02 --------- d-----w C:\Documents and Settings\Nimrod\Application Data\acccore
2008-03-07 20:01 --------- d-----w C:\Program Files\Dynamic Toolbar
2008-03-04 23:19 --------- d-----w C:\Program Files\pspvideo9
2008-03-04 22:40 --------- d-----w C:\Program Files\VideoraiPodConverter
2008-03-04 22:39 --------- d-----w C:\Program Files\BitComet
2008-03-04 10:11 --------- d-----w C:\Program Files\Chaos Shredder2.3FR
2008-02-15 21:46 65,024 ----a-w C:\WINDOWS\IFinst26.exe
2008-02-11 07:39 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll
2008-02-11 07:39 237,568 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll
2008-02-08 11:53 110,592 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll
2008-02-05 06:48 77,824 ----a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe
2008-02-01 07:40 40,960 ----a-w C:\WINDOWS\system32\MAMACExtract.dll
2008-02-01 07:40 110,592 ----a-w C:\WINDOWS\system32\TG_DUMP0708.DLL
2008-01-26 00:00 128 --sha-w C:\Program Files\desktop.ini
2008-01-19 01:07 22,328 ----a-w C:\Documents and Settings\Nimrod\Application Data\PnkBstrK.sys
2006-05-28 14:45 115,459 --sha-r C:\Program Files\andame.zip
2006-05-28 14:45 115,459 --sha-r C:\Program Files\andame.tde
2006-05-28 14:05 221,099 --sha-r C:\Program Files\serial.tde
2007-07-14 00:43 37,664 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-07-14 00:43 9,504 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
.
((((((((((((((((((((((((((((( snapshot@2008-04-22_ 4.22.40.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-22 02:11:37 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-23 13:23:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-19 00:05 630784]
"Connection Manager"="C:\Program Files\BVRP Connection Manager\Nomad.exe" [2006-02-16 16:01 86016]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2007-12-16 21:39 2449455]
"Free Upload Manager"="C:\Program Files\Free Download Manager\fum\fum.exe" [2007-07-29 20:13 253952]
"Free Uploader Oe Integration"="C:\Program Files\Free Download Manager\FUM\fumoei.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WLAN"="C:\WINDOWS\system32\WLan.exe" [2005-11-25 08:52 221184]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-19 15:52 15797248 C:\WINDOWS\RTHDCPL.exe]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 13:48 127118]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43 45056]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 07:55 61440]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 14:46 28160 C:\WINDOWS\KHALMNPR.Exe]
"RegistryMechanic"="C:\Program Files\Registry Mechanic\regmech.exe" [2007-08-20 12:58 2483496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-01-25 01:58 185896]
"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 09:23 132624]
"PSPVideo9"="C:\Program Files\pspvideo9\pspVideo9.exe" [2005-10-30 02:56 606208]
"devenv"="C:\WINDOWS\system\smvss.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
"Connection Manager"="C:\Program Files\BVRP Connection Manager\Nomad.exe" [2006-02-16 16:01 86016]
C:\Documents and Settings\Nimrod\Menu D‚marrer\Programmes\D‚marrage\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 630784]
SynTPEnh.exe.lnk - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-03-10 18:43:30 688218]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 17:51 192512]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\APPS\\Inventime\\my.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\WINDOWS\\system32\\muzapp.exe"=
R0 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\DRIVERS\o2media.sys [2006-02-27 15:00]
R0 O2SDRDR;O2SDRDR;C:\WINDOWS\system32\DRIVERS\o2sd.sys [2006-02-20 16:01]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-03-16 09:56]
R1 kioport;kioport Library Driver;C:\WINDOWS\system32\drivers\kioport.sys [2005-04-29 14:02]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2008-04-14 19:12]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 BVRPNDIS;BVRPNDIS Protocol Driver U/I;C:\Program Files\BVRP Connection Manager\BVRPNDIS.SYS [2004-06-02 17:56]
R2 Nomad;Connection Manager;"C:\Program Files\BVRP Connection Manager\NomadSvr.exe" [2005-12-15 12:58]
R3 CIR;Hid Device;C:\WINDOWS\system32\DRIVERS\CIR.sys [2005-09-30 11:37]
R3 kbd;Keyboard;C:\WINDOWS\system32\DRIVERS\kbd.sys [2005-09-30 11:36]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2006-02-14 23:18]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2006-11-15 21:55]
S3 BW2NDIS5;BW2NDIS5;C:\WINDOWS\system32\Drivers\BW2NDIS5.sys []
S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows []
S3 Navcar;Navman In-car Navigator USB Driver Service;C:\WINDOWS\system32\DRIVERS\Navcar.sys [2006-09-18 14:48]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS []
S3 PVUSB;CESG502 USB Driver;C:\WINDOWS\system32\DRIVERS\CESG502.sys [2007-09-28 00:17]
S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2004-09-17 16:04]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2004-09-17 16:05]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2004-09-17 16:05]
S4 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-03-16 09:56]
*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-23 17:30:00 C:\WINDOWS\Tasks\Extension de garantie.job"
- C:\APPS\SMP\PBCARNOT.EXE
"2008-04-23 17:30:02 C:\WINDOWS\Tasks\Master CD_DVD Creator.job"
- C:\Apps\SMP\MCDCHECK.EXE
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-24 03:45:49
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSControlService]
"ImagePath"="C:\WINDOWS\system32\windows"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySqlInventime]
"ImagePath"="c:\mysql\bin\mysqld-max-nt MySqlInventime"
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
.
Temps d'accomplissement: 2008-04-24 3:48:34
ComboFix-quarantined-files.txt 2008-04-24 01:48:20
ComboFix2.txt 2008-04-22 02:23:43
Pre-Run: 9,988,296,704 octets libres
Post-Run: 9,975,164,928 octets libres
.
2008-04-16 00:17:50 --- E O F ---
^^Marie^^
Messages postés
113901
Date d'inscription
mardi 6 septembre 2005
Statut
Membre
Dernière intervention
28 août 2020
3 275
26 avril 2008 à 12:42
26 avril 2008 à 12:42
Salut
Refais un log hijackthis
Je repasse dès que je peux
A++
Refais un log hijackthis
Je repasse dès que je peux
A++
nimrode
Messages postés
31
Date d'inscription
mercredi 16 avril 2008
Statut
Membre
Dernière intervention
22 juillet 2008
29 avril 2008 à 02:26
29 avril 2008 à 02:26
Marie j'ai posté le log
Utilisateur anonyme
26 avril 2008 à 12:55
26 avril 2008 à 12:55
Bonjour TLM,
Juste en passant :
Si tu as utilisé un crack alors il faut que tu supprimes les programmes crackés que tu as car sinon vous risquez de tourner en rond....
Je m'explique : à chaque fois que tu lances le programme cracké en question l'infection revient. Alors si ce programme se lance automatiquement au démarrage windows, à chaque fois que tu relances ton PC la crasse réapparait.
PS : Relance le moins possible ton PC (chaque reboot => favorise l'infection)
Merci,
Bizz Marie.
;)
Juste en passant :
Si tu as utilisé un crack alors il faut que tu supprimes les programmes crackés que tu as car sinon vous risquez de tourner en rond....
Je m'explique : à chaque fois que tu lances le programme cracké en question l'infection revient. Alors si ce programme se lance automatiquement au démarrage windows, à chaque fois que tu relances ton PC la crasse réapparait.
PS : Relance le moins possible ton PC (chaque reboot => favorise l'infection)
Merci,
Bizz Marie.
;)
nimrode
Messages postés
31
Date d'inscription
mercredi 16 avril 2008
Statut
Membre
Dernière intervention
22 juillet 2008
27 avril 2008 à 02:09
27 avril 2008 à 02:09
merci je sais pas si un fichier a ete craké
par contre depuis que marie m'aide le pc va mieux il reste plus qu'une fenetre erreur de l'explorer.exe qui s'affiche je clic ne pas envoyé puis il se reinitialise directement puis une autre truc qui trouve pas au demarage
par contre depuis que marie m'aide le pc va mieux il reste plus qu'une fenetre erreur de l'explorer.exe qui s'affiche je clic ne pas envoyé puis il se reinitialise directement puis une autre truc qui trouve pas au demarage
nimrode
Messages postés
31
Date d'inscription
mercredi 16 avril 2008
Statut
Membre
Dernière intervention
22 juillet 2008
27 avril 2008 à 02:11
27 avril 2008 à 02:11
voila le log hijackthis, merci pour tout
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:10:16, on 27/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\BVRP Connection Manager\NomadSvr.exe
C:\WINDOWS\system32\o2flash.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WLan.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\BVRP Connection Manager\Nomad.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Free Download Manager\fum\fum.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\explorer.exe
C:\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [WLAN] C:\WINDOWS\system32\WLan.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RegistryMechanic] "C:\Program Files\Registry Mechanic\regmech.exe" /H
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
O4 - HKLM\..\Run: [devenv] C:\WINDOWS\system\smvss.exe /w
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Connection Manager] "C:\Program Files\BVRP Connection Manager\Nomad.exe" /runstart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [Free Upload Manager] "C:\Program Files\Free Download Manager\fum\fum.exe" -autorun
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Connection Manager] "C:\Program Files\BVRP Connection Manager\Nomad.exe" /runstart (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: SynTPEnh.exe.lnk = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: Connection Manager (Nomad) - Unknown owner - C:\Program Files\BVRP Connection Manager\NomadSvr.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:10:16, on 27/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\BVRP Connection Manager\NomadSvr.exe
C:\WINDOWS\system32\o2flash.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WLan.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\BVRP Connection Manager\Nomad.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Free Download Manager\fum\fum.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\explorer.exe
C:\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [WLAN] C:\WINDOWS\system32\WLan.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RegistryMechanic] "C:\Program Files\Registry Mechanic\regmech.exe" /H
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
O4 - HKLM\..\Run: [devenv] C:\WINDOWS\system\smvss.exe /w
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Connection Manager] "C:\Program Files\BVRP Connection Manager\Nomad.exe" /runstart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [Free Upload Manager] "C:\Program Files\Free Download Manager\fum\fum.exe" -autorun
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Connection Manager] "C:\Program Files\BVRP Connection Manager\Nomad.exe" /runstart (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: SynTPEnh.exe.lnk = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: Connection Manager (Nomad) - Unknown owner - C:\Program Files\BVRP Connection Manager\NomadSvr.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
nimrode
Messages postés
31
Date d'inscription
mercredi 16 avril 2008
Statut
Membre
Dernière intervention
22 juillet 2008
27 avril 2008 à 19:41
27 avril 2008 à 19:41
que dois je faire maintenant?
jean_louis_57
Messages postés
1353
Date d'inscription
dimanche 13 avril 2008
Statut
Membre
Dernière intervention
12 février 2020
81
29 avril 2008 à 06:13
29 avril 2008 à 06:13
bonjour
si tu la pas viré ton virus
essaie la méthode classic
un anti virus la scanne direct en ligne
http://www.commentcamarche.net/faq/sujet 8963 antivirus gratuit sur cle usb
http://www.zebulon.fr/outils/antivirus/antivirus-en-ligne.php
http://www.secuser.com/outils/antivirus.htm
https://www.trendmicro.com/en_us/forHome/products/housecall.html
et celui la tu fouille un peu tu en a plusieurs
https://triplinetours.com/
a+ dit moi si tu as réussie
si tu la pas viré ton virus
essaie la méthode classic
un anti virus la scanne direct en ligne
http://www.commentcamarche.net/faq/sujet 8963 antivirus gratuit sur cle usb
http://www.zebulon.fr/outils/antivirus/antivirus-en-ligne.php
http://www.secuser.com/outils/antivirus.htm
https://www.trendmicro.com/en_us/forHome/products/housecall.html
et celui la tu fouille un peu tu en a plusieurs
https://triplinetours.com/
a+ dit moi si tu as réussie
nimrode
Messages postés
31
Date d'inscription
mercredi 16 avril 2008
Statut
Membre
Dernière intervention
22 juillet 2008
30 avril 2008 à 02:10
30 avril 2008 à 02:10
ils ont bien trouvé 2virus mais apparemment ils ne les ont pas enlevés puisque le probleme de l'explorer persiste
Powax
Messages postés
544
Date d'inscription
jeudi 31 janvier 2008
Statut
Membre
Dernière intervention
17 avril 2009
92
30 avril 2008 à 10:51
30 avril 2008 à 10:51
Bonjour,
il aurait fallu poster le rapport ;o)
* Fais une analyse BitDefender à partir d'IE: https://www.bitdefender.fr/
(bouton "BitDefender scan online" dans la colonne de gauche)
* Poste le rapport stp
il aurait fallu poster le rapport ;o)
* Fais une analyse BitDefender à partir d'IE: https://www.bitdefender.fr/
(bouton "BitDefender scan online" dans la colonne de gauche)
* Poste le rapport stp
nimrode
Messages postés
31
Date d'inscription
mercredi 16 avril 2008
Statut
Membre
Dernière intervention
22 juillet 2008
1 mai 2008 à 15:58
1 mai 2008 à 15:58
BitDefender Online Scanner
Rapport d'analyse généré à: Thu, May 01, 2008 - 03:20:09
Voie d'analyse: C:\;D:\;E:\;
Statistiques
Temps
00:55:12
Fichiers
311332
Directoires
22001
Secteurs de boot
3
Archives
1425
Paquets programmes
42362
Résultats
Virus identifiés
12
Fichiers infectés
30
Fichiers suspects
0
Avertissements
0
Désinfectés
0
Fichiers effacés
30
Info sur les moteurs
Définition virus
1187915
Version des moteurs
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Analyse des plugins
16
Archive des plugins
42
Unpack des plugins
7
E-mail plugins
6
Système plugins
5
Paramètres d'analyse
Première action
Désinfecté
Seconde Action
Supprimé
Heuristique
Oui
Acceptez les avertissements
Oui
Extensions analysées
exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;
Excludez les extensions
Analyse d'emails
Oui
Analyse des Archives
Oui
Analyser paquets programmes
Oui
Analyse des fichiers
Oui
Analyse de boot
Oui
Fichier analysé
Statut
C:\Program Files\Ripp-It Codec Pack\codecs\DivXPro505GAINBundle.exe=>(VISE Installer s)=>Gain_Trickler.exe
Détecté avec: Adware.Gator.C
C:\Program Files\Ripp-It Codec Pack\codecs\DivXPro505GAINBundle.exe=>(VISE Installer s)=>Gain_Trickler.exe
Supprimé
C:\Program Files\Ripp-It Codec Pack\codecs\DivXPro505GAINBundle.exe=>(VISE Installer s)
Echec de la mise à jour
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP200\A0078354.exe
Infecté par: BehavesLike:Win32.ExplorerHijack
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP200\A0078354.exe
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP200\A0078354.exe
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP200\A0078355.exe
Infecté par: Win32.Bagle.SVI
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP200\A0078355.exe
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP200\A0078355.exe
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP200\A0078356.dll
Infecté par: Backdoor.Bifrose.KT
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP200\A0078356.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP200\A0078357.exe
Infecté par: Trojan.Spy.Perfloger.AB
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP200\A0078357.exe
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP200\A0078358.dll
Détecté avec: Application.Perflogger.CB
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP200\A0078358.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP200\A0078358.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP202\A0079381.exe
Infecté par: Win32.Bagle.SVN
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP202\A0079381.exe
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP202\A0079382.sys
Infecté par: Rootkit.Bagle.F
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP202\A0079382.sys
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP202\A0079394.exe
Infecté par: Win32.Bagle.SVN
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP202\A0079394.exe
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP202\A0079395.sys
Infecté par: Rootkit.Bagle.F
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP202\A0079395.sys
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP202\A0079396.exe
Infecté par: Win32.Bagle.SVN
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP202\A0079396.exe
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP202\A0080393.exe
Infecté par: Win32.Bagle.SVN
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP202\A0080393.exe
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP202\A0080394.sys
Infecté par: Rootkit.Bagle.F
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP202\A0080394.sys
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP203\A0081394.exe
Infecté par: Win32.Bagle.SVN
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP203\A0081394.exe
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP203\A0081395.sys
Infecté par: Rootkit.Bagle.F
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP203\A0081395.sys
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP207\A0081527.exe
Infecté par: Win32.Bagle.SVN
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP207\A0081527.exe
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP207\A0081529.sys
Infecté par: Rootkit.Bagle.F
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP207\A0081529.sys
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP207\A0081540.exe
Infecté par: Win32.Bagle.SVN
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP207\A0081540.exe
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP207\A0081648.exe
Infecté par: Win32.Bagle.SUQ@mm
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP207\A0081648.exe
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP207\A0081649.sys
Infecté par: Rootkit.Bagle.F
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP207\A0081649.sys
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP207\A0081650.exe
Infecté par: Win32.Bagle.SVN
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP207\A0081650.exe
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP207\A0081651.exe
Infecté par: Win32.Bagle.SUQ@mm
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP207\A0081651.exe
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP207\A0081652.exe
Infecté par: Win32.Bagle.SVN
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP207\A0081652.exe
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP207\A0081653.exe
Infecté par: Win32.Bagle.SUQ@mm
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP207\A0081653.exe
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP211\A0081705.exe
Infecté par: MemScan:Trojan.Delf.PBM
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP211\A0081705.exe
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP211\A0081706.exe
Infecté par: Win32.Bagle.SVI
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP211\A0081706.exe
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP211\A0081706.exe
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP211\A0081707.exe
Infecté par: MemScan:Trojan.Delf.PBM
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP211\A0081707.exe
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP211\A0081709.exe
Infecté par: Win32.Bagle.SVL@mm
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP211\A0081709.exe
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP211\A0081710.exe
Infecté par: MemScan:Trojan.Delf.PBM
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP211\A0081710.exe
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP211\A0081719.exe=>(NSIS o)=>lzma_solid_nsis0002
Détecté avec: Adware.Navipromo.BYS
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP211\A0081719.exe=>(NSIS o)=>lzma_solid_nsis0002
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP211\A0081719.exe=>(NSIS o)
Echec de la mise à jour
voila le rapport de bitdefendeur
malgrés les fichiers supprimés. j'ai toujours un probleme avec explorer.exe
Rapport d'analyse généré à: Thu, May 01, 2008 - 03:20:09
Voie d'analyse: C:\;D:\;E:\;
Statistiques
Temps
00:55:12
Fichiers
311332
Directoires
22001
Secteurs de boot
3
Archives
1425
Paquets programmes
42362
Résultats
Virus identifiés
12
Fichiers infectés
30
Fichiers suspects
0
Avertissements
0
Désinfectés
0
Fichiers effacés
30
Info sur les moteurs
Définition virus
1187915
Version des moteurs
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Analyse des plugins
16
Archive des plugins
42
Unpack des plugins
7
E-mail plugins
6
Système plugins
5
Paramètres d'analyse
Première action
Désinfecté
Seconde Action
Supprimé
Heuristique
Oui
Acceptez les avertissements
Oui
Extensions analysées
exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;
Excludez les extensions
Analyse d'emails
Oui
Analyse des Archives
Oui
Analyser paquets programmes
Oui
Analyse des fichiers
Oui
Analyse de boot
Oui
Fichier analysé
Statut
C:\Program Files\Ripp-It Codec Pack\codecs\DivXPro505GAINBundle.exe=>(VISE Installer s)=>Gain_Trickler.exe
Détecté avec: Adware.Gator.C
C:\Program Files\Ripp-It Codec Pack\codecs\DivXPro505GAINBundle.exe=>(VISE Installer s)=>Gain_Trickler.exe
Supprimé
C:\Program Files\Ripp-It Codec Pack\codecs\DivXPro505GAINBundle.exe=>(VISE Installer s)
Echec de la mise à jour
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP200\A0078354.exe
Infecté par: BehavesLike:Win32.ExplorerHijack
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP200\A0078354.exe
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP200\A0078354.exe
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP200\A0078355.exe
Infecté par: Win32.Bagle.SVI
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP200\A0078355.exe
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP200\A0078355.exe
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP200\A0078356.dll
Infecté par: Backdoor.Bifrose.KT
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP200\A0078356.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP200\A0078357.exe
Infecté par: Trojan.Spy.Perfloger.AB
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP200\A0078357.exe
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP200\A0078358.dll
Détecté avec: Application.Perflogger.CB
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP200\A0078358.dll
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP200\A0078358.dll
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP202\A0079381.exe
Infecté par: Win32.Bagle.SVN
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP202\A0079381.exe
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP202\A0079382.sys
Infecté par: Rootkit.Bagle.F
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP202\A0079382.sys
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP202\A0079394.exe
Infecté par: Win32.Bagle.SVN
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP202\A0079394.exe
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP202\A0079395.sys
Infecté par: Rootkit.Bagle.F
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP202\A0079395.sys
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP202\A0079396.exe
Infecté par: Win32.Bagle.SVN
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP202\A0079396.exe
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP202\A0080393.exe
Infecté par: Win32.Bagle.SVN
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP202\A0080393.exe
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP202\A0080394.sys
Infecté par: Rootkit.Bagle.F
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP202\A0080394.sys
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP203\A0081394.exe
Infecté par: Win32.Bagle.SVN
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP203\A0081394.exe
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP203\A0081395.sys
Infecté par: Rootkit.Bagle.F
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP203\A0081395.sys
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP207\A0081527.exe
Infecté par: Win32.Bagle.SVN
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP207\A0081527.exe
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP207\A0081529.sys
Infecté par: Rootkit.Bagle.F
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP207\A0081529.sys
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP207\A0081540.exe
Infecté par: Win32.Bagle.SVN
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP207\A0081540.exe
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP207\A0081648.exe
Infecté par: Win32.Bagle.SUQ@mm
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP207\A0081648.exe
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP207\A0081649.sys
Infecté par: Rootkit.Bagle.F
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP207\A0081649.sys
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP207\A0081650.exe
Infecté par: Win32.Bagle.SVN
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP207\A0081650.exe
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP207\A0081651.exe
Infecté par: Win32.Bagle.SUQ@mm
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP207\A0081651.exe
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP207\A0081652.exe
Infecté par: Win32.Bagle.SVN
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP207\A0081652.exe
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP207\A0081653.exe
Infecté par: Win32.Bagle.SUQ@mm
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP207\A0081653.exe
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP211\A0081705.exe
Infecté par: MemScan:Trojan.Delf.PBM
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP211\A0081705.exe
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP211\A0081706.exe
Infecté par: Win32.Bagle.SVI
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP211\A0081706.exe
Echec de la désinfection
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP211\A0081706.exe
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP211\A0081707.exe
Infecté par: MemScan:Trojan.Delf.PBM
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP211\A0081707.exe
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP211\A0081709.exe
Infecté par: Win32.Bagle.SVL@mm
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP211\A0081709.exe
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP211\A0081710.exe
Infecté par: MemScan:Trojan.Delf.PBM
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP211\A0081710.exe
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP211\A0081719.exe=>(NSIS o)=>lzma_solid_nsis0002
Détecté avec: Adware.Navipromo.BYS
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP211\A0081719.exe=>(NSIS o)=>lzma_solid_nsis0002
Supprimé
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP211\A0081719.exe=>(NSIS o)
Echec de la mise à jour
voila le rapport de bitdefendeur
malgrés les fichiers supprimés. j'ai toujours un probleme avec explorer.exe
jean_louis_57
Messages postés
1353
Date d'inscription
dimanche 13 avril 2008
Statut
Membre
Dernière intervention
12 février 2020
81
3 mai 2008 à 07:40
3 mai 2008 à 07:40
bonjour tu en est ou la nimrode ???
nimrode
Messages postés
31
Date d'inscription
mercredi 16 avril 2008
Statut
Membre
Dernière intervention
22 juillet 2008
3 mai 2008 à 14:29
3 mai 2008 à 14:29
toujours un probleme explorer.exe
quand je navigue puis ferme j'ai un message d'erreur
quand je navigue puis ferme j'ai un message d'erreur
jean_louis_57
Messages postés
1353
Date d'inscription
dimanche 13 avril 2008
Statut
Membre
Dernière intervention
12 février 2020
81
4 mai 2008 à 10:54
4 mai 2008 à 10:54
bonjour
toi aussi ça traine longueur
tu as des virus désinfecte toi
te sert pas de ces trucs ou tu colle des rapports
aprés
sinon a noel tu est encore la avec le même prob
regarde en 37 tu as la réponse
eie les tous vire tes virus et reviens
aller bon dimanche
toi aussi ça traine longueur
tu as des virus désinfecte toi
te sert pas de ces trucs ou tu colle des rapports
aprés
sinon a noel tu est encore la avec le même prob
regarde en 37 tu as la réponse
eie les tous vire tes virus et reviens
aller bon dimanche
nimrode
Messages postés
31
Date d'inscription
mercredi 16 avril 2008
Statut
Membre
Dernière intervention
22 juillet 2008
4 mai 2008 à 19:41
4 mai 2008 à 19:41
le probleme c'est que j'ai tout essayé et j'ai toujours le même problème avec explorer.exe
nimrode
Messages postés
31
Date d'inscription
mercredi 16 avril 2008
Statut
Membre
Dernière intervention
22 juillet 2008
>
nimrode
Messages postés
31
Date d'inscription
mercredi 16 avril 2008
Statut
Membre
Dernière intervention
22 juillet 2008
5 mai 2008 à 20:46
5 mai 2008 à 20:46
plus personne???
jean_louis_57
Messages postés
1353
Date d'inscription
dimanche 13 avril 2008
Statut
Membre
Dernière intervention
12 février 2020
81
6 mai 2008 à 04:45
6 mai 2008 à 04:45
bonjour
alors je te propose
de fermé ton message la
et de copié coller le message du 16 avril
et de le mettre dans le forum windows
a date ou tu lira se message
tu verra bien
cela devrais relancé ton message e
t trouvé la solution qui c'est ????
a+ bonne chance
alors je te propose
de fermé ton message la
et de copié coller le message du 16 avril
et de le mettre dans le forum windows
a date ou tu lira se message
tu verra bien
cela devrais relancé ton message e
t trouvé la solution qui c'est ????
a+ bonne chance
Powax
Messages postés
544
Date d'inscription
jeudi 31 janvier 2008
Statut
Membre
Dernière intervention
17 avril 2009
92
6 mai 2008 à 14:13
6 mai 2008 à 14:13
Bonjour,
rends-toi sur ce site: https://www.virustotal.com/gui/
et envois le fichier: C:\WINDOWS\system\smvss.exe
rends-toi sur ce site: https://www.virustotal.com/gui/
et envois le fichier: C:\WINDOWS\system\smvss.exe
nimrode
Messages postés
31
Date d'inscription
mercredi 16 avril 2008
Statut
Membre
Dernière intervention
22 juillet 2008
14 mai 2008 à 04:02
14 mai 2008 à 04:02
re bonjours j'ai eu des soucis internet
voila j'ai envoyé le fichier (fichier inexistant o byte)
voila j'ai envoyé le fichier (fichier inexistant o byte)
jean_louis_57
Messages postés
1353
Date d'inscription
dimanche 13 avril 2008
Statut
Membre
Dernière intervention
12 février 2020
81
9 mai 2008 à 09:53
9 mai 2008 à 09:53
merci pour l'info a toi