45 réponses
Utilisateur anonyme
29 mai 2008 à 22:54
29 mai 2008 à 22:54
Salut ,
On va arrêter là le massacre.
Seb > Tu es encore infecté.
******************************************
→ Télécharge TrendMicro™ HijackThis™
Place le dans ' C:\programmes\ '
PUIS ,,
→ Télécharge sur ton bureau DSS (ex Comboscan) de Deckard:
(choisis enregistrer, puis Bureau comme emplacement)
Ferme toutes les applications en cours.
→ Double-clic sur DSS.exe pour lancer l'outil.
→ Une fenêtre s'ouvre, invitant à fermer toutes les applications, clique sur OK.
→ A la fin de l'analyse, une fenêtre s'ouvre, clique sur OK.
Le rapport main.txt va s'afficher, copie le dans ta prochaine réponse.
Si un rapport complémentaire a été créé, poste le aussi dans ta réponse.
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
******************************************
Télécharge http://www.suspectfile.com/systemscan/ ( Systemscan )
→ Double clic dessus (ferme ton antivirus le temps du téléchargement s'il te détecte quoi que ce soit et réactive le après)
→ Clique sur Unselect all
Coche uniquement ces cases :
_ Recent Files, 30 days
_ Registry run keys
_ Suspicious files
Puis clique sur scan now, sois patient.
Une fois le scan terminé, un rapport va s'ouvrir, copie et colle son contenu ici et vérifie qu'il soit bien en entier, si besoin crée deux messages.
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
******************************************
Bonne chance
A++
On va arrêter là le massacre.
Seb > Tu es encore infecté.
******************************************
→ Télécharge TrendMicro™ HijackThis™
Place le dans ' C:\programmes\ '
PUIS ,,
→ Télécharge sur ton bureau DSS (ex Comboscan) de Deckard:
(choisis enregistrer, puis Bureau comme emplacement)
Ferme toutes les applications en cours.
→ Double-clic sur DSS.exe pour lancer l'outil.
→ Une fenêtre s'ouvre, invitant à fermer toutes les applications, clique sur OK.
→ A la fin de l'analyse, une fenêtre s'ouvre, clique sur OK.
Le rapport main.txt va s'afficher, copie le dans ta prochaine réponse.
Si un rapport complémentaire a été créé, poste le aussi dans ta réponse.
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
******************************************
Télécharge http://www.suspectfile.com/systemscan/ ( Systemscan )
→ Double clic dessus (ferme ton antivirus le temps du téléchargement s'il te détecte quoi que ce soit et réactive le après)
→ Clique sur Unselect all
Coche uniquement ces cases :
_ Recent Files, 30 days
_ Registry run keys
_ Suspicious files
Puis clique sur scan now, sois patient.
Une fois le scan terminé, un rapport va s'ouvrir, copie et colle son contenu ici et vérifie qu'il soit bien en entier, si besoin crée deux messages.
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
******************************************
Bonne chance
A++
Utilisateur anonyme
28 mai 2008 à 12:18
28 mai 2008 à 12:18
salut seb :
Telecharge malwarebytes
-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Tu l´instale; le programme va se mettre automatiquement a jour.
Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
Telecharge malwarebytes
-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Tu l´instale; le programme va se mettre automatiquement a jour.
Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
Utilisateur anonyme
28 mai 2008 à 12:40
28 mai 2008 à 12:40
ok
voici le rapport
il ya des fichier infecte qu'il n'a pas pu supprime apparament
Malwarebytes' Anti-Malware 1.12
Version de la base de données: 793
Type de recherche: Examen complet (C:\|)
Eléments examinés: 142357
Temps écoulé: 25 minute(s), 1 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 11
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 11
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\cbXPiFxv.dll (Trojan.Vundo) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{522e0112-edd9-413d-a99e-c311a54b6676} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{522e0112-edd9-413d-a99e-c311a54b6676} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbxpifxv (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{b9ab28fa-ed73-4e5e-ba11-0925d85120d1} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\94d4f9f9 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{522e0112-edd9-413d-a99e-c311a54b6676} (Trojan.Vundo) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Documents and Settings\Lucie Mothes\Local Settings\Temporary Internet Files\Content.IE5\87134UKN\css4[3] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP468\A0131286.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blackster.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ctfmona.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ctfmonb.bmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iifeeBSL.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnnOGVm.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXPiFxv.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\geBuVMDT.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUnOGAR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
il ya des fichier infecte qu'il n'a pas pu supprime apparament
Malwarebytes' Anti-Malware 1.12
Version de la base de données: 793
Type de recherche: Examen complet (C:\|)
Eléments examinés: 142357
Temps écoulé: 25 minute(s), 1 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 11
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 11
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\cbXPiFxv.dll (Trojan.Vundo) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{522e0112-edd9-413d-a99e-c311a54b6676} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{522e0112-edd9-413d-a99e-c311a54b6676} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbxpifxv (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{b9ab28fa-ed73-4e5e-ba11-0925d85120d1} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\94d4f9f9 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{522e0112-edd9-413d-a99e-c311a54b6676} (Trojan.Vundo) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Documents and Settings\Lucie Mothes\Local Settings\Temporary Internet Files\Content.IE5\87134UKN\css4[3] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP468\A0131286.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blackster.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ctfmona.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ctfmonb.bmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iifeeBSL.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnnOGVm.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXPiFxv.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\geBuVMDT.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUnOGAR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
VIRUS_KILLER
Messages postés
2032
Date d'inscription
samedi 22 décembre 2007
Statut
Contributeur
Dernière intervention
28 août 2015
68
28 mai 2008 à 12:59
28 mai 2008 à 12:59
Bonjour,pour suivre,,,,,,
Pour ce qui concerne vundo telecharge et installe Vundofix : http://ftpclubic47.clubic.com/...
Ensuite installe le logiciel.
Clique ensuite sur "scan for vundo" et si il trouve des choses tu poura passer a "remove vundo"
Pour ce qui concerne vundo telecharge et installe Vundofix : http://ftpclubic47.clubic.com/...
Ensuite installe le logiciel.
Clique ensuite sur "scan for vundo" et si il trouve des choses tu poura passer a "remove vundo"
sasukedu91
Messages postés
437
Date d'inscription
mercredi 14 mai 2008
Statut
Membre
Dernière intervention
10 décembre 2008
2
28 mai 2008 à 13:15
28 mai 2008 à 13:15
sensei vondo ne trouve pas tout donc apres fait un scan bitdefender sur le guide http://www.malekal.com/tutorial_BitDefender_AntiSpyware.html
VIRUS_KILLER
Messages postés
2032
Date d'inscription
samedi 22 décembre 2007
Statut
Contributeur
Dernière intervention
28 août 2015
68
>
sasukedu91
Messages postés
437
Date d'inscription
mercredi 14 mai 2008
Statut
Membre
Dernière intervention
10 décembre 2008
28 mai 2008 à 13:17
28 mai 2008 à 13:17
Vundo est un outil spécial pour éradiquer les infection de type vundo.
Et rien d'autre!
Et rien d'autre!
sasukedu91
Messages postés
437
Date d'inscription
mercredi 14 mai 2008
Statut
Membre
Dernière intervention
10 décembre 2008
2
>
VIRUS_KILLER
Messages postés
2032
Date d'inscription
samedi 22 décembre 2007
Statut
Contributeur
Dernière intervention
28 août 2015
28 mai 2008 à 13:18
28 mai 2008 à 13:18
ok
mais en se moment il est pas tres en forme on dirai
:-)
mais en se moment il est pas tres en forme on dirai
:-)
VIRUS_KILLER
Messages postés
2032
Date d'inscription
samedi 22 décembre 2007
Statut
Contributeur
Dernière intervention
28 août 2015
68
>
sasukedu91
Messages postés
437
Date d'inscription
mercredi 14 mai 2008
Statut
Membre
Dernière intervention
10 décembre 2008
28 mai 2008 à 13:20
28 mai 2008 à 13:20
de quoi,qu'est ce qui n'est pas en forme?
sasukedu91
Messages postés
437
Date d'inscription
mercredi 14 mai 2008
Statut
Membre
Dernière intervention
10 décembre 2008
2
>
VIRUS_KILLER
Messages postés
2032
Date d'inscription
samedi 22 décembre 2007
Statut
Contributeur
Dernière intervention
28 août 2015
28 mai 2008 à 13:25
28 mai 2008 à 13:25
vundo
j'ai vue dans un forum que cette version est moin efficace que l'ancienne
j'ai vue dans un forum que cette version est moin efficace que l'ancienne
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Utilisateur anonyme
28 mai 2008 à 13:16
28 mai 2008 à 13:16
Redémarre le pc si ça n a pas été fais
réouvre malewarebyte
va sur quarantaine
supprime tout
Télécharge clean.zip, de Malekal
http://www.malekal.com/download/clean.zip
comment l'utiliser
Tuto
http://mickael.barroux.free.fr/securite/clean.php
(1) Dézippe-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.
(2) Ouvre le dossier clean qui se trouve sur ton bureau, et double-clic sur clean.cmd
une fenêtre noire va apparaître pendant un instant, laisse la ouverte.
(3) Choisis l'option 1 puis patiente
Poste le rapport obtenu
pour retrouver le rapport : double clique sur > C > double clique sur " rapport_clean txt.
et copie/colle le sur ta prochaine réponse .
Ne passe pas à l'option 2 sans notre avis !
réouvre malewarebyte
va sur quarantaine
supprime tout
Télécharge clean.zip, de Malekal
http://www.malekal.com/download/clean.zip
comment l'utiliser
Tuto
http://mickael.barroux.free.fr/securite/clean.php
(1) Dézippe-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.
(2) Ouvre le dossier clean qui se trouve sur ton bureau, et double-clic sur clean.cmd
une fenêtre noire va apparaître pendant un instant, laisse la ouverte.
(3) Choisis l'option 1 puis patiente
Poste le rapport obtenu
pour retrouver le rapport : double clique sur > C > double clique sur " rapport_clean txt.
et copie/colle le sur ta prochaine réponse .
Ne passe pas à l'option 2 sans notre avis !
voila le rapport de la fenetre noir
Merci de lire ce qui suit
--------------------------
Veuillez svp envoyer le fichier C:\upload_moi_ELMON.tar.gz a l'adresse
http://upload.malekal.com
Ce fichier peut contenir des fichiers infectieux collectes sur votre ordinateur
Les fichiers mal detectes seront envoyes aux editeurs d'antivirus
Lorsque vous allez appuyer sur une touche, le site d'envoi de fichiers s'ouvira
Cliquez alors sur le bouton parcourir, selectionner le fichier C:\upload_moi_ELM
ON.tar.gz (Poste de travail / Disque C / upload_moi.Zip
Cliquez sur le bouton "Envoyer le fichier"
Merci!
Appuyez sur une touche pour continuer...
je continue
Merci de lire ce qui suit
--------------------------
Veuillez svp envoyer le fichier C:\upload_moi_ELMON.tar.gz a l'adresse
http://upload.malekal.com
Ce fichier peut contenir des fichiers infectieux collectes sur votre ordinateur
Les fichiers mal detectes seront envoyes aux editeurs d'antivirus
Lorsque vous allez appuyer sur une touche, le site d'envoi de fichiers s'ouvira
Cliquez alors sur le bouton parcourir, selectionner le fichier C:\upload_moi_ELM
ON.tar.gz (Poste de travail / Disque C / upload_moi.Zip
Cliquez sur le bouton "Envoyer le fichier"
Merci!
Appuyez sur une touche pour continuer...
je continue
Utilisateur anonyme
28 mai 2008 à 15:18
28 mai 2008 à 15:18
oui continue
voici le rapport clean
28/05/2008 a 15:03:29,60
*** Recherche des fichiers dans C:
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\mcrh.tmp FOUND
C:\WINDOWS\system32\SpoonUninstall.exe FOUND
*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\Viewpoint\" FOUND
*** Fin du rapport !
28/05/2008 a 15:03:29,60
*** Recherche des fichiers dans C:
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\mcrh.tmp FOUND
C:\WINDOWS\system32\SpoonUninstall.exe FOUND
*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\Viewpoint\" FOUND
*** Fin du rapport !
Utilisateur anonyme
28 mai 2008 à 15:24
28 mai 2008 à 15:24
réouvre clean
passe l option 2 et envoi le rapport + un rapport hijackthis fais apres passage de clean option 2
passe l option 2 et envoi le rapport + un rapport hijackthis fais apres passage de clean option 2
voici le nouveau rapport clean
malwarebytes recherche je t'envoie le rapport apres
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 28/05/2008 a 15:28:34,67
Microsoft Windows XP [version 5.1.2600]
*** Suppression des fichiers dans C:
*** Suppression des fichiers dans C:\WINDOWS\
*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\mcrh.tmp
tentative de suppression de C:\WINDOWS\system32\SpoonUninstall.exe
*** Suppression des fichiers dans C:\Program Files
tentative de suppression de "C:\Program Files\Viewpoint\"
*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
malwarebytes recherche je t'envoie le rapport apres
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 28/05/2008 a 15:28:34,67
Microsoft Windows XP [version 5.1.2600]
*** Suppression des fichiers dans C:
*** Suppression des fichiers dans C:\WINDOWS\
*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\mcrh.tmp
tentative de suppression de C:\WINDOWS\system32\SpoonUninstall.exe
*** Suppression des fichiers dans C:\Program Files
tentative de suppression de "C:\Program Files\Viewpoint\"
*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
voila le rapport je n'avait pas compris pardon
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:57:14, on 28/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\dnetc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\DOCUME~1\SEBELM~1\LOCALS~1\Temp\Répertoire temporaire 2 pour HiJackThis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fmsger%2ftabs%2f_pictos%2fcoca%2fPictoCoke02.png%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {29AB2B5B-392D-45C9-B323-CF4F65B07E7F} - C:\WINDOWS\system32\mlJDttuv.dll (file missing)
O2 - BHO: (no name) - {43FFFA70-B75A-4EDE-9B27-380F4B61B200} - C:\WINDOWS\system32\qoMghFvw.dll (file missing)
O2 - BHO: (no name) - {4AA5DEF4-A3F5-406E-B4B6-BA981B331C26} - C:\WINDOWS\system32\pmnoOGWN.dll (file missing)
O2 - BHO: (no name) - {522E0112-EDD9-413D-A99E-C311A54B6676} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {86959FE0-462B-4162-9ED9-402A78B7C9F9} - (no file)
O2 - BHO: (no name) - {87EAA548-F021-4B07-872E-309CF96E204A} - C:\WINDOWS\system32\opnKDwuR.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: (no name) - {D2750932-B7C1-4B2C-A2C9-32CA193D702E} - (no file)
O2 - BHO: (no name) - {E335D7C5-C8B8-41EC-AAAF-A75DEA707C93} - C:\WINDOWS\system32\jkkLETKc.dll (file missing)
O2 - BHO: (no name) - {F43C3FF0-479C-495C-AA43-5275FA825372} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [94d4f9f9] rundll32.exe "C:\WINDOWS\system32\asxpmbdj.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [qmoclya] c:\documents and settings\seb elmon\local settings\application data\qmoclya.exe qmoclya
O4 - HKCU\..\Run: [hhmgkkoc] c:\documents and settings\seb elmon\local settings\application data\hhmgkkoc.exe hhmgkkoc
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: distributed.net client (dnetc) - Distributed Computing Technologies, Inc. - C:\WINDOWS\dnetc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:57:14, on 28/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\dnetc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\DOCUME~1\SEBELM~1\LOCALS~1\Temp\Répertoire temporaire 2 pour HiJackThis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fmsger%2ftabs%2f_pictos%2fcoca%2fPictoCoke02.png%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {29AB2B5B-392D-45C9-B323-CF4F65B07E7F} - C:\WINDOWS\system32\mlJDttuv.dll (file missing)
O2 - BHO: (no name) - {43FFFA70-B75A-4EDE-9B27-380F4B61B200} - C:\WINDOWS\system32\qoMghFvw.dll (file missing)
O2 - BHO: (no name) - {4AA5DEF4-A3F5-406E-B4B6-BA981B331C26} - C:\WINDOWS\system32\pmnoOGWN.dll (file missing)
O2 - BHO: (no name) - {522E0112-EDD9-413D-A99E-C311A54B6676} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {86959FE0-462B-4162-9ED9-402A78B7C9F9} - (no file)
O2 - BHO: (no name) - {87EAA548-F021-4B07-872E-309CF96E204A} - C:\WINDOWS\system32\opnKDwuR.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: (no name) - {D2750932-B7C1-4B2C-A2C9-32CA193D702E} - (no file)
O2 - BHO: (no name) - {E335D7C5-C8B8-41EC-AAAF-A75DEA707C93} - C:\WINDOWS\system32\jkkLETKc.dll (file missing)
O2 - BHO: (no name) - {F43C3FF0-479C-495C-AA43-5275FA825372} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [94d4f9f9] rundll32.exe "C:\WINDOWS\system32\asxpmbdj.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [qmoclya] c:\documents and settings\seb elmon\local settings\application data\qmoclya.exe qmoclya
O4 - HKCU\..\Run: [hhmgkkoc] c:\documents and settings\seb elmon\local settings\application data\hhmgkkoc.exe hhmgkkoc
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: distributed.net client (dnetc) - Distributed Computing Technologies, Inc. - C:\WINDOWS\dnetc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
Utilisateur anonyme
28 mai 2008 à 16:08
28 mai 2008 à 16:08
y a encore des petites bebetes
Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
desole j'ai du m'absenter
voici le rapport combofix
ComboFix 08-05-27.4 - Seb Elmon 2008-05-28 16:24:04.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.625 [GMT 2:00]
Endroit: C:\Documents and Settings\Seb Elmon\Mes documents\logiciel ordi\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\QTWMCI32.DLL
.
---- Previous Run -------
.
c:\Documents and Settings\Seb Elmon\Local Settings\Application Data\hhmgkkoc.dat
c:\Documents and Settings\Seb Elmon\Local Settings\Application Data\hhmgkkoc_nav.dat
c:\Documents and Settings\Seb Elmon\Local Settings\Application Data\hhmgkkoc_navps.dat
C:\WINDOWS\BM97e7ca65.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\AdMWaccf.ini
C:\WINDOWS\system32\AdMWaccf.ini2
C:\WINDOWS\system32\cKTELkkj.ini
C:\WINDOWS\system32\cKTELkkj.ini2
C:\WINDOWS\system32\ddMWFfhk.ini
C:\WINDOWS\system32\ddMWFfhk.ini2
C:\WINDOWS\system32\giqtavhy.ini
C:\WINDOWS\system32\gkvfmbsl.ini
C:\WINDOWS\system32\gPXaaGgh.ini
C:\WINDOWS\system32\gPXaaGgh.ini2
C:\WINDOWS\system32\hmxgdjvf.ini
C:\WINDOWS\system32\jdbmpxsa.ini
C:\WINDOWS\system32\jelajdan.ini
C:\WINDOWS\system32\jincxnjm.ini
C:\WINDOWS\system32\kgdwbmfi.ini
C:\WINDOWS\system32\NWGOonmp.ini
C:\WINDOWS\system32\NWGOonmp.ini2
C:\WINDOWS\system32\RuwDKnpo.ini
C:\WINDOWS\system32\RuwDKnpo.ini2
C:\WINDOWS\system32\syujytyu.ini
C:\WINDOWS\system32\tar.exe
C:\WINDOWS\system32\vsaqehrd.ini
C:\WINDOWS\system32\vuttDJlm.ini
C:\WINDOWS\system32\vuttDJlm.ini2
C:\WINDOWS\system32\wvFhgMoq.ini
C:\WINDOWS\system32\wvFhgMoq.ini2
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-28 to 2008-05-28 ))))))))))))))))))))))))))))))))))))
.
2008-05-28 15:03 . 2008-05-28 15:03 640,432 --a------ C:\upload_moi_ELMON.tar.gz
2008-05-28 12:26 . 2008-05-28 12:26 <REP> d-------- C:\Documents and Settings\Seb Elmon\Application Data\Malwarebytes
2008-05-28 12:25 . 2008-05-28 12:25 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-28 12:25 . 2008-05-28 12:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-28 12:25 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-28 12:25 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-22 11:18 . 2008-05-22 11:18 <REP> d-------- C:\kav
2008-05-21 19:56 . 2008-05-21 19:56 <REP> d-------- C:\VundoFix Backups
2008-05-10 15:00 . 2008-05-10 15:00 1 --a------ C:\WINDOWS\system32\kr_done1de
2008-05-08 14:41 . 2008-05-08 14:41 <REP> d-------- C:\Program Files\FileZilla FTP Client
2008-05-08 14:41 . 2008-05-08 15:16 <REP> d-------- C:\Documents and Settings\Seb Elmon\Application Data\FileZilla
2008-04-28 18:42 . 2008-04-28 18:42 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-28 18:42 . 2008-04-28 18:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-28 16:41 . 2008-04-28 16:41 <REP> d-------- C:\Program Files\Lavasoft
2008-04-28 16:41 . 2008-04-28 16:41 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-04-28 16:41 . 2008-04-28 16:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-22 09:20 --------- d-----w C:\Documents and Settings\Seb Elmon\Application Data\uTorrent
2008-05-22 08:18 --------- d-----w C:\Program Files\eMule
2008-05-15 08:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-09 10:51 --------- d-----w C:\Program Files\Luxor 3
2008-05-02 10:21 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-24 13:10 --------- d-----w C:\Program Files\Services en ligne
2008-04-24 11:35 --------- d-----w C:\Documents and Settings\Seb Elmon\Application Data\Flying Pig Systems
2008-04-24 11:31 --------- d-----w C:\Program Files\Flying Pig Systems
2008-04-24 11:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Flying Pig Systems
2008-04-19 09:26 --------- d-----w C:\Documents and Settings\Lucie Mothes\Application Data\Samsung
2008-04-18 16:06 --------- d-----w C:\Program Files\MSBuild
2008-04-18 16:03 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-04-17 23:43 --------- d-----w C:\Documents and Settings\Seb Elmon\Application Data\Samsung
2008-04-17 23:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-17 23:36 --------- d-----w C:\Program Files\Samsung
2008-04-17 23:35 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-04-17 23:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters
2008-04-14 23:01 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-14 23:01 --------- d-----w C:\Program Files\Microsoft Works
2008-04-14 22:48 --------- d-----w C:\Program Files\uTorrent
2008-04-14 22:35 --------- d-----w C:\Program Files\Dell
2008-04-14 22:28 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-04-14 22:25 --------- d-----w C:\Program Files\Windows Desktop Search
2008-04-14 22:17 --------- d-----w C:\Program Files\Java
2008-04-14 22:16 --------- d-----w C:\Program Files\Google
2008-04-13 16:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-09 18:19 --------- d-----w C:\Program Files\Resco
2008-04-09 18:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\MGS
2008-04-09 18:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microgaming
2008-04-09 17:32 --------- d-----w C:\Program Files\Jewel Quest
2008-04-09 13:59 --------- d-----w C:\Program Files\MSN Messenger
2008-04-09 13:26 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-09 13:10 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-04-04 18:11 --------- d-----w C:\Program Files\Yacht
2008-03-31 11:00 --------- d-----w C:\Program Files\WYSIWYG
2008-03-31 09:04 --------- d-----w C:\Program Files\PDFCreator
2008-03-31 09:03 253,116 ----a-w C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_1890.exe
2008-03-31 09:03 15,397 ----a-w C:\Program Files\settings.dat
2008-03-31 09:03 --------- d-----w C:\Program Files\PDFCreator Toolbar
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 194,144 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-01 16:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:57 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:56 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2006-06-06 14:50 88 --sh--r C:\WINDOWS\system32\AD353251F9.sys
2006-06-06 14:50 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29AB2B5B-392D-45C9-B323-CF4F65B07E7F}]
C:\WINDOWS\system32\mlJDttuv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43FFFA70-B75A-4EDE-9B27-380F4B61B200}]
C:\WINDOWS\system32\qoMghFvw.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4AA5DEF4-A3F5-406E-B4B6-BA981B331C26}]
C:\WINDOWS\system32\pmnoOGWN.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{87EAA548-F021-4B07-872E-309CF96E204A}]
C:\WINDOWS\system32\opnKDwuR.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E335D7C5-C8B8-41EC-AAAF-A75DEA707C93}]
C:\WINDOWS\system32\jkkLETKc.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"MsgCenterExe"="C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" [ ]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 10:42 202088]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-21 01:20 1211176]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01 67584]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 339968 C:\WINDOWS\stsystra.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05 344064]
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 03:10 409600]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"94d4f9f9"="C:\WINDOWS\system32\asxpmbdj.dll" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\WYSIWYG\\Bin\\Wyg.exe"=
"C:\\Program Files\\MA Lighting Technologies\\grandMA 3D\\GrandMA 3D.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Flying Pig Systems\\Hog3PC\\launcher-win32-golden.exe"=
"C:\\Program Files\\Flying Pig Systems\\Hog3PC\\server-win32-golden.exe"=
"C:\\Program Files\\Flying Pig Systems\\Hog3PC\\ob2000-win32-golden.exe"=
"C:\\Program Files\\Flying Pig Systems\\Hog3PC\\desktop-win32-golden.exe"=
"C:\\Program Files\\Flying Pig Systems\\Hog3PC\\critical-win32-golden.exe"=
"C:\\Program Files\\Flying Pig Systems\\Hog3PC\\livecache-win32-golden.exe"=
"C:\\kav\\kav7.0\\english\\setup.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 17:23]
R3 msloop;FPS Loopback Adapter Driver;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 21:53]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2006-06-07 14:45:11 C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-28 16:25:01
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-05-28 16:25:47
ComboFix-quarantined-files.txt 2008-05-28 14:25:33
Pre-Run: 113,792,741,376 octets libres
Post-Run: 113,785,692,160 octets libres
202 --- E O F --- 2008-05-28 09:46:02
voici le rapport combofix
ComboFix 08-05-27.4 - Seb Elmon 2008-05-28 16:24:04.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.625 [GMT 2:00]
Endroit: C:\Documents and Settings\Seb Elmon\Mes documents\logiciel ordi\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\QTWMCI32.DLL
.
---- Previous Run -------
.
c:\Documents and Settings\Seb Elmon\Local Settings\Application Data\hhmgkkoc.dat
c:\Documents and Settings\Seb Elmon\Local Settings\Application Data\hhmgkkoc_nav.dat
c:\Documents and Settings\Seb Elmon\Local Settings\Application Data\hhmgkkoc_navps.dat
C:\WINDOWS\BM97e7ca65.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\AdMWaccf.ini
C:\WINDOWS\system32\AdMWaccf.ini2
C:\WINDOWS\system32\cKTELkkj.ini
C:\WINDOWS\system32\cKTELkkj.ini2
C:\WINDOWS\system32\ddMWFfhk.ini
C:\WINDOWS\system32\ddMWFfhk.ini2
C:\WINDOWS\system32\giqtavhy.ini
C:\WINDOWS\system32\gkvfmbsl.ini
C:\WINDOWS\system32\gPXaaGgh.ini
C:\WINDOWS\system32\gPXaaGgh.ini2
C:\WINDOWS\system32\hmxgdjvf.ini
C:\WINDOWS\system32\jdbmpxsa.ini
C:\WINDOWS\system32\jelajdan.ini
C:\WINDOWS\system32\jincxnjm.ini
C:\WINDOWS\system32\kgdwbmfi.ini
C:\WINDOWS\system32\NWGOonmp.ini
C:\WINDOWS\system32\NWGOonmp.ini2
C:\WINDOWS\system32\RuwDKnpo.ini
C:\WINDOWS\system32\RuwDKnpo.ini2
C:\WINDOWS\system32\syujytyu.ini
C:\WINDOWS\system32\tar.exe
C:\WINDOWS\system32\vsaqehrd.ini
C:\WINDOWS\system32\vuttDJlm.ini
C:\WINDOWS\system32\vuttDJlm.ini2
C:\WINDOWS\system32\wvFhgMoq.ini
C:\WINDOWS\system32\wvFhgMoq.ini2
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-28 to 2008-05-28 ))))))))))))))))))))))))))))))))))))
.
2008-05-28 15:03 . 2008-05-28 15:03 640,432 --a------ C:\upload_moi_ELMON.tar.gz
2008-05-28 12:26 . 2008-05-28 12:26 <REP> d-------- C:\Documents and Settings\Seb Elmon\Application Data\Malwarebytes
2008-05-28 12:25 . 2008-05-28 12:25 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-28 12:25 . 2008-05-28 12:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-28 12:25 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-28 12:25 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-22 11:18 . 2008-05-22 11:18 <REP> d-------- C:\kav
2008-05-21 19:56 . 2008-05-21 19:56 <REP> d-------- C:\VundoFix Backups
2008-05-10 15:00 . 2008-05-10 15:00 1 --a------ C:\WINDOWS\system32\kr_done1de
2008-05-08 14:41 . 2008-05-08 14:41 <REP> d-------- C:\Program Files\FileZilla FTP Client
2008-05-08 14:41 . 2008-05-08 15:16 <REP> d-------- C:\Documents and Settings\Seb Elmon\Application Data\FileZilla
2008-04-28 18:42 . 2008-04-28 18:42 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-28 18:42 . 2008-04-28 18:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-28 16:41 . 2008-04-28 16:41 <REP> d-------- C:\Program Files\Lavasoft
2008-04-28 16:41 . 2008-04-28 16:41 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-04-28 16:41 . 2008-04-28 16:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-22 09:20 --------- d-----w C:\Documents and Settings\Seb Elmon\Application Data\uTorrent
2008-05-22 08:18 --------- d-----w C:\Program Files\eMule
2008-05-15 08:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-09 10:51 --------- d-----w C:\Program Files\Luxor 3
2008-05-02 10:21 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-24 13:10 --------- d-----w C:\Program Files\Services en ligne
2008-04-24 11:35 --------- d-----w C:\Documents and Settings\Seb Elmon\Application Data\Flying Pig Systems
2008-04-24 11:31 --------- d-----w C:\Program Files\Flying Pig Systems
2008-04-24 11:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Flying Pig Systems
2008-04-19 09:26 --------- d-----w C:\Documents and Settings\Lucie Mothes\Application Data\Samsung
2008-04-18 16:06 --------- d-----w C:\Program Files\MSBuild
2008-04-18 16:03 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-04-17 23:43 --------- d-----w C:\Documents and Settings\Seb Elmon\Application Data\Samsung
2008-04-17 23:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-17 23:36 --------- d-----w C:\Program Files\Samsung
2008-04-17 23:35 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-04-17 23:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters
2008-04-14 23:01 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-14 23:01 --------- d-----w C:\Program Files\Microsoft Works
2008-04-14 22:48 --------- d-----w C:\Program Files\uTorrent
2008-04-14 22:35 --------- d-----w C:\Program Files\Dell
2008-04-14 22:28 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-04-14 22:25 --------- d-----w C:\Program Files\Windows Desktop Search
2008-04-14 22:17 --------- d-----w C:\Program Files\Java
2008-04-14 22:16 --------- d-----w C:\Program Files\Google
2008-04-13 16:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-09 18:19 --------- d-----w C:\Program Files\Resco
2008-04-09 18:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\MGS
2008-04-09 18:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microgaming
2008-04-09 17:32 --------- d-----w C:\Program Files\Jewel Quest
2008-04-09 13:59 --------- d-----w C:\Program Files\MSN Messenger
2008-04-09 13:26 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-09 13:10 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-04-04 18:11 --------- d-----w C:\Program Files\Yacht
2008-03-31 11:00 --------- d-----w C:\Program Files\WYSIWYG
2008-03-31 09:04 --------- d-----w C:\Program Files\PDFCreator
2008-03-31 09:03 253,116 ----a-w C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_1890.exe
2008-03-31 09:03 15,397 ----a-w C:\Program Files\settings.dat
2008-03-31 09:03 --------- d-----w C:\Program Files\PDFCreator Toolbar
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 194,144 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-01 16:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:57 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:56 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2006-06-06 14:50 88 --sh--r C:\WINDOWS\system32\AD353251F9.sys
2006-06-06 14:50 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29AB2B5B-392D-45C9-B323-CF4F65B07E7F}]
C:\WINDOWS\system32\mlJDttuv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43FFFA70-B75A-4EDE-9B27-380F4B61B200}]
C:\WINDOWS\system32\qoMghFvw.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4AA5DEF4-A3F5-406E-B4B6-BA981B331C26}]
C:\WINDOWS\system32\pmnoOGWN.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{87EAA548-F021-4B07-872E-309CF96E204A}]
C:\WINDOWS\system32\opnKDwuR.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E335D7C5-C8B8-41EC-AAAF-A75DEA707C93}]
C:\WINDOWS\system32\jkkLETKc.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"MsgCenterExe"="C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" [ ]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 10:42 202088]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-21 01:20 1211176]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01 67584]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 339968 C:\WINDOWS\stsystra.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05 344064]
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 03:10 409600]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"94d4f9f9"="C:\WINDOWS\system32\asxpmbdj.dll" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\WYSIWYG\\Bin\\Wyg.exe"=
"C:\\Program Files\\MA Lighting Technologies\\grandMA 3D\\GrandMA 3D.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Flying Pig Systems\\Hog3PC\\launcher-win32-golden.exe"=
"C:\\Program Files\\Flying Pig Systems\\Hog3PC\\server-win32-golden.exe"=
"C:\\Program Files\\Flying Pig Systems\\Hog3PC\\ob2000-win32-golden.exe"=
"C:\\Program Files\\Flying Pig Systems\\Hog3PC\\desktop-win32-golden.exe"=
"C:\\Program Files\\Flying Pig Systems\\Hog3PC\\critical-win32-golden.exe"=
"C:\\Program Files\\Flying Pig Systems\\Hog3PC\\livecache-win32-golden.exe"=
"C:\\kav\\kav7.0\\english\\setup.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 17:23]
R3 msloop;FPS Loopback Adapter Driver;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 21:53]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2006-06-07 14:45:11 C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-28 16:25:01
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-05-28 16:25:47
ComboFix-quarantined-files.txt 2008-05-28 14:25:33
Pre-Run: 113,792,741,376 octets libres
Post-Run: 113,785,692,160 octets libres
202 --- E O F --- 2008-05-28 09:46:02
Utilisateur anonyme
28 mai 2008 à 18:10
28 mai 2008 à 18:10
ok
refais un scan hijackthis et poste le rapport stp
ensuite je regarde tout ça et je te dis la suite
refais un scan hijackthis et poste le rapport stp
ensuite je regarde tout ça et je te dis la suite
voila
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:12:25, on 28/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\dnetc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\SEBELM~1\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fmsger%2ftabs%2f_pictos%2fcoca%2fPictoCoke02.png%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {29AB2B5B-392D-45C9-B323-CF4F65B07E7F} - C:\WINDOWS\system32\mlJDttuv.dll (file missing)
O2 - BHO: (no name) - {43FFFA70-B75A-4EDE-9B27-380F4B61B200} - C:\WINDOWS\system32\qoMghFvw.dll (file missing)
O2 - BHO: (no name) - {4AA5DEF4-A3F5-406E-B4B6-BA981B331C26} - C:\WINDOWS\system32\pmnoOGWN.dll (file missing)
O2 - BHO: (no name) - {522E0112-EDD9-413D-A99E-C311A54B6676} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {86959FE0-462B-4162-9ED9-402A78B7C9F9} - (no file)
O2 - BHO: (no name) - {87EAA548-F021-4B07-872E-309CF96E204A} - C:\WINDOWS\system32\opnKDwuR.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: (no name) - {D2750932-B7C1-4B2C-A2C9-32CA193D702E} - (no file)
O2 - BHO: (no name) - {E335D7C5-C8B8-41EC-AAAF-A75DEA707C93} - C:\WINDOWS\system32\jkkLETKc.dll (file missing)
O2 - BHO: (no name) - {F43C3FF0-479C-495C-AA43-5275FA825372} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [94d4f9f9] rundll32.exe "C:\WINDOWS\system32\asxpmbdj.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: distributed.net client (dnetc) - Distributed Computing Technologies, Inc. - C:\WINDOWS\dnetc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:12:25, on 28/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\dnetc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\SEBELM~1\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fmsger%2ftabs%2f_pictos%2fcoca%2fPictoCoke02.png%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {29AB2B5B-392D-45C9-B323-CF4F65B07E7F} - C:\WINDOWS\system32\mlJDttuv.dll (file missing)
O2 - BHO: (no name) - {43FFFA70-B75A-4EDE-9B27-380F4B61B200} - C:\WINDOWS\system32\qoMghFvw.dll (file missing)
O2 - BHO: (no name) - {4AA5DEF4-A3F5-406E-B4B6-BA981B331C26} - C:\WINDOWS\system32\pmnoOGWN.dll (file missing)
O2 - BHO: (no name) - {522E0112-EDD9-413D-A99E-C311A54B6676} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {86959FE0-462B-4162-9ED9-402A78B7C9F9} - (no file)
O2 - BHO: (no name) - {87EAA548-F021-4B07-872E-309CF96E204A} - C:\WINDOWS\system32\opnKDwuR.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: (no name) - {D2750932-B7C1-4B2C-A2C9-32CA193D702E} - (no file)
O2 - BHO: (no name) - {E335D7C5-C8B8-41EC-AAAF-A75DEA707C93} - C:\WINDOWS\system32\jkkLETKc.dll (file missing)
O2 - BHO: (no name) - {F43C3FF0-479C-495C-AA43-5275FA825372} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [94d4f9f9] rundll32.exe "C:\WINDOWS\system32\asxpmbdj.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: distributed.net client (dnetc) - Distributed Computing Technologies, Inc. - C:\WINDOWS\dnetc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
Utilisateur anonyme
28 mai 2008 à 18:27
28 mai 2008 à 18:27
Copie le texte ci-dessous :
File::
c:\Documents and Settings\Seb Elmon\Local Settings\Application Data\hhmgkkoc.dat
c:\Documents and Settings\Seb Elmon\Local Settings\Application Data\hhmgkkoc_nav.dat
c:\Documents and Settings\Seb Elmon\Local Settings\Application Data\hhmgkkoc_navps.dat
C:\WINDOWS\system32\AdMWaccf.ini2
C:\WINDOWS\system32\cKTELkkj.ini2
C:\WINDOWS\system32\gPXaaGgh.ini2
C:\WINDOWS\system32\NWGOonmp.ini2
C:\WINDOWS\system32\RuwDKnpo.ini2
C:\WINDOWS\system32\vuttDJlm.ini2
C:\WINDOWS\system32\wvFhgMoq.ini2
C:\WINDOWS\system32\ddMWFfhk.ini2
C:\WINDOWS\system32\AD353251F9.sys
C:\WINDOWS\system32\KGyGaAvL.sys
C:\WINDOWS\system32\asxpmbdj.dll
C:\WINDOWS\system32\mlJDttuv.dll
C:\WINDOWS\system32\qoMghFvw.dll
C:\WINDOWS\system32\pmnoOGWN.dll
C:\WINDOWS\system32\opnKDwuR.dll
C:\WINDOWS\system32\jkkLETKc.dll
Folder::
C:\WINDOWS\system32\kr_done1de
Registry::
HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29AB2B5B-392D-45C9-B323-CF4F65B07E7F}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43FFFA70-B75A-4EDE-9B27-380F4B61B200}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4AA5DEF4-A3F5-406E-B4B6-BA981B331C26}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{87EAA548-F021-4B07-872E-309CF96E204A}]
[HEY_LOCAL_MACHINE\~\Browser Helper Objects\{E335D7C5-C8B8-41EC-AAAF-A75DEA707C93}]
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
File::
c:\Documents and Settings\Seb Elmon\Local Settings\Application Data\hhmgkkoc.dat
c:\Documents and Settings\Seb Elmon\Local Settings\Application Data\hhmgkkoc_nav.dat
c:\Documents and Settings\Seb Elmon\Local Settings\Application Data\hhmgkkoc_navps.dat
C:\WINDOWS\system32\AdMWaccf.ini2
C:\WINDOWS\system32\cKTELkkj.ini2
C:\WINDOWS\system32\gPXaaGgh.ini2
C:\WINDOWS\system32\NWGOonmp.ini2
C:\WINDOWS\system32\RuwDKnpo.ini2
C:\WINDOWS\system32\vuttDJlm.ini2
C:\WINDOWS\system32\wvFhgMoq.ini2
C:\WINDOWS\system32\ddMWFfhk.ini2
C:\WINDOWS\system32\AD353251F9.sys
C:\WINDOWS\system32\KGyGaAvL.sys
C:\WINDOWS\system32\asxpmbdj.dll
C:\WINDOWS\system32\mlJDttuv.dll
C:\WINDOWS\system32\qoMghFvw.dll
C:\WINDOWS\system32\pmnoOGWN.dll
C:\WINDOWS\system32\opnKDwuR.dll
C:\WINDOWS\system32\jkkLETKc.dll
Folder::
C:\WINDOWS\system32\kr_done1de
Registry::
HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29AB2B5B-392D-45C9-B323-CF4F65B07E7F}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43FFFA70-B75A-4EDE-9B27-380F4B61B200}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4AA5DEF4-A3F5-406E-B4B6-BA981B331C26}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{87EAA548-F021-4B07-872E-309CF96E204A}]
[HEY_LOCAL_MACHINE\~\Browser Helper Objects\{E335D7C5-C8B8-41EC-AAAF-A75DEA707C93}]
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
pas de redemarage
ComboFix 08-05-27.4 - Seb Elmon 2008-05-28 18:37:42.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.564 [GMT 2:00]
Endroit: C:\Documents and Settings\Seb Elmon\Mes documents\logiciel ordi\ComboFix.exe
Command switches used :: C:\CFScript.txt..txt
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
FILE ::
c:\Documents and Settings\Seb Elmon\Local Settings\Application Data\hhmgkkoc.dat
c:\Documents and Settings\Seb Elmon\Local Settings\Application Data\hhmgkkoc_nav.dat
c:\Documents and Settings\Seb Elmon\Local Settings\Application Data\hhmgkkoc_navps.dat
C:\WINDOWS\system32\AD353251F9.sys
C:\WINDOWS\system32\AdMWaccf.ini2
C:\WINDOWS\system32\asxpmbdj.dll
C:\WINDOWS\system32\cKTELkkj.ini2
C:\WINDOWS\system32\ddMWFfhk.ini2
C:\WINDOWS\system32\gPXaaGgh.ini2
C:\WINDOWS\system32\jkkLETKc.dll
C:\WINDOWS\system32\KGyGaAvL.sys
C:\WINDOWS\system32\mlJDttuv.dll
C:\WINDOWS\system32\NWGOonmp.ini2
C:\WINDOWS\system32\opnKDwuR.dll
C:\WINDOWS\system32\pmnoOGWN.dll
C:\WINDOWS\system32\qoMghFvw.dll
C:\WINDOWS\system32\RuwDKnpo.ini2
C:\WINDOWS\system32\vuttDJlm.ini2
C:\WINDOWS\system32\wvFhgMoq.ini2
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\AD353251F9.sys
C:\WINDOWS\system32\KGyGaAvL.sys
C:\WINDOWS\system32\kr_done1de\
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-28 to 2008-05-28 ))))))))))))))))))))))))))))))))))))
.
2008-05-28 15:03 . 2008-05-28 15:03 640,432 --a------ C:\upload_moi_ELMON.tar.gz
2008-05-28 12:26 . 2008-05-28 12:26 <REP> d-------- C:\Documents and Settings\Seb Elmon\Application Data\Malwarebytes
2008-05-28 12:25 . 2008-05-28 12:25 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-28 12:25 . 2008-05-28 12:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-28 12:25 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-28 12:25 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-22 11:18 . 2008-05-22 11:18 <REP> d-------- C:\kav
2008-05-21 19:56 . 2008-05-21 19:56 <REP> d-------- C:\VundoFix Backups
2008-05-10 15:00 . 2008-05-10 15:00 1 --a------ C:\WINDOWS\system32\kr_done1de
2008-05-08 14:41 . 2008-05-08 14:41 <REP> d-------- C:\Program Files\FileZilla FTP Client
2008-05-08 14:41 . 2008-05-08 15:16 <REP> d-------- C:\Documents and Settings\Seb Elmon\Application Data\FileZilla
2008-04-28 18:42 . 2008-04-28 18:42 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-28 18:42 . 2008-04-28 18:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-28 16:41 . 2008-04-28 16:41 <REP> d-------- C:\Program Files\Lavasoft
2008-04-28 16:41 . 2008-04-28 16:41 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-04-28 16:41 . 2008-04-28 16:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-22 09:20 --------- d-----w C:\Documents and Settings\Seb Elmon\Application Data\uTorrent
2008-05-22 08:18 --------- d-----w C:\Program Files\eMule
2008-05-15 08:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-09 10:51 --------- d-----w C:\Program Files\Luxor 3
2008-05-02 10:21 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-24 13:10 --------- d-----w C:\Program Files\Services en ligne
2008-04-24 11:35 --------- d-----w C:\Documents and Settings\Seb Elmon\Application Data\Flying Pig Systems
2008-04-24 11:31 --------- d-----w C:\Program Files\Flying Pig Systems
2008-04-24 11:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Flying Pig Systems
2008-04-19 09:26 --------- d-----w C:\Documents and Settings\Lucie Mothes\Application Data\Samsung
2008-04-18 16:06 --------- d-----w C:\Program Files\MSBuild
2008-04-18 16:03 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-04-17 23:43 --------- d-----w C:\Documents and Settings\Seb Elmon\Application Data\Samsung
2008-04-17 23:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-17 23:36 --------- d-----w C:\Program Files\Samsung
2008-04-17 23:35 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-04-17 23:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters
2008-04-14 23:01 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-14 23:01 --------- d-----w C:\Program Files\Microsoft Works
2008-04-14 22:48 --------- d-----w C:\Program Files\uTorrent
2008-04-14 22:35 --------- d-----w C:\Program Files\Dell
2008-04-14 22:28 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-04-14 22:25 --------- d-----w C:\Program Files\Windows Desktop Search
2008-04-14 22:17 --------- d-----w C:\Program Files\Java
2008-04-14 22:16 --------- d-----w C:\Program Files\Google
2008-04-13 16:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-09 18:19 --------- d-----w C:\Program Files\Resco
2008-04-09 18:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\MGS
2008-04-09 18:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microgaming
2008-04-09 17:32 --------- d-----w C:\Program Files\Jewel Quest
2008-04-09 13:59 --------- d-----w C:\Program Files\MSN Messenger
2008-04-09 13:26 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-09 13:10 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-04-04 18:11 --------- d-----w C:\Program Files\Yacht
2008-03-31 11:00 --------- d-----w C:\Program Files\WYSIWYG
2008-03-31 09:04 --------- d-----w C:\Program Files\PDFCreator
2008-03-31 09:03 253,116 ----a-w C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_1890.exe
2008-03-31 09:03 15,397 ----a-w C:\Program Files\settings.dat
2008-03-31 09:03 --------- d-----w C:\Program Files\PDFCreator Toolbar
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 194,144 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-01 16:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:57 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:56 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29AB2B5B-392D-45C9-B323-CF4F65B07E7F}]
C:\WINDOWS\system32\mlJDttuv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43FFFA70-B75A-4EDE-9B27-380F4B61B200}]
C:\WINDOWS\system32\qoMghFvw.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4AA5DEF4-A3F5-406E-B4B6-BA981B331C26}]
C:\WINDOWS\system32\pmnoOGWN.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{522E0112-EDD9-413D-A99E-C311A54B6676}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86959FE0-462B-4162-9ED9-402A78B7C9F9}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{87EAA548-F021-4B07-872E-309CF96E204A}]
C:\WINDOWS\system32\opnKDwuR.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D2750932-B7C1-4B2C-A2C9-32CA193D702E}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E335D7C5-C8B8-41EC-AAAF-A75DEA707C93}]
C:\WINDOWS\system32\jkkLETKc.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F43C3FF0-479C-495C-AA43-5275FA825372}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"MsgCenterExe"="C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" [ ]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 10:42 202088]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-21 01:20 1211176]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01 67584]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 339968 C:\WINDOWS\stsystra.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05 344064]
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 03:10 409600]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"94d4f9f9"="C:\WINDOWS\system32\asxpmbdj.dll" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\WYSIWYG\\Bin\\Wyg.exe"=
"C:\\Program Files\\MA Lighting Technologies\\grandMA 3D\\GrandMA 3D.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Flying Pig Systems\\Hog3PC\\launcher-win32-golden.exe"=
"C:\\Program Files\\Flying Pig Systems\\Hog3PC\\server-win32-golden.exe"=
"C:\\Program Files\\Flying Pig Systems\\Hog3PC\\ob2000-win32-golden.exe"=
"C:\\Program Files\\Flying Pig Systems\\Hog3PC\\desktop-win32-golden.exe"=
"C:\\Program Files\\Flying Pig Systems\\Hog3PC\\critical-win32-golden.exe"=
"C:\\Program Files\\Flying Pig Systems\\Hog3PC\\livecache-win32-golden.exe"=
"C:\\kav\\kav7.0\\english\\setup.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 17:23]
R3 msloop;FPS Loopback Adapter Driver;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 21:53]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2006-06-07 14:45:11 C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-28 18:38:34
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-05-28 18:39:19
ComboFix-quarantined-files.txt 2008-05-28 16:39:07
ComboFix2.txt 2008-05-28 14:25:48
Pre-Run: 113,749,393,408 octets libres
Post-Run: 113,741,541,376 octets libres
195 --- E O F --- 2008-05-28 09:46:02
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:50:06, on 28/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\dnetc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
C:\DOCUME~1\SEBELM~1\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fmsger%2ftabs%2f_pictos%2fcoca%2fPictoCoke02.png%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {29AB2B5B-392D-45C9-B323-CF4F65B07E7F} - C:\WINDOWS\system32\mlJDttuv.dll (file missing)
O2 - BHO: (no name) - {43FFFA70-B75A-4EDE-9B27-380F4B61B200} - C:\WINDOWS\system32\qoMghFvw.dll (file missing)
O2 - BHO: (no name) - {4AA5DEF4-A3F5-406E-B4B6-BA981B331C26} - C:\WINDOWS\system32\pmnoOGWN.dll (file missing)
O2 - BHO: (no name) - {522E0112-EDD9-413D-A99E-C311A54B6676} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {86959FE0-462B-4162-9ED9-402A78B7C9F9} - (no file)
O2 - BHO: (no name) - {87EAA548-F021-4B07-872E-309CF96E204A} - C:\WINDOWS\system32\opnKDwuR.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: (no name) - {D2750932-B7C1-4B2C-A2C9-32CA193D702E} - (no file)
O2 - BHO: (no name) - {E335D7C5-C8B8-41EC-AAAF-A75DEA707C93} - C:\WINDOWS\system32\jkkLETKc.dll (file missing)
O2 - BHO: (no name) - {F43C3FF0-479C-495C-AA43-5275FA825372} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [94d4f9f9] rundll32.exe "C:\WINDOWS\system32\asxpmbdj.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: distributed.net client (dnetc) - Distributed Computing Technologies, Inc. - C:\WINDOWS\dnetc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
ComboFix 08-05-27.4 - Seb Elmon 2008-05-28 18:37:42.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.564 [GMT 2:00]
Endroit: C:\Documents and Settings\Seb Elmon\Mes documents\logiciel ordi\ComboFix.exe
Command switches used :: C:\CFScript.txt..txt
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
FILE ::
c:\Documents and Settings\Seb Elmon\Local Settings\Application Data\hhmgkkoc.dat
c:\Documents and Settings\Seb Elmon\Local Settings\Application Data\hhmgkkoc_nav.dat
c:\Documents and Settings\Seb Elmon\Local Settings\Application Data\hhmgkkoc_navps.dat
C:\WINDOWS\system32\AD353251F9.sys
C:\WINDOWS\system32\AdMWaccf.ini2
C:\WINDOWS\system32\asxpmbdj.dll
C:\WINDOWS\system32\cKTELkkj.ini2
C:\WINDOWS\system32\ddMWFfhk.ini2
C:\WINDOWS\system32\gPXaaGgh.ini2
C:\WINDOWS\system32\jkkLETKc.dll
C:\WINDOWS\system32\KGyGaAvL.sys
C:\WINDOWS\system32\mlJDttuv.dll
C:\WINDOWS\system32\NWGOonmp.ini2
C:\WINDOWS\system32\opnKDwuR.dll
C:\WINDOWS\system32\pmnoOGWN.dll
C:\WINDOWS\system32\qoMghFvw.dll
C:\WINDOWS\system32\RuwDKnpo.ini2
C:\WINDOWS\system32\vuttDJlm.ini2
C:\WINDOWS\system32\wvFhgMoq.ini2
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\AD353251F9.sys
C:\WINDOWS\system32\KGyGaAvL.sys
C:\WINDOWS\system32\kr_done1de\
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-28 to 2008-05-28 ))))))))))))))))))))))))))))))))))))
.
2008-05-28 15:03 . 2008-05-28 15:03 640,432 --a------ C:\upload_moi_ELMON.tar.gz
2008-05-28 12:26 . 2008-05-28 12:26 <REP> d-------- C:\Documents and Settings\Seb Elmon\Application Data\Malwarebytes
2008-05-28 12:25 . 2008-05-28 12:25 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-28 12:25 . 2008-05-28 12:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-28 12:25 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-28 12:25 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-22 11:18 . 2008-05-22 11:18 <REP> d-------- C:\kav
2008-05-21 19:56 . 2008-05-21 19:56 <REP> d-------- C:\VundoFix Backups
2008-05-10 15:00 . 2008-05-10 15:00 1 --a------ C:\WINDOWS\system32\kr_done1de
2008-05-08 14:41 . 2008-05-08 14:41 <REP> d-------- C:\Program Files\FileZilla FTP Client
2008-05-08 14:41 . 2008-05-08 15:16 <REP> d-------- C:\Documents and Settings\Seb Elmon\Application Data\FileZilla
2008-04-28 18:42 . 2008-04-28 18:42 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-28 18:42 . 2008-04-28 18:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-28 16:41 . 2008-04-28 16:41 <REP> d-------- C:\Program Files\Lavasoft
2008-04-28 16:41 . 2008-04-28 16:41 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-04-28 16:41 . 2008-04-28 16:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-22 09:20 --------- d-----w C:\Documents and Settings\Seb Elmon\Application Data\uTorrent
2008-05-22 08:18 --------- d-----w C:\Program Files\eMule
2008-05-15 08:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-09 10:51 --------- d-----w C:\Program Files\Luxor 3
2008-05-02 10:21 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-24 13:10 --------- d-----w C:\Program Files\Services en ligne
2008-04-24 11:35 --------- d-----w C:\Documents and Settings\Seb Elmon\Application Data\Flying Pig Systems
2008-04-24 11:31 --------- d-----w C:\Program Files\Flying Pig Systems
2008-04-24 11:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Flying Pig Systems
2008-04-19 09:26 --------- d-----w C:\Documents and Settings\Lucie Mothes\Application Data\Samsung
2008-04-18 16:06 --------- d-----w C:\Program Files\MSBuild
2008-04-18 16:03 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-04-17 23:43 --------- d-----w C:\Documents and Settings\Seb Elmon\Application Data\Samsung
2008-04-17 23:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-17 23:36 --------- d-----w C:\Program Files\Samsung
2008-04-17 23:35 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-04-17 23:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters
2008-04-14 23:01 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-14 23:01 --------- d-----w C:\Program Files\Microsoft Works
2008-04-14 22:48 --------- d-----w C:\Program Files\uTorrent
2008-04-14 22:35 --------- d-----w C:\Program Files\Dell
2008-04-14 22:28 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-04-14 22:25 --------- d-----w C:\Program Files\Windows Desktop Search
2008-04-14 22:17 --------- d-----w C:\Program Files\Java
2008-04-14 22:16 --------- d-----w C:\Program Files\Google
2008-04-13 16:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-09 18:19 --------- d-----w C:\Program Files\Resco
2008-04-09 18:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\MGS
2008-04-09 18:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microgaming
2008-04-09 17:32 --------- d-----w C:\Program Files\Jewel Quest
2008-04-09 13:59 --------- d-----w C:\Program Files\MSN Messenger
2008-04-09 13:26 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-09 13:10 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-04-04 18:11 --------- d-----w C:\Program Files\Yacht
2008-03-31 11:00 --------- d-----w C:\Program Files\WYSIWYG
2008-03-31 09:04 --------- d-----w C:\Program Files\PDFCreator
2008-03-31 09:03 253,116 ----a-w C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_1890.exe
2008-03-31 09:03 15,397 ----a-w C:\Program Files\settings.dat
2008-03-31 09:03 --------- d-----w C:\Program Files\PDFCreator Toolbar
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 194,144 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-01 16:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:57 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:56 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29AB2B5B-392D-45C9-B323-CF4F65B07E7F}]
C:\WINDOWS\system32\mlJDttuv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43FFFA70-B75A-4EDE-9B27-380F4B61B200}]
C:\WINDOWS\system32\qoMghFvw.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4AA5DEF4-A3F5-406E-B4B6-BA981B331C26}]
C:\WINDOWS\system32\pmnoOGWN.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{522E0112-EDD9-413D-A99E-C311A54B6676}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86959FE0-462B-4162-9ED9-402A78B7C9F9}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{87EAA548-F021-4B07-872E-309CF96E204A}]
C:\WINDOWS\system32\opnKDwuR.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D2750932-B7C1-4B2C-A2C9-32CA193D702E}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E335D7C5-C8B8-41EC-AAAF-A75DEA707C93}]
C:\WINDOWS\system32\jkkLETKc.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F43C3FF0-479C-495C-AA43-5275FA825372}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"MsgCenterExe"="C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" [ ]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 10:42 202088]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-21 01:20 1211176]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01 67584]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 339968 C:\WINDOWS\stsystra.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05 344064]
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 03:10 409600]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"94d4f9f9"="C:\WINDOWS\system32\asxpmbdj.dll" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\WYSIWYG\\Bin\\Wyg.exe"=
"C:\\Program Files\\MA Lighting Technologies\\grandMA 3D\\GrandMA 3D.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Flying Pig Systems\\Hog3PC\\launcher-win32-golden.exe"=
"C:\\Program Files\\Flying Pig Systems\\Hog3PC\\server-win32-golden.exe"=
"C:\\Program Files\\Flying Pig Systems\\Hog3PC\\ob2000-win32-golden.exe"=
"C:\\Program Files\\Flying Pig Systems\\Hog3PC\\desktop-win32-golden.exe"=
"C:\\Program Files\\Flying Pig Systems\\Hog3PC\\critical-win32-golden.exe"=
"C:\\Program Files\\Flying Pig Systems\\Hog3PC\\livecache-win32-golden.exe"=
"C:\\kav\\kav7.0\\english\\setup.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 17:23]
R3 msloop;FPS Loopback Adapter Driver;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 21:53]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2006-06-07 14:45:11 C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-28 18:38:34
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-05-28 18:39:19
ComboFix-quarantined-files.txt 2008-05-28 16:39:07
ComboFix2.txt 2008-05-28 14:25:48
Pre-Run: 113,749,393,408 octets libres
Post-Run: 113,741,541,376 octets libres
195 --- E O F --- 2008-05-28 09:46:02
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:50:06, on 28/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\dnetc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
C:\DOCUME~1\SEBELM~1\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fmsger%2ftabs%2f_pictos%2fcoca%2fPictoCoke02.png%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {29AB2B5B-392D-45C9-B323-CF4F65B07E7F} - C:\WINDOWS\system32\mlJDttuv.dll (file missing)
O2 - BHO: (no name) - {43FFFA70-B75A-4EDE-9B27-380F4B61B200} - C:\WINDOWS\system32\qoMghFvw.dll (file missing)
O2 - BHO: (no name) - {4AA5DEF4-A3F5-406E-B4B6-BA981B331C26} - C:\WINDOWS\system32\pmnoOGWN.dll (file missing)
O2 - BHO: (no name) - {522E0112-EDD9-413D-A99E-C311A54B6676} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {86959FE0-462B-4162-9ED9-402A78B7C9F9} - (no file)
O2 - BHO: (no name) - {87EAA548-F021-4B07-872E-309CF96E204A} - C:\WINDOWS\system32\opnKDwuR.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: (no name) - {D2750932-B7C1-4B2C-A2C9-32CA193D702E} - (no file)
O2 - BHO: (no name) - {E335D7C5-C8B8-41EC-AAAF-A75DEA707C93} - C:\WINDOWS\system32\jkkLETKc.dll (file missing)
O2 - BHO: (no name) - {F43C3FF0-479C-495C-AA43-5275FA825372} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [94d4f9f9] rundll32.exe "C:\WINDOWS\system32\asxpmbdj.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: distributed.net client (dnetc) - Distributed Computing Technologies, Inc. - C:\WINDOWS\dnetc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
Utilisateur anonyme
28 mai 2008 à 19:00
28 mai 2008 à 19:00
ok il reste un truc a verifé .....
mais avant un peux de ménage s impose :
réouvre hijackthis
fais scan only
coche toutes ces lignes :
O2 - BHO: (no name) - {29AB2B5B-392D-45C9-B323-CF4F65B07E7F} - C:\WINDOWS\system32\mlJDttuv.dll (file missing)
O2 - BHO: (no name) - {43FFFA70-B75A-4EDE-9B27-380F4B61B200} - C:\WINDOWS\system32\qoMghFvw.dll (file missing)
O2 - BHO: (no name) - {4AA5DEF4-A3F5-406E-B4B6-BA981B331C26} - C:\WINDOWS\system32\pmnoOGWN.dll (file missing)
O2 - BHO: (no name) - {522E0112-EDD9-413D-A99E-C311A54B6676} - (no file)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: (no name) - {86959FE0-462B-4162-9ED9-402A78B7C9F9} - (no file)
O2 - BHO: (no name) - {87EAA548-F021-4B07-872E-309CF96E204A} - C:\WINDOWS\system32\opnKDwuR.dll (file missing)
O2 - BHO: (no name) - {D2750932-B7C1-4B2C-A2C9-32CA193D702E} - (no file)
O2 - BHO: (no name) - {E335D7C5-C8B8-41EC-AAAF-A75DEA707C93} - C:\WINDOWS\system32\jkkLETKc.dll (file missing)
O2 - BHO: (no name) - {F43C3FF0-479C-495C-AA43-5275FA825372} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
tu les coches et tu clic sur fix checked
ensuite désinstal java car pas a jours et telecharge et instal cette version :
https://www.java.com/fr/download/manual.jsp
ensuite :
regarde ceci concernant avast :
antivir vs avast :
-> http://forum.malekal.com/ftopic3528.php
alors je te conseille de le desinstaller et d´installer antivir a la place
Telecharge et instales l'antivirus Antivir Personal Edition Classic :
->https://www.malekal.com/avira-free-security-antivirus-gratuit/
https://www.avira.com/en/prime
http://mickael.barroux.free.fr/securite/antivir.php
http://speedweb1.free.fr/frames2.php?page=tuto5
Pour désinstaller Avast telecharge cet outil
https://www.avast.com/fr-fr/uninstall-utility
telecharge Ccleaner :
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
instal le sans la barre yahoo
fais lancer le nettoyage
repete l opération jusqu a ce qu il trouve rien
ensuite fais registre
fais chercher les erreures
ensuite fais corriger les erreures
repete l opération jusqu a ce qu il trouve rien
et pour finir :
Rend toi sur ce site :
http://www.virustotal.com/xhtml/virustotal_en.html
Clik sur parcourir
Recherche ceci :
C:\WINDOWS\system32\asxpmbdj.dll
Clik send et colle le rapport sur le forum stp
mais avant un peux de ménage s impose :
réouvre hijackthis
fais scan only
coche toutes ces lignes :
O2 - BHO: (no name) - {29AB2B5B-392D-45C9-B323-CF4F65B07E7F} - C:\WINDOWS\system32\mlJDttuv.dll (file missing)
O2 - BHO: (no name) - {43FFFA70-B75A-4EDE-9B27-380F4B61B200} - C:\WINDOWS\system32\qoMghFvw.dll (file missing)
O2 - BHO: (no name) - {4AA5DEF4-A3F5-406E-B4B6-BA981B331C26} - C:\WINDOWS\system32\pmnoOGWN.dll (file missing)
O2 - BHO: (no name) - {522E0112-EDD9-413D-A99E-C311A54B6676} - (no file)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: (no name) - {86959FE0-462B-4162-9ED9-402A78B7C9F9} - (no file)
O2 - BHO: (no name) - {87EAA548-F021-4B07-872E-309CF96E204A} - C:\WINDOWS\system32\opnKDwuR.dll (file missing)
O2 - BHO: (no name) - {D2750932-B7C1-4B2C-A2C9-32CA193D702E} - (no file)
O2 - BHO: (no name) - {E335D7C5-C8B8-41EC-AAAF-A75DEA707C93} - C:\WINDOWS\system32\jkkLETKc.dll (file missing)
O2 - BHO: (no name) - {F43C3FF0-479C-495C-AA43-5275FA825372} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
tu les coches et tu clic sur fix checked
ensuite désinstal java car pas a jours et telecharge et instal cette version :
https://www.java.com/fr/download/manual.jsp
ensuite :
regarde ceci concernant avast :
antivir vs avast :
-> http://forum.malekal.com/ftopic3528.php
alors je te conseille de le desinstaller et d´installer antivir a la place
Telecharge et instales l'antivirus Antivir Personal Edition Classic :
->https://www.malekal.com/avira-free-security-antivirus-gratuit/
https://www.avira.com/en/prime
http://mickael.barroux.free.fr/securite/antivir.php
http://speedweb1.free.fr/frames2.php?page=tuto5
Pour désinstaller Avast telecharge cet outil
https://www.avast.com/fr-fr/uninstall-utility
telecharge Ccleaner :
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
instal le sans la barre yahoo
fais lancer le nettoyage
repete l opération jusqu a ce qu il trouve rien
ensuite fais registre
fais chercher les erreures
ensuite fais corriger les erreures
repete l opération jusqu a ce qu il trouve rien
et pour finir :
Rend toi sur ce site :
http://www.virustotal.com/xhtml/virustotal_en.html
Clik sur parcourir
Recherche ceci :
C:\WINDOWS\system32\asxpmbdj.dll
Clik send et colle le rapport sur le forum stp
j'ai tout fait sauf la fin car je ne trouve pas C:\WINDOWS\system32\asxpmbdj.dll dans parcourir du logiciel fourni par ton lien
Utilisateur anonyme
28 mai 2008 à 20:29
28 mai 2008 à 20:29
parfais
j ai fais ma recherche de mon coté a son sujet
télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la ligne qui se trouve ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
C:\WINDOWS\system32\asxpmbdj.dll
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
j ai fais ma recherche de mon coté a son sujet
télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la ligne qui se trouve ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
C:\WINDOWS\system32\asxpmbdj.dll
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
File/Folder C:\WINDOWS\system32\asxpmbdj.dll not found.
OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05282008_204237
OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05282008_204237
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:51:36, on 28/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\dnetc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\SEBELM~1\LOCALS~1\Temp\Répertoire temporaire 3 pour HiJackThis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fmsger%2ftabs%2f_pictos%2fcoca%2fPictoCoke02.png%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [94d4f9f9] rundll32.exe "C:\WINDOWS\system32\asxpmbdj.dll",b
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: distributed.net client (dnetc) - Distributed Computing Technologies, Inc. - C:\WINDOWS\dnetc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
Scan saved at 20:51:36, on 28/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\dnetc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\SEBELM~1\LOCALS~1\Temp\Répertoire temporaire 3 pour HiJackThis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fmsger%2ftabs%2f_pictos%2fcoca%2fPictoCoke02.png%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [94d4f9f9] rundll32.exe "C:\WINDOWS\system32\asxpmbdj.dll",b
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: distributed.net client (dnetc) - Distributed Computing Technologies, Inc. - C:\WINDOWS\dnetc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
29 mai 2008 à 23:12
Deckard's System Scanner v20071014.68
Run by Seb Elmon on 2008-05-29 23:06:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
19: 2008-05-29 21:06:15 UTC - RP481 - Deckard's System Scanner Restore Point
18: 2008-05-29 18:40:38 UTC - RP480 - Point de vérification système
17: 2008-05-28 17:57:52 UTC - RP479 - AntiVir PersonalEdition Classic - 28/05/2008 19:57
16: 2008-05-28 17:31:55 UTC - RP478 - Installé OpenOffice.org Installer 1.0
15: 2008-05-28 17:20:48 UTC - RP477 - Installé Java(TM) 6 Update 6
-- First Restore Point --
1: 2008-05-10 13:03:06 UTC - RP463 - Point de vérification système
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Seb Elmon.exe) -------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:08:00, on 29/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\dnetc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Seb Elmon\Mes documents\logiciel ordi\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Seb Elmon.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fmsger%2ftabs%2f_pictos%2fcoca%2fPictoCoke02.png%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [94d4f9f9] rundll32.exe "C:\WINDOWS\system32\asxpmbdj.dll",b
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: distributed.net client (dnetc) - Distributed Computing Technologies, Inc. - C:\WINDOWS\dnetc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
29 mai 2008 à 23:20
SystemScan - www.suspectfile.com - ver. 3.5.5 (code: holifay & bReAkdOWn)
Running on: Windows XP PROFESSIONAL Edition, Service Pack 2 (2600.5.1)
System directory: C:\WINDOWS
SystemScan file: C:\Documents and Settings\Seb Elmon\Mes documents\logiciel ordi\sys92499.exe
Running in: User mode
Date: 29/05/2008
Time: 23:18:20
Output limited to:
-Recent files
-Registry Run Keys
-Suspicious Files
===================== RECENT FILES =====================
Showing files newer than 30 days
----- recent files in C:\
10/05/2008 14:59:38 (DIR) 0 byte 19 days old -- System Volume Information
15/05/2008 14:06:30 (DIR) 0 byte 14 days old -- i386
22/05/2008 11:18:14 (DIR) 0 byte 7 days old -- kav
23/05/2008 19:26:53 969 byte 6 days old -- VundoFix.txt
28/05/2008 15:03:41 640432 byte 1 days old -- upload_moi_ELMON.tar.gz
28/05/2008 15:30:47 198 byte 1 days old -- resultat_clean.txt
28/05/2008 15:32:50 637 byte 1 days old -- rapport_clean.txt
28/05/2008 18:39:20 13463 byte 1 days old -- ComboFix.txt
28/05/2008 18:54:04 (DIR) 0 byte 1 days old -- RECYCLER
28/05/2008 19:31:57 (DIR) 0 byte 1 days old -- Config.Msi
28/05/2008 21:15:45 3103 byte 1 days old -- TCleaner.txt
29/05/2008 22:04:22 209 byte 0 days old -- boot.ini
29/05/2008 22:24:00 1610612736 byte 0 days old -- pagefile.sys
29/05/2008 22:24:02 (DIR)1071796224 byte 0 days old -- hiberfil.sys
29/05/2008 22:26:18 (DIR) 0 byte 0 days old -- WINDOWS
29/05/2008 23:05:09 (DIR) 0 byte 0 days old -- Program Files
29/05/2008 23:06:06 (DIR) 0 byte 0 days old -- Deckard
----- recent files in C:\WINDOWS\
15/05/2008 11:49:17 1208 byte 14 days old -- wininit.ini
19/05/2008 20:24:27 (DIR) 0 byte 10 days old -- $NtUninstallKB950749$
22/05/2008 11:36:24 614 byte 7 days old -- BM97e7ca65.txt
28/05/2008 10:31:38 (DIR) 0 byte 1 days old -- $hf_mig$
28/05/2008 11:45:54 (DIR) 0 byte 1 days old -- $NtUninstallKB932823-v3$
28/05/2008 11:46:01 (DIR) 0 byte 1 days old -- inf
28/05/2008 15:15:20 (DIR) 0 byte 1 days old -- network diagnostic
28/05/2008 19:34:14 (DIR) 0 byte 1 days old -- Installer
28/05/2008 20:19:50 (DIR) 0 byte 1 days old -- Debug
28/05/2008 20:19:50 (DIR) 0 byte 1 days old -- Minidump
29/05/2008 08:29:06 (DIR) 0 byte 0 days old -- pss
29/05/2008 15:56:21 (DIR) 0 byte 0 days old -- system32
29/05/2008 22:00:35 4776 byte 0 days old -- ModemLog_SoftV90 Data Fax Modem.txt
29/05/2008 22:04:22 227 byte 0 days old -- system.ini
29/05/2008 22:04:22 699 byte 0 days old -- win.ini
29/05/2008 22:23:07 32512 byte 0 days old -- SchedLgU.Txt
29/05/2008 22:24:04 2048 byte 0 days old -- bootstat.dat
29/05/2008 22:24:19 50 byte 0 days old -- wiaservc.log
29/05/2008 22:24:20 159 byte 0 days old -- wiadebug.log
29/05/2008 22:24:20 (DIR) 0 byte 0 days old -- Registration
29/05/2008 22:25:04 0 byte 0 days old -- 0.log
29/05/2008 22:28:45 32 byte 0 days old -- buff-out.r72
29/05/2008 23:05:03 1381167 byte 0 days old -- WindowsUpdate.log
29/05/2008 23:05:03 1212 byte 0 days old -- wmsetup.log
29/05/2008 23:06:15 (DIR) 0 byte 0 days old -- erdnt
29/05/2008 23:17:16 (DIR) 0 byte 0 days old -- Temp
29/05/2008 23:17:36 (DIR) 0 byte 0 days old -- Prefetch
29/05/2008 23:17:55 384 byte 0 days old -- jantje
29/05/2008 23:17:55 8304 byte 0 days old -- buff-in.ogf
29/05/2008 23:17:55 208 byte 0 days old -- buff-out.ogf
29/05/2008 23:17:55 32 byte 0 days old -- buff-in.r72
----- recent files in C:\WINDOWS\Downloaded Program Files\
----- recent files in C:\WINDOWS\system\
----- recent files in C:\WINDOWS\system32\
09/05/2008 23:35:04 16863864 byte 20 days old -- MRT.exe
10/05/2008 14:59:38 (DIR) 0 byte 19 days old -- Restore
10/05/2008 15:00:33 1 byte 19 days old -- kr_done1de
22/05/2008 11:35:17 0 byte 7 days old -- clkcnt.txt
28/05/2008 11:45:55 (DIR) 0 byte 1 days old -- dllcache
28/05/2008 16:12:57 (DIR) 0 byte 1 days old -- config
28/05/2008 19:14:36 (DIR) 0 byte 1 days old -- FlashAX
28/05/2008 19:31:37 6508 byte 1 days old -- jupdate-1.6.0_06-b02.log
28/05/2008 19:45:17 3072 byte 1 days old -- CONFIG.NT
28/05/2008 19:58:03 (DIR) 0 byte 1 days old -- drivers
29/05/2008 22:24:20 (DIR) 0 byte 0 days old -- CatRoot2
29/05/2008 22:26:12 2206 byte 0 days old -- wpa.dbl
----- recent files in C:\WINDOWS\system32\drivers\
05/05/2008 20:46:32 15864 byte 24 days old -- mbam.sys
05/05/2008 20:46:36 27048 byte 24 days old -- mbamcatchme.sys
28/05/2008 20:12:24 79424 byte 1 days old -- avipbb.sys
28/05/2008 23:19:07 (DIR) 0 byte 1 days old -- etc
----- recent files in C:\WINDOWS\temp\
----- recent files in C:\Program Files\
08/05/2008 14:41:33 (DIR) 0 byte 21 days old -- FileZilla FTP Client
09/05/2008 12:51:18 (DIR) 0 byte 20 days old -- Luxor 3
22/05/2008 10:18:57 (DIR) 0 byte 7 days old -- eMule
28/05/2008 12:25:53 (DIR) 0 byte 1 days old -- Malwarebytes' Anti-Malware
28/05/2008 19:30:08 (DIR) 0 byte 1 days old -- Fichiers communs
28/05/2008 19:31:37 (DIR) 0 byte 1 days old -- Java
28/05/2008 19:31:56 (DIR) 0 byte 1 days old -- Sun
28/05/2008 19:45:42 (DIR) 0 byte 1 days old -- Alwil Software
28/05/2008 19:58:02 (DIR) 0 byte 1 days old -- Avira
28/05/2008 20:18:39 (DIR) 0 byte 1 days old -- CCleaner
28/05/2008 20:21:52 (DIR) 0 byte 1 days old -- Yahoo!
29/05/2008 23:05:09 (DIR) 0 byte 0 days old -- Trend Micro
----- recent files in C:\Program Files\Fichiers communs\
28/05/2008 19:30:08 (DIR) 0 byte 1 days old -- Java
----- recent files in C:\Documents and Settings\Seb Elmon\Application Data\
02/05/2008 10:32:58 (DIR) 0 byte 27 days old -- Mozilla
07/05/2008 11:36:09 (DIR) 0 byte 22 days old -- Microsoft
08/05/2008 15:16:36 (DIR) 0 byte 21 days old -- FileZilla
11/05/2008 19:12:52 196 byte 18 days old -- G-Force Prefs (WindowsMediaPlayer).txt
22/05/2008 11:20:30 (DIR) 0 byte 7 days old -- uTorrent
28/05/2008 12:26:03 (DIR) 0 byte 1 days old -- Malwarebytes
----- recent files in C:\DOCUME~1\SEBELM~1\LOCALS~1\Temp\
29/05/2008 22:32:56 75460 byte 0 days old -- WCESLog.log
29/05/2008 23:17:26 25850 byte 0 days old -- WCESMgr.log
29/05/2008 23:17:26 16384 byte 0 days old -- ~DF3433.tmp
29/05/2008 23:17:26 76 byte 0 days old -- systemscan.ini
29/05/2008 23:17:26 (DIR) 0 byte 0 days old -- nsw29.tmp
===================== REGISTRY SCAN =====================
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Run-----
[run]
"ISUSScheduler"="\"C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe\" -start"
"ISUSPM Startup"="\"C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe\" -startup"
"GrooveMonitor"="\"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe\""
"ehTray"="C:\WINDOWS\ehome\ehtray.exe"
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon"
"avgnt"="\"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe\" /min"
"ATIPTA"="\"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe\""
"94d4f9f9"="rundll32.exe \"C:\WINDOWS\system32\asxpmbdj.dll\",b"
[run\OptionalComponents]
@=""
[run\OptionalComponents\IMAIL]
@=""
[run\OptionalComponents\MAPI]
@=""
[run\OptionalComponents\MSFS]
@=""
-----HKCU\Software\Microsoft\Windows\CurrentVersion\Run-----
[Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"H/PC Connection Agent"="\"C:\Program Files\Microsoft ActiveSync\wcescomm.exe\""
-----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-----
[Run]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----
[Run]
-----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----
[Run]
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----
[Windows]
"AppInit_DLLs"=""
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad-----
[ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
#### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
#### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
#### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"C:\WINDOWS\system32\webcheck.dll"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
#### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @="C:\WINDOWS\system32\stobject.dll"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
#### HKCR\CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}\InprocServer32 @="C:\WINDOWS\system32\WPDShServiceObj.dll"
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-----
[ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
#### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"
#### HKCR\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\InprocServer32 @="C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL"
-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----
[Winlogon]
"Shell"="Explorer.exe"
"System"=""
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"UIHost"=expand:"logonui.exe"
"LogonType"=dword:00000001
"WinStationsDisabled"="0"
[Winlogon\GPExtensions]
[Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
"@="Sans fil"
"DllName"=expand:"gptext.dll"
[Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
"@="Folder Redirection"
"DllName"=expand:"fdeploy.dll"
[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
"@="Quota du disque Microsoft"
"DllName"=expand:"dskquota.dll"
[Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
"@="Planificateur de paquets QoS"
"DllName"=expand:"gptext.dll"
[Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
"@="Scripts"
"DllName"=expand:"gptext.dll"
[Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
"@="Internet Explorer Zonemapping"
"DllName"=expand:"iedkcs32.dll"
[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="Security"
[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"DllName"="iedkcs32.dll"
"@="Internet Explorer Branding"
[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"DllName"=expand:"scecli.dll"
"@="EFS recovery"
[Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
"@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\System32\cscui.dll"
[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
"@="Installation de logiciel"
"DllName"=expand:"appmgmts.dll"
[Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
"@="Sécurité IP"
"DllName"=expand:"gptext.dll"
[Winlogon\Notify]
[Winlogon\Notify\crypt32chain]
"DllName"=expand:"crypt32.dll"
[Winlogon\Notify\cryptnet]
"DllName"=expand:"cryptnet.dll"
[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
[Winlogon\Notify\Schedule]
"DllName"=expand:"wlnotify.dll"
[Winlogon\Notify\sclgntfy]
"DllName"=expand:"sclgntfy.dll"
[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
[Winlogon\Notify\termsrv]
"DllName"=expand:"wlnotify.dll"
[Winlogon\Notify\WgaLogon]
"DllName"=expand:"WgaLogon.dll"
[Winlogon\Notify\WgaLogon\Settings]
[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
[Winlogon\SCLogon]
[Winlogon\SpecialAccounts]
[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
"ASPNET"=dword:00000000
-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----
[Winlogon]
"ParseAutoexec"="1"
"ExcludeProfileDirs"="Local Settings;Temporary Internet Files;Historique;Temp"
"BuildNumber"=dword:00000a28
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-----
[Image File Execution Options\Your Image File Name Here without a path]
"Debugger"="ntsd -d"
-----HKLM\System\CurrentControlSet\Control\Session Manager\-----
[Session Manager]
"BootExecute"=multi:"autocheck autochk *\00lsdelete\00\00"
[Session Manager\SubSystems]
"Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"
-----HKLM\SYSTEM\CurrentControlSet\Control\WOW-----
[WOW]
"cmdline"=expand:"%SystemRoot%\system32\ntvdm.exe"
"wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386"
-----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-----
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-----
[RunOnce]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-----
[RunServices]
-----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----
[RunServicesOnce]
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-----
[RunOnce]
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-----
[RunServices]
-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-----
-----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----
[RunServicesOnce]
-----HKLM\Software\Microsoft\Command Processor\Autorun-----
-----HKCU\Software\Microsoft\Command Processor\Autorun-----
-----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-----
-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup-----
-----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----
-----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-----
-----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-----
-----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-----
[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
#### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
#### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-----
[Browser Helper Objects]
[Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
#### HKCR\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\InprocServer32 @="C:\PROGRA~1\SPYBOT~1\SDHelper.dll"
[Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
#### HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InprocServer32 @="C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll"
[Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
#### HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InprocServer32 @="C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll"
[Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}]
#### HKCR\CLSID\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}\InprocServer32 @="C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll"
-----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-----
[URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
#### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @="C:\WINDOWS\system32\ieframe.dll"
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=""
-----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig-----
[MSConfig]
[MSConfig\services]
[MSConfig\startupfolder]
[MSConfig\startupreg]
[MSConfig\startupreg\94d4f9f9]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="asxpmbdj"
"hkey"="HKLM"
"command"="rundll32.exe \"C:\WINDOWS\system32\asxpmbdj.dll\",b"
"inimapping"="0"
[MSConfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="Reader_sl"
"hkey"="HKLM"
"command"="\"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe\""
"inimapping"="0"
[MSConfig\startupreg\SigmatelSysTrayApp]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="stsystra"
"hkey"="HKLM"
"command"="stsystra.exe"
"inimapping"="0"
[MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe\""
"inimapping"="0"
[MSConfig\state]
"system.ini"=dword:00000000
"win.ini"=dword:00000000
"bootini"=dword:00000000
"services"=dword:00000000
"startup"=dword:00000002
-----HKCU\Control Panel\Desktop\-----
[Desktop]
[Desktop\WindowMetrics]
-----HKEY_CLASSES_ROOT\exefile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\comfile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\batfile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\piffile\shell\open\command-----
[command]
@="\"%1\" %*"
-----HKEY_CLASSES_ROOT\scrFile\shell\open\command-----
[command]
@="\"%1\" /S"
-----HKEY_CLASSES_ROOT\htafile\shell\open\command-----
[Command]
@="C:\WINDOWS\system32\mshta.exe \"%1\" %*"
-----HKEY_CLASSES_ROOT\logfile\shell\open\command-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL-----
[URL]
[URL\DefaultPrefix]
@="http://"
[URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"
-----HKLM\SYSTEM\CurrentControlSet\Control\Lsa-----
[Lsa]
[Lsa\AccessProviders]
[Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"
[Lsa\Audit]
[Lsa\Audit\PerUserAuditing]
[Lsa\Audit\PerUserAuditing\System]
[Lsa\Data]
[Lsa\SSO]
[Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"
[Lsa\SspiCache]
[Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
[Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
[Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
-----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-----
[SharedAccess]
"DependOnGroup"=multi:"\00"
"DependOnService"=multi:"Netman\00WinMgmt\00\00"
"Description"="Assure la traduction d'adresses de réseau, l'adressage, les services de résolution de noms et/ou les services de prévention d'intrusion pour un réseau de petite entreprise ou un réseau domestique."
"DisplayName"="Pare-feu Windows / Partage de connexion Internet"
"ErrorControl"=dword:00000001
"ImagePath"=expand:"%SystemRoot%\System32\svchost.exe -k netsvcs"
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020
[SharedAccess\Epoch]
"Epoch"=dword:00002d27
[SharedAccess\Parameters]
"ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"
[SharedAccess\Parameters\FirewallPolicy]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts]
[SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP"="26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service"
[SharedAccess\Parameters\FirewallPolicy\RestrictedServices]
[SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static]
[SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000001
"DoNotAllowExceptions"=dword:00000000
"DisableNotifications"=dword:00000000
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\WYSIWYG\Bin\Wyg.exe"="C:\Program Files\WYSIWYG\Bin\Wyg.exe:*:Enabled:WYG Application"
"C:\Program Files\MA Lighting Technologies\grandMA 3D\GrandMA 3D.exe"="C:\Program Files\MA Lighting Technologies\grandMA 3D\GrandMA 3D.exe:*:Enabled:grandMA 3D"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Flying Pig Systems\Hog3PC\launcher-win32-golden.exe"="C:\Program Files\Flying Pig Systems\Hog3PC\launcher-win32-golden.exe:*:Enabled:Hog 3PC"
"C:\Program Files\Flying Pig Systems\Hog3PC\server-win32-golden.exe"="C:\Program Files\Flying Pig Systems\Hog3PC\server-win32-golden.exe:*:Enabled:Hog 3PC"
"C:\Program Files\Flying Pig Systems\Hog3PC\ob2000-win32-golden.exe"="C:\Program Files\Flying Pig Systems\Hog3PC\ob2000-win32-golden.exe:*:Enabled:Hog 3PC"
"C:\Program Files\Flying Pig Systems\Hog3PC\desktop-win32-golden.exe"="C:\Program Files\Flying Pig Systems\Hog3PC\desktop-win32-golden.exe:*:Enabled:Hog 3PC"
"C:\Program Files\Flying Pig Systems\Hog3PC\critical-win32-golden.exe"="C:\Program Files\Flying Pig Systems\Hog3PC\critical-win32-golden.exe:*:Enabled:Hog 3PC"
"C:\Program Files\Flying Pig Systems\Hog3PC\livecache-win32-golden.exe"="C:\Program Files\Flying Pig Systems\Hog3PC\livecache-win32-golden.exe:*:Enabled:Hog 3PC"
"C:\kav\kav7.0\english\setup.exe"="C:\kav\kav7.0\english\setup.exe:*:Enabled:Kaspersky Anti-Virus 7.0 Setup"
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
[SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22008"
"139:TCP"="139:TCP:LocalSubNet:Disaxxxxx@xxxxxres.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Disaxxxxx@xxxxxres.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Disaxxxxx@xxxxxres.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Disaxxxxx@xxxxxres.dll,-22002"
"26675:TCP"="26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service"
[SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001
[SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"All"=dword:00000001
-----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-----
-----HKLM\Software\Microsoft\Ole-----
[Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,5c,00,00,00,6c,00,00,00,00,00,00,00,\
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
"EnableDCOM"="Y"
[Ole\AppCompat]
[Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"
[Ole\NONREDIST]
"System.EnterpriseServices.Thunk.dll"=""
-----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\-----
[AU]
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-----
[Security Center]
"FirstRunDisabled"=dword:00000001
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
[Security Center\Monitoring]
[Security Center\Monitoring\AhnlabAntiVirus]
[Security Center\Monitoring\ComputerAssociatesAntiVirus]
[Security Center\Monitoring\KasperskyAntiVirus]
[Security Center\Monitoring\McAfeeAntiVirus]
[Security Center\Monitoring\McAfeeFirewall]
[Security Center\Monitoring\PandaAntiVirus]
[Security Center\Monitoring\PandaFirewall]
[Security Center\Monitoring\SophosAntiVirus]
[Security Center\Monitoring\SymantecAntiVirus]
[Security Center\Monitoring\SymantecFirewall]
[Security Center\Monitoring\TinyFirewall]
[Security Center\Monitoring\TrendAntiVirus]
[Security Center\Monitoring\TrendFirewall]
[Security Center\Monitoring\ZoneLabsFirewall]
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-----
[SystemRestore]
"DisableSR"=dword:00000000
"CreateFirstRunRp"=dword:00000001
"DSMin"=dword:000000c8
"DSMax"=dword:00000190
"RPSessionInterval"=dword:00000000
"RPGlobalInterval"=dword:00015180
"RPLifeInterval"=dword:0076a700
"CompressionBurst"=dword:0000003c
"TimerInterval"=dword:00000078
"DiskPercent"=dword:0000000c
"ThawInterval"=dword:00000384
"RestoreDiskSpaceError"=dword:00000000
"RestoreStatus"=dword:00000001
"RestoreSafeModeStatus"=dword:00000000
[SystemRestore\Cfg]
"DiskPercent"=dword:0000000c
"MachineGuid"="{C75D780B-5CD4-494E-AB96-5DA2A6677439}"
[SystemRestore\SnapshotCallbacks]
@=""
-----HKEY_CURRENT_USER\Software\VB and VBA Program Settings-----
-----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\-----
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----
[AdvancedOptions]
-----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----
-----HKLM\Software\Microsoft\Active Setup\Installed Components-----
[Installed Components]
[Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
"@="IE7 Uninstall Stub"
"ComponentID"="IEUDINIT"
"StubPath"="C:\WINDOWS\system32\ieudinit.exe"
[Installed Components\>{161C1725-D892-484A-9F8E-41B7C73BAA5F}]
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"
"@="Personnalisation du navigateur"
"ComponentID"="BRANDING.CAB"
[Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"Stubpath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"
"@="Microsoft Windows Media Player"
"ComponentID"="WMPACCESS"
[Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
"@="Internet Explorer"
"ComponentID"="IEACCESS"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig"
[Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"@="Browser Customizations"
"ComponentiD"="BRANDING.CAB"
"StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"
[Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
"@="Outlook Express"
"ComponentID"="OEACCESS"
"StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"
[Installed Components\KB910393]
"@="KB910393"
"ComponentID"="KB910393"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall"
[Installed Components\Microsoft Base Smart Card Crypto Provider Package]
[Installed Components\WriteRegStr]
[Installed Components\{0291E591-EA41-4c82-8106-3DC6CE7F7664}]
#### HKCR\CLSID\{0291E591-EA41-4c82-8106-3DC6CE7F7664}\InprocServer32 @="C:\PROGRA~1\Yahoo!\Common\yinsthelper.dll"
[Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}]
"@="Viewpoint Media Player"
"ComponentID"="Viewpoint"
[Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
"@="Java (Sun)"
"ComponentID"="JAVAVM"
"KeyFileName"="C:\Program Files\Java\jre1.6.0_06\bin\regutils.dll"
[Installed Components\{0fde1f56-0d59-4fd7-9624-e3df6b419d0e}]
"@="Fichier Lisez-moi d'Internet Explorer"
"ComponentID"="IEREADME"
[Installed Components\{0fde1f56-0d59-4fd7-9624-e3df6b419d0f}]
"@="IEEX"
"ComponentID"="IEEX"
[Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
"@="Rendu VML (Vector Graphics Rendering)"
"ComponentID"="MSVML"
[Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}]
"@="Viewpoint Media Player"
"ComponentID"="Viewpoint"
[Installed Components\{1BC46932-21B2-4130-86E0-B4EB4F7A7A7B}]
"@="Microsoft .NET Framework 1.0 Hotfix (KB887998)"
"ComponentID"="NDPKB887998"
[Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
#### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="NetShow"
"StubPath"=""
[Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
#### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
"ComponentID"="Windows Media Player"
"StubPath"=""
"@="Microsoft Windows Media Player 6.4"
[Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
"@="DirectAnimation"
"ComponentID"="DirectAnimation"
[Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
"@="Themes Setup"
"ComponentID"="Theme Component"
"StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"
[Installed Components\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}]
#### HKCR\CLSID\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}\InprocServer32 @="C:\PROGRA~1\Yahoo!\Common\yinsthelper.dll"
[Installed Components\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}]
#### HKCR\CLSID\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}\InprocServer32 @="C:\PROGRA~1\Yahoo!\Common\yinsthelper.dll"
[Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
"@="Liaison de données Dynamic HTML pour Java"
"ComponentID"="TridataJava"
[Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
"@="Offline Browsing Pack"
"ComponentID"="MobilePk"
[Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
"@="Uniscribe"
"ComponentID"="USP10"
[Installed Components\{407408d4-94ed-4d86-ab69-a7f649d112ee}]
"@="Media Center"
"ComponentID"="Media Center Shortcut"
"StubPath"=expand:"%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf"
[Installed Components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
"ComponentID"="S867460"
"@="Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)"
[Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
"@="Création avancée"
"ComponentID"="AdvAuth"
[Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"@="Microsoft Outlook Express 6"
"ComponentID"="MailNews"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"
[Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
"@="NetMeeting 3.01"
"ComponentID"="NetMeeting"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"
[Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
"@="DirectShow"
"ComponentID"="activemovie"
[Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
"@="DirectDrawEx"
"ComponentID"="DirectDrawEx"
[Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
"@="Internet Explorer Help"
"ComponentID"="HelpCont"
[Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
"@="Classes Java DirectAnimation"
"ComponentID"="DAJava"
[Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
"@="Microsoft Windows Script 5.7"
"ComponentID"="MSVBScript"
[Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
"KeyFileName"="C:\Program Files\Messenger\msmsgs.exe"
"@="Windows Messenger 4.7"
"ComponentID"="Messenger"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser"
[Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
"(Default)"="Internet Connection Wizard"
"ComponentID"="ICW"
[Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
"@="Internet Explorer Setup Tools"
"ComponentID"="GenSetup"
[Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
"@="Browsing Enhancements"
"ComponentID"="ExtraPack"
"KeyFileName"="C:\WINDOWS\system32\msieftp.dll"
[Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
#### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\system32\wmp.dll"
"@="Microsoft Windows Media Player"
"ComponentID"="Microsoft Windows Media Player"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub"
[Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
"@="MSN Site Access"
"ComponentID"="MSN_Auth"
[Installed Components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
"ComponentID"=".NETFramework"
"@=".NET Framework"
[Installed Components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}]
"@="Web Folders"
"ComponentID"="WebFolders"
[Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"@="Carnet d'adresses 6"
"ComponentID"="WAB"
"StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
"@="Mise à jour du Bureau Windows"
"ComponentID"="IE4Shell_NT"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
"@="Internet Explorer"
"ComponentID"="BASEIE40_W2K"
"StubPath"="C:\WINDOWS\system32\ie4uinit.exe -BaseSettings"
[Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]
[Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
"ComponentID"="DOTNETFRAMEWORKS"
"StubPath"="c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install"
[Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
"@="Fax"
"ComponentID"="Fax"
"StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser"
[Installed Components\{8D1D0E9A-C799-4D28-9E29-0061D1E66E43}]
"ComponentID"="M928366"
"@="Microsoft .NET Framework 1.1 Hotfix (KB928366)"
[Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
"@="Dynamic HTML Data Binding"
"ComponentID"="Tridata"
[Installed Components\{94de52c8-2d59-4f1b-883e-79663d2d9a8c}]
"@="Fax Provider"
"ComponentID"="Fax Provider"
"StubPath"="rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider"
[Installed Components\{9A394342-4A68-4EBA-85A6-55B559F4E700}]
"@=".NET Framework"
"ComponentID"=".NETFramework"
[Installed Components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]
[Installed Components\{B508B3F1-A24A-32C0-B310-85786919EF28}]
"ComponentID"=".NETFramework"
"@=".NET Framework"
[Installed Components\{BDE0FA43-6952-4BA8-8C58-09AF690F88E1}]
"@="Microsoft .NET Framework 1.0 Hotfix (KB930494)"
"ComponentID"="NDPKB930494"
[Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
"@="Internet Explorer Core Fonts"
"ComponentID"="Fontcore"
[Installed Components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
"ComponentID"=".NETFramework"
"@=".NET Framework"
[Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
"@="Planificateur de tâches"
"ComponentID"="MSTASK"
[Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
"ComponentID"="Windows Movie Maker v2.1"
[Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
"@="Adobe Flash Player"
"ComponentID"="Flash"
[Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
"@="HTML Help"
"ComponentID"="HTMLHelp"
[Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
"@="Active Directory Service Interface"
"ComponentID"="ADSI"
[Installed Components\{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}]
"ComponentID"=".NETFramework"
"@=".NET Framework"
[Installed Components\{F5776D81-AE53-4935-8E84-B0B283D8BCEF}]
"@="Mise à jours cumulée de sécurité OE Avril 2003"
"ComponentID"="CUSTOM2"
[Installed Components\{FDC11A6F-17D1-48f9-9EA3-9051954BAA24}]
"@=".NET Framework"
"ComponentID"=".NETFramework"
-----Comparing registry keys CCS1 vs CCS2 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services
Result compared: Identical
-----Comparing registry keys CCS1 vs CCS3 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {44A97F48-C35D-4E71-8945-283E62E16E51} REG_BINARY 36000000000000000400000000000000D6A66648A9FE020133000000000000000400000000000000D6A6664800278D003B000000000000000400000000000000D6A6664800229B603A000000000000000400000000000000D6A666480013C68001000000000000000400000000000000D6A66648FFFFFF0035000000000000000100000000000000D6A6664805000000
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Dhcp\Parameters {44A97F48-C35D-4E71-8945-283E62E16E51} REG_BINARY FC00000000000000000000000000000024113F4836000000000000000400000000000000E59D6648A9FE020133000000000000000400000000000000E59D664800278D003B000000000000000400000000000000E59D664800229B603A000000000000000400000000000000E59D66480013C68001000000000000000400000000000000E59D6648FFFFFF0035000000000000000100000000000000E59D664805000000
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\DS
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\LSA
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\NetDDE Object
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\SC Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Security
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Security Account Manager
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Spooler
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\HTTP\Parameters\Synchronize
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\MRxDAV\EncryptedDirectories
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\mssmbios\Data
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Epoch Epoch REG_DWORD 11559 (0x2D27)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\SharedAccess\Epoch Epoch REG_DWORD 11553 (0x2D21)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters DhcpNameServer REG_SZ 212.27.54.252 212.27.53.252
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{44A97F48-C35D-4E71-8945-283E62E16E51} LeaseObtainedTime REG_DWORD 1212094934 (0x483F19D6)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{44A97F48-C35D-4E71-8945-283E62E16E51} LeaseObtainedTime REG_DWORD 1212092645 (0x483F10E5)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{44A97F48-C35D-4E71-8945-283E62E16E51} T1 REG_DWORD 1213390934 (0x4852E056)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{44A97F48-C35D-4E71-8945-283E62E16E51} T1 REG_DWORD 1213388645 (0x4852D765)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{44A97F48-C35D-4E71-8945-283E62E16E51} T2 REG_DWORD 1214362934 (0x4861B536)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{44A97F48-C35D-4E71-8945-283E62E16E51} T2 REG_DWORD 1214360645 (0x4861AC45)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{44A97F48-C35D-4E71-8945-283E62E16E51} LeaseTerminatesTime REG_DWORD 1214686934 (0x4866A6D6)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{44A97F48-C35D-4E71-8945-283E62E16E51} LeaseTerminatesTime REG_DWORD 1214684645 (0x48669DE5)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{44A97F48-C35D-4E71-8945-283E62E16E51} DhcpRetryTime REG_DWORD 1295997 (0x13C67D)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{44A97F48-C35D-4E71-8945-283E62E16E51} DhcpRetryTime REG_DWORD 1295998 (0x13C67E)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{44A97F48-C35D-4E71-8945-283E62E16E51}\Parameters\Tcpip LeaseObtainedTime REG_DWORD 1212094934 (0x483F19D6)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\{44A97F48-C35D-4E71-8945-283E62E16E51}\Parameters\Tcpip LeaseObtainedTime REG_DWORD 1212092645 (0x483F10E5)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{44A97F48-C35D-4E71-8945-283E62E16E51}\Parameters\Tcpip T1 REG_DWORD 1213390934 (0x4852E056)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\{44A97F48-C35D-4E71-8945-283E62E16E51}\Parameters\Tcpip T1 REG_DWORD 1213388645 (0x4852D765)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{44A97F48-C35D-4E71-8945-283E62E16E51}\Parameters\Tcpip T2 REG_DWORD 1214362934 (0x4861B536)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\{44A97F48-C35D-4E71-8945-283E62E16E51}\Parameters\Tcpip T2 REG_DWORD 1214360645 (0x4861AC45)
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{44A97F48-C35D-4E71-8945-283E62E16E51}\Parameters\Tcpip LeaseTerminatesTime REG_DWORD 1214686934 (0x4866A6D6)
> Value: HKEY_LOCAL_MACHINE\system\controlset003\services\{44A97F48-C35D-4E71-8945-283E62E16E51}\Parameters\Tcpip LeaseTerminatesTime REG_DWORD 1214684645 (0x48669DE5)
Result compared: Different
===================== SUSPICIOUS FILES =====================
EXE and DLL files packed with runtime packers, found in: C:\; C:\WINDOWS\; C:\WINDOWS\system32\
C:\WINDOWS\Nircmd.exe --> is compressed with UPX
C:\WINDOWS\swreg.exe --> is compressed with UPX
C:\WINDOWS\swsc.exe --> is compressed with UPX
==========================================
Scan completed in 1,1 minutes
End of report
~~~~~~~~~~~~~~~~~~~~~-----CREDITS-----~~~~~~~~~~~~~~~~~~~~~
SystemScan uses some freeware tools that remain property of their authors:
* SteelWerX Registry Console Tool, Who Am I (Bobby Flekman: www.xs4all.nl/~fstaal01) --> "Registry scan", "PC accounts "
* dumphive (Markus Stephany)--> "Registry scan"
* Listdlls (M.Russinovich, B.Cogswell: www.sysinternals.com) --> "Loaded modules"
* Catchme & MBR Rootkit detector (gmer: www.gmer.net) --> "Hidden objects", "Alternate Data Streams" & "Master Boot Record"
---> NOTE: SystemScan integrates "The Avenger" from Swandog46 (http://swandog46.geekstogo.com) to allow you to remove malwares found in this log
Thanks to all of them for their hard work