Infection spyware
Résolu
une fille paumée
-
une fille paumée -
une fille paumée -
Bonjour,
voial je pense que mon ordinateur est infercté de spyware. je recoit des alertes pour me dire que mon ordinateur est infercté du genre :
http://img73.imageshack.us/img73/138/alertevirusfa4.png
pouvez vous m'aider a les enlever stp?
merci de votre réponse
voial je pense que mon ordinateur est infercté de spyware. je recoit des alertes pour me dire que mon ordinateur est infercté du genre :
http://img73.imageshack.us/img73/138/alertevirusfa4.png
pouvez vous m'aider a les enlever stp?
merci de votre réponse
A voir également:
- Infection spyware
- Spyware doctor - Télécharger - Antivirus & Antimalwares
- Spyware terminator - Télécharger - Antivirus & Antimalwares
- Spyware blaster - Télécharger - Antivirus & Antimalwares
- Anti spyware gratuit - Télécharger - Antivirus & Antimalwares
- Anti spyware - Télécharger - Antivirus & Antimalwares
59 réponses
re
dans le mode mse tout va bien puis il redémare et la il ne se passe lus rien il redémare normalement et sdfix ne s'enclenche pas
dans le mode mse tout va bien puis il redémare et la il ne se passe lus rien il redémare normalement et sdfix ne s'enclenche pas
Re ( again & again )
bon.
SDFIX doit être lancé en mode sans echec , alors je ne comprend pas ce que tu veux dire.
A++
bon.
dans le mode mse tout va bien puis il redémare et la il ne se passe lus rien il redémare normalement et sdfix ne s'enclenche pas
SDFIX doit être lancé en mode sans echec , alors je ne comprend pas ce que tu veux dire.
A++
→ Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd ( ou Runthis.bat ) pour lancer le scrïpt.
→ Appuie sur Y pour commencer le processus de nettoyage.
→ Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
→ Appuie sur une touche pour redémarrer le PC.
jusque la tout a bien fonctionner
→ Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
→ Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
mais la je n'obtient jamais l'affichage Finished
→ Appuie sur Y pour commencer le processus de nettoyage.
→ Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
→ Appuie sur une touche pour redémarrer le PC.
jusque la tout a bien fonctionner
→ Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
→ Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
mais la je n'obtient jamais l'affichage Finished
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
merci
[b]SDFix: Version 1.194 [/b]
Run by Administrateur on 18/06/2008 at 18:46
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
[b]Name [/b]:
cmdService
MsSecurity1.209.4
Network Monitor
[b]Path [/b]:
cmdService - Deleted
MsSecurity1.209.4 - Deleted
Network Monitor - Deleted
Killing PID 804 'iftuyszv.exe'
Killing PID 760 'iftuyszv.exe'
Restoring Windows Registry Values
Restoring Windows Default Hosts File
[b]SDFix: Version 1.194 [/b]
Run by Administrateur on 18/06/2008 at 18:46
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
[b]Name [/b]:
cmdService
MsSecurity1.209.4
Network Monitor
[b]Path [/b]:
cmdService - Deleted
MsSecurity1.209.4 - Deleted
Network Monitor - Deleted
Killing PID 804 'iftuyszv.exe'
Killing PID 760 'iftuyszv.exe'
Restoring Windows Registry Values
Restoring Windows Default Hosts File
re
voici le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:32:08, on 18/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\portsv.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ErreurChasseur\ucookw.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\SmartCom\rtegprs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\WINDOWS\system32\mcntpkdn.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\HijackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fmsger%2ftabs%2f_pictos%2fcoca%2fPictoCoke02.png%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ErreurChasseur] C:\Program Files\ErreurChasseur\SysRep.exe
O4 - HKLM\..\Run: [cwriter] C:\Program Files\ErreurChasseur\ucookw.exe
O4 - HKLM\..\Run: [{2dbb2698-8089-55ac-fd6b-0cf36e86a753}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{b59b4733-a217-1d58-94e9-cb72cb6e4076}.dll" DllStart
O4 - HKLM\..\Run: [f4a1cd61] rundll32.exe "C:\WINDOWS\system32\jjhdwrce.dll",b
O4 - HKLM\..\Run: [SDFix] C:\SDFix\RunThis.bat /second
O4 - HKLM\..\Run: [BMf792fefd] Rundll32.exe "C:\WINDOWS\system32\yeehvfyy.dll",s
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\mcntpkdn.exe DWram1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\SmartCom\rtegprs.exe" tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\mcntpkdn.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rwwnw64d.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: VP-EYE.lnk = C:\VP-EYE\control\vpeyev4.exe
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Post Image to Blog - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Transload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5004
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5001
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\WINDOWS\portsv.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
voici le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:32:08, on 18/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\portsv.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ErreurChasseur\ucookw.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\SmartCom\rtegprs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\WINDOWS\system32\mcntpkdn.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\HijackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fmsger%2ftabs%2f_pictos%2fcoca%2fPictoCoke02.png%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ErreurChasseur] C:\Program Files\ErreurChasseur\SysRep.exe
O4 - HKLM\..\Run: [cwriter] C:\Program Files\ErreurChasseur\ucookw.exe
O4 - HKLM\..\Run: [{2dbb2698-8089-55ac-fd6b-0cf36e86a753}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{b59b4733-a217-1d58-94e9-cb72cb6e4076}.dll" DllStart
O4 - HKLM\..\Run: [f4a1cd61] rundll32.exe "C:\WINDOWS\system32\jjhdwrce.dll",b
O4 - HKLM\..\Run: [SDFix] C:\SDFix\RunThis.bat /second
O4 - HKLM\..\Run: [BMf792fefd] Rundll32.exe "C:\WINDOWS\system32\yeehvfyy.dll",s
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\mcntpkdn.exe DWram1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\SmartCom\rtegprs.exe" tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\mcntpkdn.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rwwnw64d.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: VP-EYE.lnk = C:\VP-EYE\control\vpeyev4.exe
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Post Image to Blog - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Transload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5004
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5001
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\WINDOWS\portsv.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
Re ,
on va faire court :)
*************************************************************
/!\ Outils très puissant , ne pas reproduire la manip ci-dessous sur son pc sans y avoir été autorisé par une personne compétente /!\
_________________________________________________
1)Désactive ta restauration système
Clic sur « Démarrer »
Clic droit sur « Poste de travail », puis sur « Propriétés »,
Vas sur l’onglet « Restauration système »
Tu y coches la case « Désactiver la restauration »
Termine par [Appliquer] [OK]
_________________________________________________
2)Télécharge ComboFix ici → http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Et enregistre le sur le bureau >>> /!\ IMPORTANT /!\
Regardes ici, si tu souhaites te familiariser avec son utilisation: https://www.google.fr/?gws_rd=ssl
AVANT d'utiliser ComboFix :
→ Déconnecte ton PC d'Internet et referme les fenêtres de tous les programmes en cours. /!\
→ Désactive provisoirement (et seulement le temps de l'utilisation de ComboFix), la protection en temps réel de ton Antivirus et de tes Antispywares et de TOUT tes logiciels de protection !!!, (activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil). /!\
3)Sur ton bureau double clic sur Combofix.exe.
Appuies sur la touche 1, pour que le programme commence à s'exécuter et suis les instructions à l'écran.
/!\ PENDANT TOUTE la durée (ça peut être assez long si le pc est très infecté) du scan de ComboFix, n'ouvres aucun programme, ne touche pas à ta souris et ne surfe pas sur le net /!\
Soit patient (même si tu penses que le PC est arrêté) ; les temps « d'arrêt apparent » sont parfois de plusieurs minutes (il y a ± 40 étapes d’analyse).
En cours de nettoyage il est possible, que tu reçoives un avertissement te disant que le pc va redémarrer, laisse le faire.
Après le redemarrage du pc, un rapport s'ouvrira dans le Bloc notes en fin d'analyse, copie et colle tout son contenu dans ton prochain message.
(Le fichier rapport Combofix.txt , est ensuite automatiquement sauvegardé dans C:\Combofix.txt)
_________________________________________________
4)Ensuite réactive ta restauration système
Clic droit sur « Poste de travail », puis sur « Propriétés »,
Vas sur l’onglet « Restauration système »
Tu décoches la case « Désactiver la restauration »
Termine par [Appliquer] [OK]
_________________________________________________
Tutorial ( aide ):
http://bibou0007.com/outils-specifiques-f78/tutorial-combofix-t121.htm
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
*************************************************************
A++
on va faire court :)
*************************************************************
/!\ Outils très puissant , ne pas reproduire la manip ci-dessous sur son pc sans y avoir été autorisé par une personne compétente /!\
_________________________________________________
1)Désactive ta restauration système
Clic sur « Démarrer »
Clic droit sur « Poste de travail », puis sur « Propriétés »,
Vas sur l’onglet « Restauration système »
Tu y coches la case « Désactiver la restauration »
Termine par [Appliquer] [OK]
_________________________________________________
2)Télécharge ComboFix ici → http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Et enregistre le sur le bureau >>> /!\ IMPORTANT /!\
Regardes ici, si tu souhaites te familiariser avec son utilisation: https://www.google.fr/?gws_rd=ssl
AVANT d'utiliser ComboFix :
→ Déconnecte ton PC d'Internet et referme les fenêtres de tous les programmes en cours. /!\
→ Désactive provisoirement (et seulement le temps de l'utilisation de ComboFix), la protection en temps réel de ton Antivirus et de tes Antispywares et de TOUT tes logiciels de protection !!!, (activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil). /!\
3)Sur ton bureau double clic sur Combofix.exe.
Appuies sur la touche 1, pour que le programme commence à s'exécuter et suis les instructions à l'écran.
/!\ PENDANT TOUTE la durée (ça peut être assez long si le pc est très infecté) du scan de ComboFix, n'ouvres aucun programme, ne touche pas à ta souris et ne surfe pas sur le net /!\
Soit patient (même si tu penses que le PC est arrêté) ; les temps « d'arrêt apparent » sont parfois de plusieurs minutes (il y a ± 40 étapes d’analyse).
En cours de nettoyage il est possible, que tu reçoives un avertissement te disant que le pc va redémarrer, laisse le faire.
Après le redemarrage du pc, un rapport s'ouvrira dans le Bloc notes en fin d'analyse, copie et colle tout son contenu dans ton prochain message.
(Le fichier rapport Combofix.txt , est ensuite automatiquement sauvegardé dans C:\Combofix.txt)
_________________________________________________
4)Ensuite réactive ta restauration système
Clic droit sur « Poste de travail », puis sur « Propriétés »,
Vas sur l’onglet « Restauration système »
Tu décoches la case « Désactiver la restauration »
Termine par [Appliquer] [OK]
_________________________________________________
Tutorial ( aide ):
http://bibou0007.com/outils-specifiques-f78/tutorial-combofix-t121.htm
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
*************************************************************
A++
re
je suis désolée pour le retard :
ComboFix 08-06-16.5 - utilisateur 2008-06-18 21:04:39.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.428 [GMT 2:00]
Endroit: D:\Documents and Settings\utilisateur\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\network monitor
C:\Program Files\SpyMaxx
C:\Temp\1cb
C:\WINDOWS\444.470
C:\WINDOWS\BMf792fefd.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\lfn.exe
C:\WINDOWS\mainms.vpi
C:\WINDOWS\portsv.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ecrwdhjj.ini
C:\WINDOWS\system32\efcATJAt.dll
C:\WINDOWS\system32\gside.exe
C:\WINDOWS\system32\jjhdwrce.dll
C:\WINDOWS\system32\mcntmadm.exe
C:\WINDOWS\system32\mcntpkdm.exe
C:\WINDOWS\system32\mcntpkdn.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mlnTEfhk.ini
C:\WINDOWS\system32\mlnTEfhk.ini2
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
C:\WINDOWS\system32\qhdbgoou.ini
C:\WINDOWS\system32\tcntaxdn.exe
C:\WINDOWS\system32\troqtuut.dll
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\yeehvfyy.dll
C:\WINDOWS\system32\zxdnt3d.cfg
D:\Documents and Settings\LocalService\Application Data\NetMon
D:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
D:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_PlugPlayRPC
-------\Service_PlugPlayRPC
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-18 to 2008-06-18 ))))))))))))))))))))))))))))))))))))
.
2008-06-18 17:45 . 2008-06-18 17:45 <REP> d-------- C:\WINDOWS\ERUNT
2008-06-18 17:40 . 2008-06-18 18:49 <REP> d-------- C:\SDFix
2008-06-18 16:45 . 2004-08-17 02:55 <REP> d--h----- D:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-06-18 16:45 . 2004-08-17 02:55 <REP> d--h----- D:\Documents and Settings\Administrateur\Voisinage d'impression
2008-06-18 16:45 . 2005-09-03 06:51 <REP> d--h----- D:\Documents and Settings\Administrateur\ModŠles
2008-06-18 16:45 . 2005-09-02 22:21 <REP> dr------- D:\Documents and Settings\Administrateur\Mes documents
2008-06-18 16:45 . 2005-09-03 06:51 <REP> dr------- D:\Documents and Settings\Administrateur\Menu D‚marrer
2008-06-18 16:45 . 2005-09-02 22:09 <REP> dr------- D:\Documents and Settings\Administrateur\Favoris
2008-06-18 16:45 . 2008-06-18 21:09 <REP> dr------- D:\Documents and Settings\Administrateur\Bureau
2008-06-18 16:45 . 2005-09-02 22:08 <REP> d-------- D:\Documents and Settings\Administrateur\Application Data\You've Got Pictures Screensaver
2008-06-18 16:45 . 2005-09-02 22:11 <REP> d-------- D:\Documents and Settings\Administrateur\Application Data\Symantec
2008-06-18 16:45 . 2008-06-18 16:45 <REP> d-------- D:\Documents and Settings\Administrateur
2008-06-18 16:08 . 2008-06-18 19:32 <REP> d-------- C:\HijackThis
2008-06-18 13:26 . 2008-06-18 14:56 <REP> d-------- C:\Program Files\Navilog1
2008-06-18 09:31 . 2008-06-18 09:31 90,923 --a------ C:\WINDOWS\system32\xeogxsjcbyocwdbc.dll-uninst.exe
2008-06-18 09:30 . 2008-06-18 18:07 <REP> d-------- C:\WINDOWS\system32\netrax18
2008-06-18 09:28 . 2008-06-18 09:28 49,188 --a------ C:\WINDOWS\system32\jownw64o.exe
2008-06-17 18:52 . 2008-06-17 18:52 401,972 --a------ C:\WINDOWS\system32\g4.exe
2008-06-17 18:52 . 2008-06-17 18:53 63,918 --a------ C:\WINDOWS\system32\{b59b4733-a217-1d58-94e9-cb72cb6e4076}.dll-uninst.exe
2008-06-17 17:07 . 2008-06-17 17:07 <REP> dr------- D:\Documents and Settings\All Users\Application Data\SalesMon
2008-06-17 17:07 . 2008-06-17 17:07 <REP> dr------- D:\Documents and Settings\All Users\Application Data\erreurchasseur
2008-06-17 17:07 . 2008-06-17 17:07 <REP> d-------- C:\Program Files\Fichiers communs\ErreurChasseur
2008-06-17 17:07 . 2008-06-17 17:07 <REP> d-------- C:\Program Files\ErreurChasseur
2008-06-17 17:06 . 2008-06-17 17:06 263,192 --a------ D:\Documents and Settings\utilisateur\Application Data\setup_fr[1].exe
2008-06-17 16:45 . 2008-06-18 20:38 <REP> d-------- C:\WINDOWS\system32\2690
2008-06-17 15:42 . 2008-06-17 15:42 296,448 --a------ C:\WINDOWS\system32\khfETnlm.dll
2008-06-17 15:37 . 2008-06-17 15:37 <REP> dr------- D:\Documents and Settings\LocalService\Favoris
2008-06-17 15:37 . 2008-06-18 18:07 <REP> d-------- C:\WINDOWS\system32\netrax05
2008-06-17 15:37 . 2008-06-17 15:37 <REP> d-------- C:\WINDOWS\system32\MRI
2008-06-17 15:37 . 2008-06-17 15:37 <REP> d-------- C:\WINDOWS\system32\goc
2008-06-17 15:37 . 2008-06-17 15:37 <REP> d-------- C:\WINDOWS\system32\ert
2008-06-17 15:37 . 2008-06-18 18:07 <REP> d-------- C:\WINDOWS\dXRpbGlzYXRldXI
2008-06-17 15:37 . 2008-06-17 15:37 <REP> d-------- C:\Temp\itmp4
2008-06-17 15:37 . 2008-06-18 21:05 <REP> d-------- C:\Temp
2008-06-17 15:37 . 2008-06-17 15:37 52,224 ---hs---- D:\Documents and Settings\utilisateur\lsass.exe
2008-06-15 20:59 . 2008-06-15 20:59 <REP> d-------- C:\Program Files\Fichiers communs\Adobe AIR
2008-06-15 20:59 . 2008-06-15 20:59 <REP> d-------- C:\Program Files\Adobe Media Player
2008-06-13 14:30 . 2008-06-18 09:39 <REP> d-------- C:\Program Files\eMule
2008-06-11 19:01 . 2008-04-14 17:52 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 19:01 . 2008-04-14 17:52 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-07 09:47 . 2008-06-07 09:47 444,416 --a------ C:\WINDOWS\system32\xeogxsjcbyocwdbc.dll
2008-05-27 15:46 . 2008-05-27 15:46 371,200 --a------ C:\WINDOWS\system32\{b59b4733-a217-1d58-94e9-cb72cb6e4076}.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-18 19:08 --------- d-----w D:\Documents and Settings\utilisateur\Application Data\OpenOffice.org2
2008-06-17 15:47 --------- d-----w D:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-17 13:53 --------- d-----w C:\Program Files\Incomplete
2008-06-17 11:55 --------- d-----w D:\Documents and Settings\utilisateur\Application Data\LimeWire
2008-06-09 16:30 1,494 ----a-w D:\Documents and Settings\utilisateur\Application Data\filterclsid.dat
2008-05-17 20:04 --------- d-----w C:\Program Files\SopCast
2008-05-17 19:51 --------- d-----w C:\Program Files\TVAnts
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-03-05 09:24 61,808 ----a-w D:\Documents and Settings\utilisateur\Application Data\GDIPFONTCACHEV1.DAT
2008-02-13 17:29 61,224 ----a-w D:\Documents and Settings\utilisateur\GoToAssistDownloadHelper.exe
2008-02-20 08:11 88 --sh--r C:\WINDOWS\system32\B93113129F.sys
2008-02-20 08:11 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4C6F882F-8680-4AD3-BFB2-1A4124955EA9}]
2008-06-17 15:42 296448 --a------ C:\WINDOWS\system32\khfETnlm.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a457366b-23f1-06a2-c8cc-542111709178}]
2008-06-07 09:47 444416 --a------ C:\WINDOWS\system32\xeogxsjcbyocwdbc.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca755283-fdea-eb48-77ff-5e088a2a8cc5}]
2008-05-27 15:46 371200 --a------ C:\WINDOWS\system32\{b59b4733-a217-1d58-94e9-cb72cb6e4076}.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"RTEGPRS"="C:\Program Files\Fichiers communs\SmartCom\rtegprs.exe" [2006-01-13 18:19 2293760]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-16 20:28 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 14:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00 455168]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-08 16:55 57344]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 21:05 339968]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 13:25 14720000 C:\WINDOWS\RTHDCPL.EXE]
"Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 11:43 90112]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 13:48 127118]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 11:31 24576]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-09-14 18:08 24576]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2004-09-14 18:08 49152]
"Ulead AutoDetector"="C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-03-24 19:29 45056]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2003-09-29 08:10 81990]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2003-09-10 04:11 135251]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-09-02 22:14 180269]
"BigDog305"="C:\WINDOWS\VM305_STI.exe" [2005-08-05 15:15 61440]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-19 07:55 1838592]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 21:16 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 19:36 267048]
"ErreurChasseur"="C:\Program Files\ErreurChasseur\SysRep.exe" [2008-05-22 18:12 1761792]
"cwriter"="C:\Program Files\ErreurChasseur\ucookw.exe" [2008-05-26 13:41 237056]
"{2dbb2698-8089-55ac-fd6b-0cf36e86a753}"="C:\WINDOWS\system32\{b59b4733-a217-1d58-94e9-cb72cb6e4076}.dll" [2008-05-27 15:46 371200]
"SDFix"="C:\SDFix\RunThis.bat /second" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\mpegacm.acm
"MSACM.MI-SC4"= MI-SC4.acm
[HKLM\~\startupfolder\D:^Documents and Settings^utilisateur^Menu Démarrer^Programmes^Démarrage^SM.lnk]
path=D:\Documents and Settings\utilisateur\Menu Démarrer\Programmes\Démarrage\SM.lnk
backup=C:\WINDOWS\pss\SM.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2005-06-29 19:09 17605160 C:\APPS\skype\phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\APPS\\Inventime\\my.exe"=
"C:\\Program Files\\WebEye\\WebEye.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\PPStream\\PPStream.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\APPS\\skype\\phone\\Skype.exe"=
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-05-27 12:51]
S3 mu05bus;Sagem Communication Mobile Platform MU2005 driver (WDM);C:\WINDOWS\system32\DRIVERS\mu05bus.sys [2005-08-01 22:42]
S3 mu05mdfl;Sagem Communication MU2005 CDC WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\mu05mdfl.sys [2005-08-01 22:44]
S3 mu05mdm;Sagem Communication MU2005 CDC WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\mu05mdm.sys [2005-08-01 22:44]
S3 mu05mgmt;Sagem Communication MU2005 CDC WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\mu05mgmt.sys [2005-08-01 22:45]
S3 mu05obex;Sagem Communication MU2005 CDC WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\mu05obex.sys [2005-08-01 22:46]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 13:44]
S3 ZSMC0305;VIMICRO USB PC Camera V;C:\WINDOWS\system32\Drivers\usbVM305.sys [2005-11-30 12:50]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26c01128-2ced-11da-8fa1-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-06-17 16:13:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-18 17:30:00 C:\WINDOWS\Tasks\Configurer mon PC.job"
- C:\Apps\SMP\PCSETUP.EXE
"2005-09-24 11:24:10 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-06-18 18:22:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
je suis désolée pour le retard :
ComboFix 08-06-16.5 - utilisateur 2008-06-18 21:04:39.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.428 [GMT 2:00]
Endroit: D:\Documents and Settings\utilisateur\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\network monitor
C:\Program Files\SpyMaxx
C:\Temp\1cb
C:\WINDOWS\444.470
C:\WINDOWS\BMf792fefd.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\lfn.exe
C:\WINDOWS\mainms.vpi
C:\WINDOWS\portsv.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ecrwdhjj.ini
C:\WINDOWS\system32\efcATJAt.dll
C:\WINDOWS\system32\gside.exe
C:\WINDOWS\system32\jjhdwrce.dll
C:\WINDOWS\system32\mcntmadm.exe
C:\WINDOWS\system32\mcntpkdm.exe
C:\WINDOWS\system32\mcntpkdn.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mlnTEfhk.ini
C:\WINDOWS\system32\mlnTEfhk.ini2
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
C:\WINDOWS\system32\qhdbgoou.ini
C:\WINDOWS\system32\tcntaxdn.exe
C:\WINDOWS\system32\troqtuut.dll
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\yeehvfyy.dll
C:\WINDOWS\system32\zxdnt3d.cfg
D:\Documents and Settings\LocalService\Application Data\NetMon
D:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
D:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_PlugPlayRPC
-------\Service_PlugPlayRPC
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-18 to 2008-06-18 ))))))))))))))))))))))))))))))))))))
.
2008-06-18 17:45 . 2008-06-18 17:45 <REP> d-------- C:\WINDOWS\ERUNT
2008-06-18 17:40 . 2008-06-18 18:49 <REP> d-------- C:\SDFix
2008-06-18 16:45 . 2004-08-17 02:55 <REP> d--h----- D:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-06-18 16:45 . 2004-08-17 02:55 <REP> d--h----- D:\Documents and Settings\Administrateur\Voisinage d'impression
2008-06-18 16:45 . 2005-09-03 06:51 <REP> d--h----- D:\Documents and Settings\Administrateur\ModŠles
2008-06-18 16:45 . 2005-09-02 22:21 <REP> dr------- D:\Documents and Settings\Administrateur\Mes documents
2008-06-18 16:45 . 2005-09-03 06:51 <REP> dr------- D:\Documents and Settings\Administrateur\Menu D‚marrer
2008-06-18 16:45 . 2005-09-02 22:09 <REP> dr------- D:\Documents and Settings\Administrateur\Favoris
2008-06-18 16:45 . 2008-06-18 21:09 <REP> dr------- D:\Documents and Settings\Administrateur\Bureau
2008-06-18 16:45 . 2005-09-02 22:08 <REP> d-------- D:\Documents and Settings\Administrateur\Application Data\You've Got Pictures Screensaver
2008-06-18 16:45 . 2005-09-02 22:11 <REP> d-------- D:\Documents and Settings\Administrateur\Application Data\Symantec
2008-06-18 16:45 . 2008-06-18 16:45 <REP> d-------- D:\Documents and Settings\Administrateur
2008-06-18 16:08 . 2008-06-18 19:32 <REP> d-------- C:\HijackThis
2008-06-18 13:26 . 2008-06-18 14:56 <REP> d-------- C:\Program Files\Navilog1
2008-06-18 09:31 . 2008-06-18 09:31 90,923 --a------ C:\WINDOWS\system32\xeogxsjcbyocwdbc.dll-uninst.exe
2008-06-18 09:30 . 2008-06-18 18:07 <REP> d-------- C:\WINDOWS\system32\netrax18
2008-06-18 09:28 . 2008-06-18 09:28 49,188 --a------ C:\WINDOWS\system32\jownw64o.exe
2008-06-17 18:52 . 2008-06-17 18:52 401,972 --a------ C:\WINDOWS\system32\g4.exe
2008-06-17 18:52 . 2008-06-17 18:53 63,918 --a------ C:\WINDOWS\system32\{b59b4733-a217-1d58-94e9-cb72cb6e4076}.dll-uninst.exe
2008-06-17 17:07 . 2008-06-17 17:07 <REP> dr------- D:\Documents and Settings\All Users\Application Data\SalesMon
2008-06-17 17:07 . 2008-06-17 17:07 <REP> dr------- D:\Documents and Settings\All Users\Application Data\erreurchasseur
2008-06-17 17:07 . 2008-06-17 17:07 <REP> d-------- C:\Program Files\Fichiers communs\ErreurChasseur
2008-06-17 17:07 . 2008-06-17 17:07 <REP> d-------- C:\Program Files\ErreurChasseur
2008-06-17 17:06 . 2008-06-17 17:06 263,192 --a------ D:\Documents and Settings\utilisateur\Application Data\setup_fr[1].exe
2008-06-17 16:45 . 2008-06-18 20:38 <REP> d-------- C:\WINDOWS\system32\2690
2008-06-17 15:42 . 2008-06-17 15:42 296,448 --a------ C:\WINDOWS\system32\khfETnlm.dll
2008-06-17 15:37 . 2008-06-17 15:37 <REP> dr------- D:\Documents and Settings\LocalService\Favoris
2008-06-17 15:37 . 2008-06-18 18:07 <REP> d-------- C:\WINDOWS\system32\netrax05
2008-06-17 15:37 . 2008-06-17 15:37 <REP> d-------- C:\WINDOWS\system32\MRI
2008-06-17 15:37 . 2008-06-17 15:37 <REP> d-------- C:\WINDOWS\system32\goc
2008-06-17 15:37 . 2008-06-17 15:37 <REP> d-------- C:\WINDOWS\system32\ert
2008-06-17 15:37 . 2008-06-18 18:07 <REP> d-------- C:\WINDOWS\dXRpbGlzYXRldXI
2008-06-17 15:37 . 2008-06-17 15:37 <REP> d-------- C:\Temp\itmp4
2008-06-17 15:37 . 2008-06-18 21:05 <REP> d-------- C:\Temp
2008-06-17 15:37 . 2008-06-17 15:37 52,224 ---hs---- D:\Documents and Settings\utilisateur\lsass.exe
2008-06-15 20:59 . 2008-06-15 20:59 <REP> d-------- C:\Program Files\Fichiers communs\Adobe AIR
2008-06-15 20:59 . 2008-06-15 20:59 <REP> d-------- C:\Program Files\Adobe Media Player
2008-06-13 14:30 . 2008-06-18 09:39 <REP> d-------- C:\Program Files\eMule
2008-06-11 19:01 . 2008-04-14 17:52 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 19:01 . 2008-04-14 17:52 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-07 09:47 . 2008-06-07 09:47 444,416 --a------ C:\WINDOWS\system32\xeogxsjcbyocwdbc.dll
2008-05-27 15:46 . 2008-05-27 15:46 371,200 --a------ C:\WINDOWS\system32\{b59b4733-a217-1d58-94e9-cb72cb6e4076}.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-18 19:08 --------- d-----w D:\Documents and Settings\utilisateur\Application Data\OpenOffice.org2
2008-06-17 15:47 --------- d-----w D:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-17 13:53 --------- d-----w C:\Program Files\Incomplete
2008-06-17 11:55 --------- d-----w D:\Documents and Settings\utilisateur\Application Data\LimeWire
2008-06-09 16:30 1,494 ----a-w D:\Documents and Settings\utilisateur\Application Data\filterclsid.dat
2008-05-17 20:04 --------- d-----w C:\Program Files\SopCast
2008-05-17 19:51 --------- d-----w C:\Program Files\TVAnts
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-03-05 09:24 61,808 ----a-w D:\Documents and Settings\utilisateur\Application Data\GDIPFONTCACHEV1.DAT
2008-02-13 17:29 61,224 ----a-w D:\Documents and Settings\utilisateur\GoToAssistDownloadHelper.exe
2008-02-20 08:11 88 --sh--r C:\WINDOWS\system32\B93113129F.sys
2008-02-20 08:11 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4C6F882F-8680-4AD3-BFB2-1A4124955EA9}]
2008-06-17 15:42 296448 --a------ C:\WINDOWS\system32\khfETnlm.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a457366b-23f1-06a2-c8cc-542111709178}]
2008-06-07 09:47 444416 --a------ C:\WINDOWS\system32\xeogxsjcbyocwdbc.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca755283-fdea-eb48-77ff-5e088a2a8cc5}]
2008-05-27 15:46 371200 --a------ C:\WINDOWS\system32\{b59b4733-a217-1d58-94e9-cb72cb6e4076}.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"RTEGPRS"="C:\Program Files\Fichiers communs\SmartCom\rtegprs.exe" [2006-01-13 18:19 2293760]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-16 20:28 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 14:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00 455168]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-08 16:55 57344]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 21:05 339968]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 13:25 14720000 C:\WINDOWS\RTHDCPL.EXE]
"Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 11:43 90112]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 13:48 127118]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 11:31 24576]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-09-14 18:08 24576]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2004-09-14 18:08 49152]
"Ulead AutoDetector"="C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-03-24 19:29 45056]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2003-09-29 08:10 81990]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2003-09-10 04:11 135251]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-09-02 22:14 180269]
"BigDog305"="C:\WINDOWS\VM305_STI.exe" [2005-08-05 15:15 61440]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-19 07:55 1838592]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 21:16 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 19:36 267048]
"ErreurChasseur"="C:\Program Files\ErreurChasseur\SysRep.exe" [2008-05-22 18:12 1761792]
"cwriter"="C:\Program Files\ErreurChasseur\ucookw.exe" [2008-05-26 13:41 237056]
"{2dbb2698-8089-55ac-fd6b-0cf36e86a753}"="C:\WINDOWS\system32\{b59b4733-a217-1d58-94e9-cb72cb6e4076}.dll" [2008-05-27 15:46 371200]
"SDFix"="C:\SDFix\RunThis.bat /second" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\mpegacm.acm
"MSACM.MI-SC4"= MI-SC4.acm
[HKLM\~\startupfolder\D:^Documents and Settings^utilisateur^Menu Démarrer^Programmes^Démarrage^SM.lnk]
path=D:\Documents and Settings\utilisateur\Menu Démarrer\Programmes\Démarrage\SM.lnk
backup=C:\WINDOWS\pss\SM.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2005-06-29 19:09 17605160 C:\APPS\skype\phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\APPS\\Inventime\\my.exe"=
"C:\\Program Files\\WebEye\\WebEye.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\PPStream\\PPStream.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\APPS\\skype\\phone\\Skype.exe"=
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-05-27 12:51]
S3 mu05bus;Sagem Communication Mobile Platform MU2005 driver (WDM);C:\WINDOWS\system32\DRIVERS\mu05bus.sys [2005-08-01 22:42]
S3 mu05mdfl;Sagem Communication MU2005 CDC WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\mu05mdfl.sys [2005-08-01 22:44]
S3 mu05mdm;Sagem Communication MU2005 CDC WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\mu05mdm.sys [2005-08-01 22:44]
S3 mu05mgmt;Sagem Communication MU2005 CDC WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\mu05mgmt.sys [2005-08-01 22:45]
S3 mu05obex;Sagem Communication MU2005 CDC WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\mu05obex.sys [2005-08-01 22:46]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 13:44]
S3 ZSMC0305;VIMICRO USB PC Camera V;C:\WINDOWS\system32\Drivers\usbVM305.sys [2005-11-30 12:50]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26c01128-2ced-11da-8fa1-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-06-17 16:13:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-18 17:30:00 C:\WINDOWS\Tasks\Configurer mon PC.job"
- C:\Apps\SMP\PCSETUP.EXE
"2005-09-24 11:24:10 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-06-18 18:22:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
Re ,
****************************************************
/!\ Manip crée spécialement pour cet utilisateur , ne pas reproduire chez soi ... /!\
Ouvre le Bloc-Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Copie ce texte ( en gras )d'une traite ( CTRL+C pour copier ) puis colle-le ( CTRL+V dans le bloc-note )
File::
C:\WINDOWS\system32\xeogxsjcbyocwdbc.dll-uninst.exe
C:\WINDOWS\system32\{b59b4733-a217-1d58-94e9-cb72cb6e4076}.dll-uninst.exe
C:\WINDOWS\system32\jownw64o.exe
C:\WINDOWS\system32\g4.exe
D:\Documents and Settings\utilisateur\Application Data\setup_fr[1].exe
C:\WINDOWS\system32\khfETnlm.dll
D:\Documents and Settings\utilisateur\lsass.exe
C:\WINDOWS\system32\xeogxsjcbyocwdbc.dll
C:\WINDOWS\system32\{b59b4733-a217-1d58-94e9-cb72cb6e4076}.dll
C:\WINDOWS\system32\B93113129F.sys
C:\WINDOWS\system32\KGyGaAvL.sys
C:\WINDOWS\portsv.exe
Folder::
C:\SDFix
C:\WINDOWS\system32\netrax18
C:\Program Files\Navilog1
D:\Documents and Settings\All Users\Application Data\SalesMon
D:\Documents and Settings\All Users\Application Data\erreurchasseur
C:\Program Files\Fichiers communs\ErreurChasseur
C:\Program Files\ErreurChasseur
C:\WINDOWS\system32\2690
C:\WINDOWS\system32\netrax05
C:\WINDOWS\system32\MRI
C:\WINDOWS\system32\goc
C:\WINDOWS\system32\ert
C:\WINDOWS\dXRpbGlzYXRldXI
C:\Temp\itmp4
C:\Temp \
C:\Program Files\Macrogaming
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4C6F882F-8680-4AD3-BFB2-1A4124955EA9}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a457366b-23f1-06a2-c8cc-542111709178}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca755283-fdea-eb48-77ff-5e088a2a8cc5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ErreurChasseur"=-
"cwriter"=-
"{2dbb2698-8089-55ac-fd6b-0cf36e86a753}"=-
"SDFix"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
Driver::
PlugPlayRPC
Sauvegarde ce fichier sur ton bureau sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
****************************************************
A+
****************************************************
/!\ Manip crée spécialement pour cet utilisateur , ne pas reproduire chez soi ... /!\
Ouvre le Bloc-Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Copie ce texte ( en gras )d'une traite ( CTRL+C pour copier ) puis colle-le ( CTRL+V dans le bloc-note )
File::
C:\WINDOWS\system32\xeogxsjcbyocwdbc.dll-uninst.exe
C:\WINDOWS\system32\{b59b4733-a217-1d58-94e9-cb72cb6e4076}.dll-uninst.exe
C:\WINDOWS\system32\jownw64o.exe
C:\WINDOWS\system32\g4.exe
D:\Documents and Settings\utilisateur\Application Data\setup_fr[1].exe
C:\WINDOWS\system32\khfETnlm.dll
D:\Documents and Settings\utilisateur\lsass.exe
C:\WINDOWS\system32\xeogxsjcbyocwdbc.dll
C:\WINDOWS\system32\{b59b4733-a217-1d58-94e9-cb72cb6e4076}.dll
C:\WINDOWS\system32\B93113129F.sys
C:\WINDOWS\system32\KGyGaAvL.sys
C:\WINDOWS\portsv.exe
Folder::
C:\SDFix
C:\WINDOWS\system32\netrax18
C:\Program Files\Navilog1
D:\Documents and Settings\All Users\Application Data\SalesMon
D:\Documents and Settings\All Users\Application Data\erreurchasseur
C:\Program Files\Fichiers communs\ErreurChasseur
C:\Program Files\ErreurChasseur
C:\WINDOWS\system32\2690
C:\WINDOWS\system32\netrax05
C:\WINDOWS\system32\MRI
C:\WINDOWS\system32\goc
C:\WINDOWS\system32\ert
C:\WINDOWS\dXRpbGlzYXRldXI
C:\Temp\itmp4
C:\Temp \
C:\Program Files\Macrogaming
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4C6F882F-8680-4AD3-BFB2-1A4124955EA9}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a457366b-23f1-06a2-c8cc-542111709178}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca755283-fdea-eb48-77ff-5e088a2a8cc5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ErreurChasseur"=-
"cwriter"=-
"{2dbb2698-8089-55ac-fd6b-0cf36e86a753}"=-
"SDFix"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
Driver::
PlugPlayRPC
Sauvegarde ce fichier sur ton bureau sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
****************************************************
A+
re,
voila le rapport de Combofix :
ComboFix 08-06-16.5 - utilisateur 2008-06-18 22:43:27.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.412 [GMT 2:00]
Endroit: D:\Documents and Settings\utilisateur\Bureau\ComboFix.exe
Command switches used :: D:\Documents and Settings\utilisateur\Bureau\CFScript.txt..txt
* Création d'un nouveau point de restauration
FILE ::
C:\WINDOWS\portsv.exe
C:\WINDOWS\system32\{b59b4733-a217-1d58-94e9-cb72cb6e4076}.dll
C:\WINDOWS\system32\{b59b4733-a217-1d58-94e9-cb72cb6e4076}.dll-uninst.exe
C:\WINDOWS\system32\B93113129F.sys
C:\WINDOWS\system32\g4.exe
C:\WINDOWS\system32\jownw64o.exe
C:\WINDOWS\system32\KGyGaAvL.sys
C:\WINDOWS\system32\khfETnlm.dll
C:\WINDOWS\system32\xeogxsjcbyocwdbc.dll
C:\WINDOWS\system32\xeogxsjcbyocwdbc.dll-uninst.exe
D:\Documents and Settings\utilisateur\Application Data\setup_fr[1].exe
D:\Documents and Settings\utilisateur\lsass.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\ErreurChasseur
C:\Program Files\ErreurChasseur\atl71.dll
C:\Program Files\ErreurChasseur\kernel.dll
C:\Program Files\ErreurChasseur\License.rtf
C:\Program Files\ErreurChasseur\mfc71.dll
C:\Program Files\ErreurChasseur\msvcp71.dll
C:\Program Files\ErreurChasseur\msvcr71.dll
C:\Program Files\ErreurChasseur\Readme.rtf
C:\Program Files\ErreurChasseur\Res\Main.ico
C:\Program Files\ErreurChasseur\Res\RecycleBin.ico
C:\Program Files\ErreurChasseur\rm.url
C:\Program Files\ErreurChasseur\sr.log
C:\Program Files\ErreurChasseur\swupd.log
C:\Program Files\ErreurChasseur\SysRep.exe
C:\Program Files\ErreurChasseur\SysRep.exe.Log
C:\Program Files\ErreurChasseur\SysRep.exe.xml
C:\Program Files\ErreurChasseur\SysRep.url
C:\Program Files\ErreurChasseur\transpaid.exe
C:\Program Files\ErreurChasseur\ucookw.exe
C:\Program Files\ErreurChasseur\unins000.dat
C:\Program Files\ErreurChasseur\unins000.exe
C:\Program Files\ErreurChasseur\urls.ini
C:\Program Files\Fichiers communs\ErreurChasseur
C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe
C:\Program Files\Macrogaming
C:\Program Files\Macrogaming\SweetIM\conf\users\main_user_config.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\marine4_du75@hotmail.fr\emoticons_shortcut.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\marine4_du75@hotmail.fr\user_config.xml
C:\Program Files\Macrogaming\SweetIM\data\contentdb\01050001.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\cache_indx.dat
C:\Program Files\Navilog1
C:\Program Files\Navilog1\Backupnavi\afmugldcb.dat
C:\Program Files\Navilog1\Backupnavi\afmugldcb.exe
C:\Program Files\Navilog1\Backupnavi\afmugldcb_nav.dat
C:\Program Files\Navilog1\Backupnavi\afmugldcb_navps.dat
C:\Program Files\Navilog1\Backupnavi\aqqstk.exe
C:\Program Files\Navilog1\Backupnavi\bjtgjem.exe
C:\Program Files\Navilog1\Backupnavi\dfdsszlqx.exe
C:\Program Files\Navilog1\Backupnavi\dplpcew.exe
C:\Program Files\Navilog1\Backupnavi\drijhz.exe
C:\Program Files\Navilog1\Backupnavi\dtnmig.exe
C:\Program Files\Navilog1\Backupnavi\etegmzr.exe
C:\Program Files\Navilog1\Backupnavi\fbffipynf.exe
C:\Program Files\Navilog1\Backupnavi\fjocjnrpah.exe
C:\Program Files\Navilog1\Backupnavi\grcnmqgum.exe
C:\Program Files\Navilog1\Backupnavi\hdrmxel.exe
C:\Program Files\Navilog1\Backupnavi\hlwdfcnn.exe
C:\Program Files\Navilog1\Backupnavi\hqgddyx.exe
C:\Program Files\Navilog1\Backupnavi\iojrnzf.exe
C:\Program Files\Navilog1\Backupnavi\irpqwmdnh.exe
C:\Program Files\Navilog1\Backupnavi\iuxxbos.exe
C:\Program Files\Navilog1\Backupnavi\iuznncgiw.exe
C:\Program Files\Navilog1\Backupnavi\jaeptaisb.exe
C:\Program Files\Navilog1\Backupnavi\jdmvwa.exe
C:\Program Files\Navilog1\Backupnavi\khsfekiiq.exe
C:\Program Files\Navilog1\Backupnavi\kkopapsa.exe
C:\Program Files\Navilog1\Backupnavi\kuulcv.exe
C:\Program Files\Navilog1\Backupnavi\lcibtsmjh.exe
C:\Program Files\Navilog1\Backupnavi\lcrohg.exe
C:\Program Files\Navilog1\Backupnavi\lphalqo.exe
C:\Program Files\Navilog1\Backupnavi\lrducbjcev.exe
C:\Program Files\Navilog1\Backupnavi\mognpssn.exe
C:\Program Files\Navilog1\Backupnavi\mykrcax.exe
C:\Program Files\Navilog1\Backupnavi\ndbcqp.exe
C:\Program Files\Navilog1\Backupnavi\nhhcpwxks.exe
C:\Program Files\Navilog1\Backupnavi\nkrxgr.exe
C:\Program Files\Navilog1\Backupnavi\nleagiwus.exe
C:\Program Files\Navilog1\Backupnavi\odutyg.exe
C:\Program Files\Navilog1\Backupnavi\osfspw.exe
C:\Program Files\Navilog1\Backupnavi\ovkrpoxljw.exe
C:\Program Files\Navilog1\Backupnavi\qcwcsay.dat
C:\Program Files\Navilog1\Backupnavi\QCWCSAY.EXE-0BE6F2A8.pf
C:\Program Files\Navilog1\Backupnavi\qcwcsay.exe
C:\Program Files\Navilog1\Backupnavi\qcwcsay_nav.dat
C:\Program Files\Navilog1\Backupnavi\qcwcsay_navps.dat
C:\Program Files\Navilog1\Backupnavi\qcwcsay_navup.dat
C:\Program Files\Navilog1\Backupnavi\qxpqcds.exe
C:\Program Files\Navilog1\Backupnavi\qzsgqmotk.exe
C:\Program Files\Navilog1\Backupnavi\rdujei.exe
C:\Program Files\Navilog1\Backupnavi\rkotevlbn.exe
C:\Program Files\Navilog1\Backupnavi\sfcggm.exe
C:\Program Files\Navilog1\Backupnavi\sfzzrr.exe
C:\Program Files\Navilog1\Backupnavi\sgkdnwteob.exe
C:\Program Files\Navilog1\Backupnavi\sqatzte.exe
C:\Program Files\Navilog1\Backupnavi\tpdfqabedo.exe
C:\Program Files\Navilog1\Backupnavi\tsjhih.exe
C:\Program Files\Navilog1\Backupnavi\tssuprpwk.exe
C:\Program Files\Navilog1\Backupnavi\txtngfd.exe
C:\Program Files\Navilog1\Backupnavi\vkdejc.exe
C:\Program Files\Navilog1\Backupnavi\wzixcze.exe
C:\Program Files\Navilog1\Backupnavi\xakcpx.exe
C:\Program Files\Navilog1\Backupnavi\xrcugrtkkq.exe
C:\Program Files\Navilog1\Backupnavi\xvzfrahtqk.exe
C:\Program Files\Navilog1\Backupnavi\xyuvycm.exe
C:\Program Files\Navilog1\Backupnavi\yejklopzk.exe
C:\Program Files\Navilog1\catchme.exe
C:\Program Files\Navilog1\GetPaths.exe
C:\Program Files\Navilog1\gnc.exe
C:\Program Files\Navilog1\navilog1.bat
C:\Program Files\Navilog1\navreb.bat
C:\Program Files\Navilog1\oem2ansi.exe
C:\Program Files\Navilog1\Process.exe
C:\Program Files\Navilog1\reboot.exe
C:\Program Files\Navilog1\reg.exe
C:\Program Files\Navilog1\regnavi.reg
C:\Program Files\Navilog1\Safebackup\backup_registry.dat
C:\Program Files\Navilog1\Safebackup\HKCU_Run.reg
C:\Program Files\Navilog1\Safebackup\HKLM_Arpcache.reg
C:\Program Files\Navilog1\Safebackup\HKLM_Run.reg
C:\Program Files\Navilog1\Safebackup\HKLM_Startupreg.reg
C:\Program Files\Navilog1\Safebackup\HKLM_Uninstall.reg
C:\Program Files\Navilog1\traite.bat
C:\Program Files\Navilog1\traite2.bat
C:\Program Files\Navilog1\traite3.bat
C:\Program Files\Navilog1\unins000.dat
C:\Program Files\Navilog1\unins000.exe
C:\SDFix
C:\SDFix\apps\assosfix.reg
C:\SDFix\apps\cliptext.exe
C:\SDFix\apps\download.exe
C:\SDFix\apps\dummy.sys
C:\SDFix\apps\Enable_Command_Prompt.reg
C:\SDFix\apps\ERDNT.E_E
C:\SDFix\apps\ERDNTDOS.LOC
C:\SDFix\apps\ERDNTWIN.LOC
C:\SDFix\apps\ERUNT.EXE
C:\SDFix\apps\ERUNT.LOC
C:\SDFix\apps\fix.reg
C:\SDFix\apps\FixBH.reg
C:\SDFix\apps\FixComponents.reg
C:\SDFix\apps\FIXCU.reg
C:\SDFix\apps\FIXLM.reg
C:\SDFix\apps\FixPath.exe
C:\SDFix\apps\FixRedir.reg
C:\SDFix\apps\FixSchedule.reg
C:\SDFix\apps\FixWebCheck.reg
C:\SDFix\apps\fixXP.reg
C:\SDFix\apps\FixXPsp2.reg
C:\SDFix\apps\grep.exe
C:\SDFix\apps\HPFix.reg
C:\SDFix\apps\HPFix2.reg
C:\SDFix\apps\HPFix3.reg
C:\SDFix\apps\HPFix4.reg
C:\SDFix\apps\HPFix5.reg
C:\SDFix\apps\HPFix6.reg
C:\SDFix\apps\HPFix7.reg
C:\SDFix\apps\HPFix8.reg
C:\SDFix\apps\HPFix9.reg
C:\SDFix\apps\isadmin.exe
C:\SDFix\apps\leg2.txt
C:\SDFix\apps\legacy.txt
C:\SDFix\apps\legacybk.txt
C:\SDFix\apps\locate.com
C:\SDFix\apps\LS.exe
C:\SDFix\apps\MD5File.exe
C:\SDFix\apps\MyGcpvFix.reg
C:\SDFix\apps\MyGkFix2.reg
C:\SDFix\apps\Process.exe
C:\SDFix\apps\procs.exe
C:\SDFix\apps\psservice.exe
C:\SDFix\apps\Rem.txt
C:\SDFix\apps\Rem2.txt
C:\SDFix\apps\Replace\regedit.exe
C:\SDFix\apps\Replace\W2K.exe
C:\SDFix\apps\Replace\w2k\beep.sys
C:\SDFix\apps\Replace\w2k\null.sys
C:\SDFix\apps\Replace\XP.exe
C:\SDFix\apps\Replace\xp\beep.sys
C:\SDFix\apps\Replace\xp\null.sys
C:\SDFix\apps\Reset_AppInit_DLLs.reg
C:\SDFix\apps\RestartIt!.exe
C:\SDFix\apps\Restore_SecurityCenter.reg
C:\SDFix\apps\Restore_SharedAccess.reg
C:\SDFix\apps\sc.exe
C:\SDFix\apps\sed.exe
C:\SDFix\apps\SF.exe
C:\SDFix\apps\shutdown.exe
C:\SDFix\apps\srv2.txt
C:\SDFix\apps\srv2bk.txt
C:\SDFix\apps\svc.txt
C:\SDFix\apps\svcbk.txt
C:\SDFix\apps\swreg.exe
C:\SDFix\apps\swsc.exe
C:\SDFix\apps\unzip.exe
C:\SDFix\apps\vfind.exe
C:\SDFix\apps\WINMSG.EXE
C:\SDFix\apps\winsec.reg
C:\SDFix\apps\zip.exe
C:\SDFix\attrib.exe
C:\SDFix\backupreg\AppInit_DLLs.reg
C:\SDFix\backupreg\bat_shell_open.reg
C:\SDFix\backupreg\BHO.reg
C:\SDFix\backupreg\com_shell_open.reg
C:\SDFix\backupreg\ControlPanel_Load.reg
C:\SDFix\backupreg\Drivers32.reg
C:\SDFix\backupreg\exe_shell_open.reg
C:\SDFix\backupreg\HKCU_SOFTWARE_Policy.reg
C:\SDFix\backupreg\HKCU_WINDOWS_Policy.reg
C:\SDFix\backupreg\HKCURun.reg
C:\SDFix\backupreg\HKCURunServices.reg
C:\SDFix\backupreg\HKLM_SOFTWARE_Policy.reg
C:\SDFix\backupreg\HKLM_WINDOWS_Policy.reg
C:\SDFix\backupreg\HKLMRun.reg
C:\SDFix\backupreg\HKLMRunServices.reg
C:\SDFix\backupreg\hta_shell_open.reg
C:\SDFix\backupreg\IEDesktop.reg
C:\SDFix\backupreg\IEMain.reg
C:\SDFix\backupreg\Installed_Components.reg
C:\SDFix\backupreg\pif_shell_open.reg
C:\SDFix\backupreg\reg_shell_open.reg
C:\SDFix\backupreg\SecurityProviders.reg
C:\SDFix\backupreg\SharedTaskScheduler.reg
C:\SDFix\backupreg\ShellServiceObjectDelayLoad.reg
C:\SDFix\backupreg\SubSystems.reg
C:\SDFix\backupreg\txt_shell_open.reg
C:\SDFix\backupreg\Winlogon.reg
C:\SDFix\backupreg\WinlogonNotify.reg
C:\SDFix\backups\msnav32.ax
C:\SDFix\backups\RepairRun09.reg
C:\SDFix\backups\rwwnw64d.exe
C:\SDFix\backups\zxdnt3d.cfg
C:\SDFix\backups_old\06.17.08_17_23_48.log
C:\SDFix\backups_old\06.17.08_17_29_13.log
C:\SDFix\backups_old\06.17.08_17_29_38.log
C:\SDFix\backups_old\accesss.exe
C:\SDFix\backups_old\asappsrv.dll
C:\SDFix\backups_old\astctl32.ocx
C:\SDFix\backups_old\atmtd.dll
C:\SDFix\backups_old\atmtd.dll._
C:\SDFix\backups_old\avpcc.dll
C:\SDFix\backups_old\clrssn.exe
C:\SDFix\backups_old\command.exe
C:\SDFix\backups_old\config.dat
C:\SDFix\backups_old\cpan.dll
C:\SDFix\backups_old\ctfmon32.exe
C:\SDFix\backups_old\ctrlpan.dll
C:\SDFix\backups_old\default.htm
C:\SDFix\backups_old\directx32.exe
C:\SDFix\backups_old\dnsrelay.dll
C:\SDFix\backups_old\editpad.exe
C:\SDFix\backups_old\explore.exe
C:\SDFix\backups_old\explorer32.exe
C:\SDFix\backups_old\filesbase.bin
C:\SDFix\backups_old\funniest.exe
C:\SDFix\backups_old\funny.exe
C:\SDFix\backups_old\gfmnaaa.dll
C:\SDFix\backups_old\global_virus_table.bin
C:\SDFix\backups_old\helpcvs.exe
C:\SDFix\backups_old\hljwugsf.bin
C:\SDFix\backups_old\iedll.exe
C:\SDFix\backups_old\iexplorer.exe
C:\SDFix\backups_old\iftuyszv.exe
C:\SDFix\backups_old\ignoredomainsbase.bin
C:\SDFix\backups_old\ignorefilesbase.bin
C:\SDFix\backups_old\ignoreregsbase.bin
C:\SDFix\backups_old\inetinf.exe
C:\SDFix\backups_old\internet.exe
C:\SDFix\backups_old\loader.exe
C:\SDFix\backups_old\mdReg.dll
C:\SDFix\backups_old\megavid.cdt
C:\SDFix\backups_old\mrofinu1000106.exe
C:\SDFix\backups_old\msconfd.dll
C:\SDFix\backups_old\msnav32.ax
C:\SDFix\backups_old\msspi.dll
C:\SDFix\backups_old\mssys.exe
C:\SDFix\backups_old\msupdate.exe
C:\SDFix\backups_old\mswsc10.dll
C:\SDFix\backups_old\mswsc20.dll
C:\SDFix\backups_old\mtwirl32.dll
C:\SDFix\backups_old\muotr.so
C:\SDFix\backups_old\netmon.exe
C:\SDFix\backups_old\netrax051080.exe
C:\SDFix\backups_old\netrax182328.exe
C:\SDFix\backups_old\notepad32.exe
C:\SDFix\backups_old\olehelp.exe
C:\SDFix\backups_old\pac.txt
C:\SDFix\backups_old\parser.exe
C:\SDFix\backups_old\qttasks.exe
C:\SDFix\backups_old\quicken.exe
C:\SDFix\backups_old\regbase.bin
C:\SDFix\backups_old\RepairVundo.reg
C:\SDFix\backups_old\rundll16.exe
C:\SDFix\backups_old\rundll32.vbe
C:\SDFix\backups_old\rwwnw64d.exe
C:\SDFix\backups_old\searchword.dll
C:\SDFix\backups_old\sistem.exe
C:\SDFix\backups_old\sm_ie_monitor.dll
C:\SDFix\backups_old\SpyMaxx.exe
C:\SDFix\backups_old\SpyMaxx.exe.MANIFEST
C:\SDFix\backups_old\stat.bin
C:\SDFix\backups_old\svchost32.exe
C:\SDFix\backups_old\svcinit.exe
C:\SDFix\backups_old\syscheck.log
C:\SDFix\backups_old\systeem.exe
C:\SDFix\backups_old\systemcritical.exe
C:\SDFix\backups_old\time.exe
C:\SDFix\backups_old\uninstall.exe
C:\SDFix\backups_old\uninstall.log
C:\SDFix\backups_old\uninstall_nmon.vbs
C:\SDFix\backups_old\urlbase.bin
C:\SDFix\backups_old\urqOFxYs.dll
C:\SDFix\backups_old\users32.exe
C:\SDFix\backups_old\waol.exe
C:\SDFix\backups_old\win32e.exe
C:\SDFix\backups_old\win64.exe
C:\SDFix\backups_old\winajbm.dll
C:\SDFix\backups_old\window.exe
C:\SDFix\backups_old\winmgnt.exe
C:\SDFix\backups_old\x.exe
C:\SDFix\backups_old\xplugin.dll
C:\SDFix\backups_old\xrlDv35Wsrl5xrK.vbs
C:\SDFix\backups_old\xxxvideo.hta
C:\SDFix\backups_old\y.exe
C:\SDFix\backups_old\zxdnt3d.cfg
C:\SDFix\backups_old1\RepairVundo.reg
C:\SDFix\bpTEST1.TXT
C:\SDFix\bpTEST3.TXT
C:\SDFix\catchme.exe
C:\SDFix\delavi0.txt
C:\SDFix\delzip0.txt
C:\SDFix\dest.txt
C:\SDFix\dummy.exe
C:\SDFix\dummy.sys
C:\SDFix\FileList1.txt
C:\SDFix\find.exe
C:\SDFix\Find.txt
C:\SDFix\FindAdbandrun1.txt
C:\SDFix\FindAdbandrun2.txt
C:\SDFix\FindAdbandrun3.txt
C:\SDFix\FindAdbandrun3a.txt
C:\SDFix\FindAdbandrun4.txt
C:\SDFix\FindAdbandrun4a.txt
C:\SDFix\FindAdbandrun5.txt
C:\SDFix\Findbhos1.txt
C:\SDFix\Findkrakenrun.txt
C:\SDFix\Findroguerun1.txt
C:\SDFix\Findrun.txt
C:\SDFix\Findrun002.txt
C:\SDFix\Findrun002a.txt
C:\SDFix\Findrun2.txt
C:\SDFix\Findrun3.txt
C:\SDFix\Findrun30.txt
C:\SDFix\Findrun30b.txt
C:\SDFix\Findrun31.txt
C:\SDFix\Findrun32.txt
C:\SDFix\findstr.exe
C:\SDFix\Findzip.txt
C:\SDFix\Foundsvc.txt
C:\SDFix\HOSTS
C:\SDFix\kill.txt
C:\SDFix\ndloc.txt
C:\SDFix\Patched2.txt
C:\SDFix\regedit.exe
C:\SDFix\RepairRun09.reg
C:\SDFix\RepairVundo1.reg
C:\SDFix\Report.txt
C:\SDFix\Report_old_1.txt
C:\SDFix\RunThis.bat
C:\SDFix\SDFIX_ReadMe_Online.url
C:\SDFix\userinfix.reg
C:\SDFix\W2K_CodecRepair.inf
C:\SDFix\XP_CodecRepair.inf
C:\Temp\itmp4
C:\Temp\itmp4\mkbv4i.log
C:\WINDOWS\BMf792fefd.xml
C:\WINDOWS\dXRpbGlzYXRldXI
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\{b59b4733-a217-1d58-94e9-cb72cb6e4076}.dll
C:\WINDOWS\system32\2690
C:\WINDOWS\system32\B93113129F.sys
C:\WINDOWS\system32\eftaxcis.dll
C:\WINDOWS\system32\ert
C:\WINDOWS\system32\ert\dinacomDE.exe
C:\WINDOWS\system32\g4.exe
C:\WINDOWS\system32\goc
C:\WINDOWS\system32\goc\vbashcom3.exe
C:\WINDOWS\system32\jownw64o.exe
C:\WINDOWS\system32\KGyGaAvL.sys
C:\WINDOWS\system32\khfETnlm.dll
C:\WINDOWS\system32\mlnTEfhk.ini
C:\WINDOWS\system32\mlnTEfhk.ini2
C:\WINDOWS\system32\MRI
C:\WINDOWS\system32\MRI\btuxderr.exe
C:\WINDOWS\system32\netrax05
C:\WINDOWS\system32\netrax18
C:\WINDOWS\system32\rdonwyiv.dll
C:\WINDOWS\system32\thacgbim.dll
C:\WINDOWS\system32\viywnodr.ini
C:\WINDOWS\system32\xeogxsjcbyocwdbc.dll-uninst.exe
C:\WINDOWS\system32\xeogxsjcbyocwdbc.dll
D:\Documents and Settings\All Users\Application Data\erreurchasseur
D:\Documents and Settings\All Users\Application Data\erreurchasseur\Data\ac
D:\Documents and Settings\All Users\Application Data\erreurchasseur\Data\ActivationDomain
D:\Documents and Settings\All Users\Application Data\erreurchasseur\Data\em
D:\Documents and Settings\All Users\Application Data\erreurchasseur\Data\ErreurChasseur.exe.cer
D:\Documents and Settings\All Users\Application Data\erreurchasseur\Data\oid
D:\Documents and Settings\All Users\Application Data\erreurchasseur\Data\save2.db
D:\Documents and Settings\All Users\Application Data\erreurchasseur\Data\user
D:\Documents and Settings\All Users\Application Data\SalesMon
D:\Documents and Settings\utilisateur\Application Data\setup_fr[1].exe
D:\Documents and Settings\utilisateur\lsass.exe
.
---- Previous Run -------
.
C:\Program Files\network monitor
C:\Program Files\SpyMaxx
C:\Temp\1cb
C:\WINDOWS\444.470
C:\WINDOWS\BMf792fefd.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\lfn.exe
C:\WINDOWS\mainms.vpi
C:\WINDOWS\portsv.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ecrwdhjj.ini
C:\WINDOWS\system32\efcATJAt.dll
C:\WINDOWS\system32\gside.exe
C:\WINDOWS\system32\jjhdwrce.dll
C:\WINDOWS\system32\mcntmadm.exe
C:\WINDOWS\system32\mcntpkdm.exe
C:\WINDOWS\system32\mcntpkdn.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mlnTEfhk.ini
C:\WINDOWS\system32\mlnTEfhk.ini2
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
C:\WINDOWS\system32\qhdbgoou.ini
C:\WINDOWS\system32\tcntaxdn.exe
C:\WINDOWS\system32\troqtuut.dll
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\yeehvfyy.dll
C:\WINDOWS\system32\zxdnt3d.cfg
D:\Documents and Settings\LocalService\Application Data\NetMon
D:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
D:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_PlugPlayRPC
-------\Service_PlugPlayRPC
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-18 to 2008-06-18 ))))))))))))))))))))))))))))))))))))
.
2008-06-18 17:45 . 2008-06-18 17:45 <REP> d-------- C:\WINDOWS\ERUNT
2008-06-18 16:45 . 2004-08-17 02:55 <REP> d--h----- D:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-06-18 16:45 . 2004-08-17 02:55 <REP> d--h----- D:\Documents and Settings\Administrateur\Voisinage d'impression
2008-06-18 16:45 . 2005-09-03 06:51 <REP> d--h----- D:\Documents and Settings\Administrateur\ModŠles
2008-06-18 16:45 . 2005-09-02 22:21 <REP> dr------- D:\Documents and Settings\Administrateur\Mes documents
2008-06-18 16:45 . 2005-09-03 06:51 <REP> dr------- D:\Documents and Settings\Administrateur\Menu D‚marrer
2008-06-18 16:45 . 2005-09-02 22:09 <REP> dr------- D:\Documents and Settings\Administrateur\Favoris
2008-06-18 16:45 . 2008-06-18 21:09 <REP> dr------- D:\Documents and Settings\Administrateur\Bureau
2008-06-18 16:45 . 2005-09-02 22:08 <REP> d-------- D:\Documents and Settings\Administrateur\Application Data\You've Got Pictures Screensaver
2008-06-18 16:45 . 2005-09-02 22:11 <REP> d-------- D:\Documents and Settings\Administrateur\Application Data\Symantec
2008-06-18 16:45 . 2008-06-18 16:45 <REP> d-------- D:\Documents and Settings\Administrateur
2008-06-18 16:08 . 2008-06-18 19:32 <REP> d-------- C:\HijackThis
2008-06-17 18:52 . 2008-06-17 18:53 63,918 --a------ C:\WINDOWS\system32\{b59b4733-a217-1d58-94e9-cb72cb6e4076}.dll-uninst.exe
2008-06-17 15:37 . 2008-06-17 15:37 <REP> dr------- D:\Documents and Settings\LocalService\Favoris
2008-06-17 15:37 . 2008-06-18 22:45 <REP> d-------- C:\Temp
2008-06-15 20:59 . 2008-06-15 20:59 <REP> d-------- C:\Program Files\Fichiers communs\Adobe AIR
2008-06-15 20:59 . 2008-06-15 20:59 <REP> d-------- C:\Program Files\Adobe Media Player
2008-06-13 14:30 . 2008-06-18 09:39 <REP> d-------- C:\Program Files\eMule
2008-06-11 19:01 . 2008-04-14 17:52 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 19:01 . 2008-04-14 17:52 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-18 19:14 --------- d-----w D:\Documents and Settings\utilisateur\Application Data\OpenOffice.org2
2008-06-17 15:47 --------- d-----w D:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-17 13:53 --------- d-----w C:\Program Files\Incomplete
2008-06-17 11:55 --------- d-----w D:\Documents and Settings\utilisateur\Application Data\LimeWire
2008-06-09 16:30 1,494 ----a-w D:\Documents and Settings\utilisateur\Application Data\filterclsid.dat
2008-05-17 20:04 --------- d-----w C:\Program Files\SopCast
2008-05-17 19:51 --------- d-----w C:\Program Files\TVAnts
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-03-05 09:24 61,808 ----a-w D:\Documents and Settings\utilisateur\Application Data\GDIPFONTCACHEV1.DAT
2008-02-13 17:29 61,224 ----a-w D:\Documents and Settings\utilisateur\GoToAssistDownloadHelper.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-18_21.17.21.42 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-18 19:09:16 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-18 20:47:35 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"RTEGPRS"="C:\Program Files\Fichiers communs\SmartCom\rtegprs.exe" [2006-01-13 18:19 2293760]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-16 20:28 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 14:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00 455168]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-08 16:55 57344]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 21:05 339968]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 13:25 14720000 C:\WINDOWS\RTHDCPL.EXE]
"Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 11:43 90112]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 13:48 127118]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 11:31 24576]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-09-14 18:08 24576]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2004-09-14 18:08 49152]
"Ulead AutoDetector"="C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-03-24 19:29 45056]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2003-09-29 08:10 81990]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2003-09-10 04:11 135251]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-09-02 22:14 180269]
"BigDog305"="C:\WINDOWS\VM305_STI.exe" [2005-08-05 15:15 61440]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-19 07:55 1838592]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 21:16 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 19:36 267048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\mpegacm.acm
"MSACM.MI-SC4"= MI-SC4.acm
[HKLM\~\startupfolder\D:^Documents and Settings^utilisateur^Menu Démarrer^Programmes^Démarrage^SM.lnk]
path=D:\Documents and Settings\utilisateur\Menu Démarrer\Programmes\Démarrage\SM.lnk
backup=C:\WINDOWS\pss\SM.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2005-06-29 19:09 17605160 C:\APPS\skype\phone\Skype.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\APPS\\Inventime\\my.exe"=
"C:\\Program Files\\WebEye\\WebEye.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\PPStream\\PPStream.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\APPS\\skype\\phone\\Skype.exe"=
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-05-27 12:51]
S3 mu05bus;Sagem Communication Mobile Platform MU2005 driver (WDM);C:\WINDOWS\system32\DRIVERS\mu05bus.sys [2005-08-01 22:42]
S3 mu05mdfl;Sagem Communication MU2005 CDC WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\mu05mdfl.sys [2005-08-01 22:44]
S3 mu05mdm;Sagem Communication MU2005 CDC WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\mu05mdm.sys [2005-08-01 22:44]
S3 mu05mgmt;Sagem Communication MU2005 CDC WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\mu05mgmt.sys [2005-08-01 22:45]
S3 mu05obex;Sagem Communication MU2005 CDC WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\mu05obex.sys [2005-08-01 22:46]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 13:44]
S3 ZSMC0305;VIMICRO USB PC Camera V;C:\WINDOWS\system32\Drivers\usbVM305.sys [2005-11-30 12:50]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26c01128-2ced-11da-8fa1-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-06-17 16:13:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-18 17:30:00 C:\WINDOWS\Tasks\Configurer mon PC.job"
- C:\Apps\SMP\PCSETUP.EXE
"2005-09-24 11:24:10 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-06-18 20:22:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
voila le rapport de hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:04, on 2008-06-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\SmartCom\rtegprs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fmsger%2ftabs%2f_pictos%2fcoca%2fPictoCoke02.png%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\SmartCom\rtegprs.exe" tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\QooBox\Quarantine\C\WINDOWS\system32\mcntpkdn.exe.vir
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rwwnw64d.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: VP-EYE.lnk = C:\VP-EYE\control\vpeyev4.exe
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Post Image to Blog - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Transload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5004
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5001
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
voila le rapport de Combofix :
ComboFix 08-06-16.5 - utilisateur 2008-06-18 22:43:27.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.412 [GMT 2:00]
Endroit: D:\Documents and Settings\utilisateur\Bureau\ComboFix.exe
Command switches used :: D:\Documents and Settings\utilisateur\Bureau\CFScript.txt..txt
* Création d'un nouveau point de restauration
FILE ::
C:\WINDOWS\portsv.exe
C:\WINDOWS\system32\{b59b4733-a217-1d58-94e9-cb72cb6e4076}.dll
C:\WINDOWS\system32\{b59b4733-a217-1d58-94e9-cb72cb6e4076}.dll-uninst.exe
C:\WINDOWS\system32\B93113129F.sys
C:\WINDOWS\system32\g4.exe
C:\WINDOWS\system32\jownw64o.exe
C:\WINDOWS\system32\KGyGaAvL.sys
C:\WINDOWS\system32\khfETnlm.dll
C:\WINDOWS\system32\xeogxsjcbyocwdbc.dll
C:\WINDOWS\system32\xeogxsjcbyocwdbc.dll-uninst.exe
D:\Documents and Settings\utilisateur\Application Data\setup_fr[1].exe
D:\Documents and Settings\utilisateur\lsass.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\ErreurChasseur
C:\Program Files\ErreurChasseur\atl71.dll
C:\Program Files\ErreurChasseur\kernel.dll
C:\Program Files\ErreurChasseur\License.rtf
C:\Program Files\ErreurChasseur\mfc71.dll
C:\Program Files\ErreurChasseur\msvcp71.dll
C:\Program Files\ErreurChasseur\msvcr71.dll
C:\Program Files\ErreurChasseur\Readme.rtf
C:\Program Files\ErreurChasseur\Res\Main.ico
C:\Program Files\ErreurChasseur\Res\RecycleBin.ico
C:\Program Files\ErreurChasseur\rm.url
C:\Program Files\ErreurChasseur\sr.log
C:\Program Files\ErreurChasseur\swupd.log
C:\Program Files\ErreurChasseur\SysRep.exe
C:\Program Files\ErreurChasseur\SysRep.exe.Log
C:\Program Files\ErreurChasseur\SysRep.exe.xml
C:\Program Files\ErreurChasseur\SysRep.url
C:\Program Files\ErreurChasseur\transpaid.exe
C:\Program Files\ErreurChasseur\ucookw.exe
C:\Program Files\ErreurChasseur\unins000.dat
C:\Program Files\ErreurChasseur\unins000.exe
C:\Program Files\ErreurChasseur\urls.ini
C:\Program Files\Fichiers communs\ErreurChasseur
C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe
C:\Program Files\Macrogaming
C:\Program Files\Macrogaming\SweetIM\conf\users\main_user_config.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\marine4_du75@hotmail.fr\emoticons_shortcut.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\marine4_du75@hotmail.fr\user_config.xml
C:\Program Files\Macrogaming\SweetIM\data\contentdb\01050001.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\cache_indx.dat
C:\Program Files\Navilog1
C:\Program Files\Navilog1\Backupnavi\afmugldcb.dat
C:\Program Files\Navilog1\Backupnavi\afmugldcb.exe
C:\Program Files\Navilog1\Backupnavi\afmugldcb_nav.dat
C:\Program Files\Navilog1\Backupnavi\afmugldcb_navps.dat
C:\Program Files\Navilog1\Backupnavi\aqqstk.exe
C:\Program Files\Navilog1\Backupnavi\bjtgjem.exe
C:\Program Files\Navilog1\Backupnavi\dfdsszlqx.exe
C:\Program Files\Navilog1\Backupnavi\dplpcew.exe
C:\Program Files\Navilog1\Backupnavi\drijhz.exe
C:\Program Files\Navilog1\Backupnavi\dtnmig.exe
C:\Program Files\Navilog1\Backupnavi\etegmzr.exe
C:\Program Files\Navilog1\Backupnavi\fbffipynf.exe
C:\Program Files\Navilog1\Backupnavi\fjocjnrpah.exe
C:\Program Files\Navilog1\Backupnavi\grcnmqgum.exe
C:\Program Files\Navilog1\Backupnavi\hdrmxel.exe
C:\Program Files\Navilog1\Backupnavi\hlwdfcnn.exe
C:\Program Files\Navilog1\Backupnavi\hqgddyx.exe
C:\Program Files\Navilog1\Backupnavi\iojrnzf.exe
C:\Program Files\Navilog1\Backupnavi\irpqwmdnh.exe
C:\Program Files\Navilog1\Backupnavi\iuxxbos.exe
C:\Program Files\Navilog1\Backupnavi\iuznncgiw.exe
C:\Program Files\Navilog1\Backupnavi\jaeptaisb.exe
C:\Program Files\Navilog1\Backupnavi\jdmvwa.exe
C:\Program Files\Navilog1\Backupnavi\khsfekiiq.exe
C:\Program Files\Navilog1\Backupnavi\kkopapsa.exe
C:\Program Files\Navilog1\Backupnavi\kuulcv.exe
C:\Program Files\Navilog1\Backupnavi\lcibtsmjh.exe
C:\Program Files\Navilog1\Backupnavi\lcrohg.exe
C:\Program Files\Navilog1\Backupnavi\lphalqo.exe
C:\Program Files\Navilog1\Backupnavi\lrducbjcev.exe
C:\Program Files\Navilog1\Backupnavi\mognpssn.exe
C:\Program Files\Navilog1\Backupnavi\mykrcax.exe
C:\Program Files\Navilog1\Backupnavi\ndbcqp.exe
C:\Program Files\Navilog1\Backupnavi\nhhcpwxks.exe
C:\Program Files\Navilog1\Backupnavi\nkrxgr.exe
C:\Program Files\Navilog1\Backupnavi\nleagiwus.exe
C:\Program Files\Navilog1\Backupnavi\odutyg.exe
C:\Program Files\Navilog1\Backupnavi\osfspw.exe
C:\Program Files\Navilog1\Backupnavi\ovkrpoxljw.exe
C:\Program Files\Navilog1\Backupnavi\qcwcsay.dat
C:\Program Files\Navilog1\Backupnavi\QCWCSAY.EXE-0BE6F2A8.pf
C:\Program Files\Navilog1\Backupnavi\qcwcsay.exe
C:\Program Files\Navilog1\Backupnavi\qcwcsay_nav.dat
C:\Program Files\Navilog1\Backupnavi\qcwcsay_navps.dat
C:\Program Files\Navilog1\Backupnavi\qcwcsay_navup.dat
C:\Program Files\Navilog1\Backupnavi\qxpqcds.exe
C:\Program Files\Navilog1\Backupnavi\qzsgqmotk.exe
C:\Program Files\Navilog1\Backupnavi\rdujei.exe
C:\Program Files\Navilog1\Backupnavi\rkotevlbn.exe
C:\Program Files\Navilog1\Backupnavi\sfcggm.exe
C:\Program Files\Navilog1\Backupnavi\sfzzrr.exe
C:\Program Files\Navilog1\Backupnavi\sgkdnwteob.exe
C:\Program Files\Navilog1\Backupnavi\sqatzte.exe
C:\Program Files\Navilog1\Backupnavi\tpdfqabedo.exe
C:\Program Files\Navilog1\Backupnavi\tsjhih.exe
C:\Program Files\Navilog1\Backupnavi\tssuprpwk.exe
C:\Program Files\Navilog1\Backupnavi\txtngfd.exe
C:\Program Files\Navilog1\Backupnavi\vkdejc.exe
C:\Program Files\Navilog1\Backupnavi\wzixcze.exe
C:\Program Files\Navilog1\Backupnavi\xakcpx.exe
C:\Program Files\Navilog1\Backupnavi\xrcugrtkkq.exe
C:\Program Files\Navilog1\Backupnavi\xvzfrahtqk.exe
C:\Program Files\Navilog1\Backupnavi\xyuvycm.exe
C:\Program Files\Navilog1\Backupnavi\yejklopzk.exe
C:\Program Files\Navilog1\catchme.exe
C:\Program Files\Navilog1\GetPaths.exe
C:\Program Files\Navilog1\gnc.exe
C:\Program Files\Navilog1\navilog1.bat
C:\Program Files\Navilog1\navreb.bat
C:\Program Files\Navilog1\oem2ansi.exe
C:\Program Files\Navilog1\Process.exe
C:\Program Files\Navilog1\reboot.exe
C:\Program Files\Navilog1\reg.exe
C:\Program Files\Navilog1\regnavi.reg
C:\Program Files\Navilog1\Safebackup\backup_registry.dat
C:\Program Files\Navilog1\Safebackup\HKCU_Run.reg
C:\Program Files\Navilog1\Safebackup\HKLM_Arpcache.reg
C:\Program Files\Navilog1\Safebackup\HKLM_Run.reg
C:\Program Files\Navilog1\Safebackup\HKLM_Startupreg.reg
C:\Program Files\Navilog1\Safebackup\HKLM_Uninstall.reg
C:\Program Files\Navilog1\traite.bat
C:\Program Files\Navilog1\traite2.bat
C:\Program Files\Navilog1\traite3.bat
C:\Program Files\Navilog1\unins000.dat
C:\Program Files\Navilog1\unins000.exe
C:\SDFix
C:\SDFix\apps\assosfix.reg
C:\SDFix\apps\cliptext.exe
C:\SDFix\apps\download.exe
C:\SDFix\apps\dummy.sys
C:\SDFix\apps\Enable_Command_Prompt.reg
C:\SDFix\apps\ERDNT.E_E
C:\SDFix\apps\ERDNTDOS.LOC
C:\SDFix\apps\ERDNTWIN.LOC
C:\SDFix\apps\ERUNT.EXE
C:\SDFix\apps\ERUNT.LOC
C:\SDFix\apps\fix.reg
C:\SDFix\apps\FixBH.reg
C:\SDFix\apps\FixComponents.reg
C:\SDFix\apps\FIXCU.reg
C:\SDFix\apps\FIXLM.reg
C:\SDFix\apps\FixPath.exe
C:\SDFix\apps\FixRedir.reg
C:\SDFix\apps\FixSchedule.reg
C:\SDFix\apps\FixWebCheck.reg
C:\SDFix\apps\fixXP.reg
C:\SDFix\apps\FixXPsp2.reg
C:\SDFix\apps\grep.exe
C:\SDFix\apps\HPFix.reg
C:\SDFix\apps\HPFix2.reg
C:\SDFix\apps\HPFix3.reg
C:\SDFix\apps\HPFix4.reg
C:\SDFix\apps\HPFix5.reg
C:\SDFix\apps\HPFix6.reg
C:\SDFix\apps\HPFix7.reg
C:\SDFix\apps\HPFix8.reg
C:\SDFix\apps\HPFix9.reg
C:\SDFix\apps\isadmin.exe
C:\SDFix\apps\leg2.txt
C:\SDFix\apps\legacy.txt
C:\SDFix\apps\legacybk.txt
C:\SDFix\apps\locate.com
C:\SDFix\apps\LS.exe
C:\SDFix\apps\MD5File.exe
C:\SDFix\apps\MyGcpvFix.reg
C:\SDFix\apps\MyGkFix2.reg
C:\SDFix\apps\Process.exe
C:\SDFix\apps\procs.exe
C:\SDFix\apps\psservice.exe
C:\SDFix\apps\Rem.txt
C:\SDFix\apps\Rem2.txt
C:\SDFix\apps\Replace\regedit.exe
C:\SDFix\apps\Replace\W2K.exe
C:\SDFix\apps\Replace\w2k\beep.sys
C:\SDFix\apps\Replace\w2k\null.sys
C:\SDFix\apps\Replace\XP.exe
C:\SDFix\apps\Replace\xp\beep.sys
C:\SDFix\apps\Replace\xp\null.sys
C:\SDFix\apps\Reset_AppInit_DLLs.reg
C:\SDFix\apps\RestartIt!.exe
C:\SDFix\apps\Restore_SecurityCenter.reg
C:\SDFix\apps\Restore_SharedAccess.reg
C:\SDFix\apps\sc.exe
C:\SDFix\apps\sed.exe
C:\SDFix\apps\SF.exe
C:\SDFix\apps\shutdown.exe
C:\SDFix\apps\srv2.txt
C:\SDFix\apps\srv2bk.txt
C:\SDFix\apps\svc.txt
C:\SDFix\apps\svcbk.txt
C:\SDFix\apps\swreg.exe
C:\SDFix\apps\swsc.exe
C:\SDFix\apps\unzip.exe
C:\SDFix\apps\vfind.exe
C:\SDFix\apps\WINMSG.EXE
C:\SDFix\apps\winsec.reg
C:\SDFix\apps\zip.exe
C:\SDFix\attrib.exe
C:\SDFix\backupreg\AppInit_DLLs.reg
C:\SDFix\backupreg\bat_shell_open.reg
C:\SDFix\backupreg\BHO.reg
C:\SDFix\backupreg\com_shell_open.reg
C:\SDFix\backupreg\ControlPanel_Load.reg
C:\SDFix\backupreg\Drivers32.reg
C:\SDFix\backupreg\exe_shell_open.reg
C:\SDFix\backupreg\HKCU_SOFTWARE_Policy.reg
C:\SDFix\backupreg\HKCU_WINDOWS_Policy.reg
C:\SDFix\backupreg\HKCURun.reg
C:\SDFix\backupreg\HKCURunServices.reg
C:\SDFix\backupreg\HKLM_SOFTWARE_Policy.reg
C:\SDFix\backupreg\HKLM_WINDOWS_Policy.reg
C:\SDFix\backupreg\HKLMRun.reg
C:\SDFix\backupreg\HKLMRunServices.reg
C:\SDFix\backupreg\hta_shell_open.reg
C:\SDFix\backupreg\IEDesktop.reg
C:\SDFix\backupreg\IEMain.reg
C:\SDFix\backupreg\Installed_Components.reg
C:\SDFix\backupreg\pif_shell_open.reg
C:\SDFix\backupreg\reg_shell_open.reg
C:\SDFix\backupreg\SecurityProviders.reg
C:\SDFix\backupreg\SharedTaskScheduler.reg
C:\SDFix\backupreg\ShellServiceObjectDelayLoad.reg
C:\SDFix\backupreg\SubSystems.reg
C:\SDFix\backupreg\txt_shell_open.reg
C:\SDFix\backupreg\Winlogon.reg
C:\SDFix\backupreg\WinlogonNotify.reg
C:\SDFix\backups\msnav32.ax
C:\SDFix\backups\RepairRun09.reg
C:\SDFix\backups\rwwnw64d.exe
C:\SDFix\backups\zxdnt3d.cfg
C:\SDFix\backups_old\06.17.08_17_23_48.log
C:\SDFix\backups_old\06.17.08_17_29_13.log
C:\SDFix\backups_old\06.17.08_17_29_38.log
C:\SDFix\backups_old\accesss.exe
C:\SDFix\backups_old\asappsrv.dll
C:\SDFix\backups_old\astctl32.ocx
C:\SDFix\backups_old\atmtd.dll
C:\SDFix\backups_old\atmtd.dll._
C:\SDFix\backups_old\avpcc.dll
C:\SDFix\backups_old\clrssn.exe
C:\SDFix\backups_old\command.exe
C:\SDFix\backups_old\config.dat
C:\SDFix\backups_old\cpan.dll
C:\SDFix\backups_old\ctfmon32.exe
C:\SDFix\backups_old\ctrlpan.dll
C:\SDFix\backups_old\default.htm
C:\SDFix\backups_old\directx32.exe
C:\SDFix\backups_old\dnsrelay.dll
C:\SDFix\backups_old\editpad.exe
C:\SDFix\backups_old\explore.exe
C:\SDFix\backups_old\explorer32.exe
C:\SDFix\backups_old\filesbase.bin
C:\SDFix\backups_old\funniest.exe
C:\SDFix\backups_old\funny.exe
C:\SDFix\backups_old\gfmnaaa.dll
C:\SDFix\backups_old\global_virus_table.bin
C:\SDFix\backups_old\helpcvs.exe
C:\SDFix\backups_old\hljwugsf.bin
C:\SDFix\backups_old\iedll.exe
C:\SDFix\backups_old\iexplorer.exe
C:\SDFix\backups_old\iftuyszv.exe
C:\SDFix\backups_old\ignoredomainsbase.bin
C:\SDFix\backups_old\ignorefilesbase.bin
C:\SDFix\backups_old\ignoreregsbase.bin
C:\SDFix\backups_old\inetinf.exe
C:\SDFix\backups_old\internet.exe
C:\SDFix\backups_old\loader.exe
C:\SDFix\backups_old\mdReg.dll
C:\SDFix\backups_old\megavid.cdt
C:\SDFix\backups_old\mrofinu1000106.exe
C:\SDFix\backups_old\msconfd.dll
C:\SDFix\backups_old\msnav32.ax
C:\SDFix\backups_old\msspi.dll
C:\SDFix\backups_old\mssys.exe
C:\SDFix\backups_old\msupdate.exe
C:\SDFix\backups_old\mswsc10.dll
C:\SDFix\backups_old\mswsc20.dll
C:\SDFix\backups_old\mtwirl32.dll
C:\SDFix\backups_old\muotr.so
C:\SDFix\backups_old\netmon.exe
C:\SDFix\backups_old\netrax051080.exe
C:\SDFix\backups_old\netrax182328.exe
C:\SDFix\backups_old\notepad32.exe
C:\SDFix\backups_old\olehelp.exe
C:\SDFix\backups_old\pac.txt
C:\SDFix\backups_old\parser.exe
C:\SDFix\backups_old\qttasks.exe
C:\SDFix\backups_old\quicken.exe
C:\SDFix\backups_old\regbase.bin
C:\SDFix\backups_old\RepairVundo.reg
C:\SDFix\backups_old\rundll16.exe
C:\SDFix\backups_old\rundll32.vbe
C:\SDFix\backups_old\rwwnw64d.exe
C:\SDFix\backups_old\searchword.dll
C:\SDFix\backups_old\sistem.exe
C:\SDFix\backups_old\sm_ie_monitor.dll
C:\SDFix\backups_old\SpyMaxx.exe
C:\SDFix\backups_old\SpyMaxx.exe.MANIFEST
C:\SDFix\backups_old\stat.bin
C:\SDFix\backups_old\svchost32.exe
C:\SDFix\backups_old\svcinit.exe
C:\SDFix\backups_old\syscheck.log
C:\SDFix\backups_old\systeem.exe
C:\SDFix\backups_old\systemcritical.exe
C:\SDFix\backups_old\time.exe
C:\SDFix\backups_old\uninstall.exe
C:\SDFix\backups_old\uninstall.log
C:\SDFix\backups_old\uninstall_nmon.vbs
C:\SDFix\backups_old\urlbase.bin
C:\SDFix\backups_old\urqOFxYs.dll
C:\SDFix\backups_old\users32.exe
C:\SDFix\backups_old\waol.exe
C:\SDFix\backups_old\win32e.exe
C:\SDFix\backups_old\win64.exe
C:\SDFix\backups_old\winajbm.dll
C:\SDFix\backups_old\window.exe
C:\SDFix\backups_old\winmgnt.exe
C:\SDFix\backups_old\x.exe
C:\SDFix\backups_old\xplugin.dll
C:\SDFix\backups_old\xrlDv35Wsrl5xrK.vbs
C:\SDFix\backups_old\xxxvideo.hta
C:\SDFix\backups_old\y.exe
C:\SDFix\backups_old\zxdnt3d.cfg
C:\SDFix\backups_old1\RepairVundo.reg
C:\SDFix\bpTEST1.TXT
C:\SDFix\bpTEST3.TXT
C:\SDFix\catchme.exe
C:\SDFix\delavi0.txt
C:\SDFix\delzip0.txt
C:\SDFix\dest.txt
C:\SDFix\dummy.exe
C:\SDFix\dummy.sys
C:\SDFix\FileList1.txt
C:\SDFix\find.exe
C:\SDFix\Find.txt
C:\SDFix\FindAdbandrun1.txt
C:\SDFix\FindAdbandrun2.txt
C:\SDFix\FindAdbandrun3.txt
C:\SDFix\FindAdbandrun3a.txt
C:\SDFix\FindAdbandrun4.txt
C:\SDFix\FindAdbandrun4a.txt
C:\SDFix\FindAdbandrun5.txt
C:\SDFix\Findbhos1.txt
C:\SDFix\Findkrakenrun.txt
C:\SDFix\Findroguerun1.txt
C:\SDFix\Findrun.txt
C:\SDFix\Findrun002.txt
C:\SDFix\Findrun002a.txt
C:\SDFix\Findrun2.txt
C:\SDFix\Findrun3.txt
C:\SDFix\Findrun30.txt
C:\SDFix\Findrun30b.txt
C:\SDFix\Findrun31.txt
C:\SDFix\Findrun32.txt
C:\SDFix\findstr.exe
C:\SDFix\Findzip.txt
C:\SDFix\Foundsvc.txt
C:\SDFix\HOSTS
C:\SDFix\kill.txt
C:\SDFix\ndloc.txt
C:\SDFix\Patched2.txt
C:\SDFix\regedit.exe
C:\SDFix\RepairRun09.reg
C:\SDFix\RepairVundo1.reg
C:\SDFix\Report.txt
C:\SDFix\Report_old_1.txt
C:\SDFix\RunThis.bat
C:\SDFix\SDFIX_ReadMe_Online.url
C:\SDFix\userinfix.reg
C:\SDFix\W2K_CodecRepair.inf
C:\SDFix\XP_CodecRepair.inf
C:\Temp\itmp4
C:\Temp\itmp4\mkbv4i.log
C:\WINDOWS\BMf792fefd.xml
C:\WINDOWS\dXRpbGlzYXRldXI
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\{b59b4733-a217-1d58-94e9-cb72cb6e4076}.dll
C:\WINDOWS\system32\2690
C:\WINDOWS\system32\B93113129F.sys
C:\WINDOWS\system32\eftaxcis.dll
C:\WINDOWS\system32\ert
C:\WINDOWS\system32\ert\dinacomDE.exe
C:\WINDOWS\system32\g4.exe
C:\WINDOWS\system32\goc
C:\WINDOWS\system32\goc\vbashcom3.exe
C:\WINDOWS\system32\jownw64o.exe
C:\WINDOWS\system32\KGyGaAvL.sys
C:\WINDOWS\system32\khfETnlm.dll
C:\WINDOWS\system32\mlnTEfhk.ini
C:\WINDOWS\system32\mlnTEfhk.ini2
C:\WINDOWS\system32\MRI
C:\WINDOWS\system32\MRI\btuxderr.exe
C:\WINDOWS\system32\netrax05
C:\WINDOWS\system32\netrax18
C:\WINDOWS\system32\rdonwyiv.dll
C:\WINDOWS\system32\thacgbim.dll
C:\WINDOWS\system32\viywnodr.ini
C:\WINDOWS\system32\xeogxsjcbyocwdbc.dll-uninst.exe
C:\WINDOWS\system32\xeogxsjcbyocwdbc.dll
D:\Documents and Settings\All Users\Application Data\erreurchasseur
D:\Documents and Settings\All Users\Application Data\erreurchasseur\Data\ac
D:\Documents and Settings\All Users\Application Data\erreurchasseur\Data\ActivationDomain
D:\Documents and Settings\All Users\Application Data\erreurchasseur\Data\em
D:\Documents and Settings\All Users\Application Data\erreurchasseur\Data\ErreurChasseur.exe.cer
D:\Documents and Settings\All Users\Application Data\erreurchasseur\Data\oid
D:\Documents and Settings\All Users\Application Data\erreurchasseur\Data\save2.db
D:\Documents and Settings\All Users\Application Data\erreurchasseur\Data\user
D:\Documents and Settings\All Users\Application Data\SalesMon
D:\Documents and Settings\utilisateur\Application Data\setup_fr[1].exe
D:\Documents and Settings\utilisateur\lsass.exe
.
---- Previous Run -------
.
C:\Program Files\network monitor
C:\Program Files\SpyMaxx
C:\Temp\1cb
C:\WINDOWS\444.470
C:\WINDOWS\BMf792fefd.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\lfn.exe
C:\WINDOWS\mainms.vpi
C:\WINDOWS\portsv.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ecrwdhjj.ini
C:\WINDOWS\system32\efcATJAt.dll
C:\WINDOWS\system32\gside.exe
C:\WINDOWS\system32\jjhdwrce.dll
C:\WINDOWS\system32\mcntmadm.exe
C:\WINDOWS\system32\mcntpkdm.exe
C:\WINDOWS\system32\mcntpkdn.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mlnTEfhk.ini
C:\WINDOWS\system32\mlnTEfhk.ini2
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
C:\WINDOWS\system32\qhdbgoou.ini
C:\WINDOWS\system32\tcntaxdn.exe
C:\WINDOWS\system32\troqtuut.dll
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\yeehvfyy.dll
C:\WINDOWS\system32\zxdnt3d.cfg
D:\Documents and Settings\LocalService\Application Data\NetMon
D:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
D:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_PlugPlayRPC
-------\Service_PlugPlayRPC
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-18 to 2008-06-18 ))))))))))))))))))))))))))))))))))))
.
2008-06-18 17:45 . 2008-06-18 17:45 <REP> d-------- C:\WINDOWS\ERUNT
2008-06-18 16:45 . 2004-08-17 02:55 <REP> d--h----- D:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-06-18 16:45 . 2004-08-17 02:55 <REP> d--h----- D:\Documents and Settings\Administrateur\Voisinage d'impression
2008-06-18 16:45 . 2005-09-03 06:51 <REP> d--h----- D:\Documents and Settings\Administrateur\ModŠles
2008-06-18 16:45 . 2005-09-02 22:21 <REP> dr------- D:\Documents and Settings\Administrateur\Mes documents
2008-06-18 16:45 . 2005-09-03 06:51 <REP> dr------- D:\Documents and Settings\Administrateur\Menu D‚marrer
2008-06-18 16:45 . 2005-09-02 22:09 <REP> dr------- D:\Documents and Settings\Administrateur\Favoris
2008-06-18 16:45 . 2008-06-18 21:09 <REP> dr------- D:\Documents and Settings\Administrateur\Bureau
2008-06-18 16:45 . 2005-09-02 22:08 <REP> d-------- D:\Documents and Settings\Administrateur\Application Data\You've Got Pictures Screensaver
2008-06-18 16:45 . 2005-09-02 22:11 <REP> d-------- D:\Documents and Settings\Administrateur\Application Data\Symantec
2008-06-18 16:45 . 2008-06-18 16:45 <REP> d-------- D:\Documents and Settings\Administrateur
2008-06-18 16:08 . 2008-06-18 19:32 <REP> d-------- C:\HijackThis
2008-06-17 18:52 . 2008-06-17 18:53 63,918 --a------ C:\WINDOWS\system32\{b59b4733-a217-1d58-94e9-cb72cb6e4076}.dll-uninst.exe
2008-06-17 15:37 . 2008-06-17 15:37 <REP> dr------- D:\Documents and Settings\LocalService\Favoris
2008-06-17 15:37 . 2008-06-18 22:45 <REP> d-------- C:\Temp
2008-06-15 20:59 . 2008-06-15 20:59 <REP> d-------- C:\Program Files\Fichiers communs\Adobe AIR
2008-06-15 20:59 . 2008-06-15 20:59 <REP> d-------- C:\Program Files\Adobe Media Player
2008-06-13 14:30 . 2008-06-18 09:39 <REP> d-------- C:\Program Files\eMule
2008-06-11 19:01 . 2008-04-14 17:52 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 19:01 . 2008-04-14 17:52 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-18 19:14 --------- d-----w D:\Documents and Settings\utilisateur\Application Data\OpenOffice.org2
2008-06-17 15:47 --------- d-----w D:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-17 13:53 --------- d-----w C:\Program Files\Incomplete
2008-06-17 11:55 --------- d-----w D:\Documents and Settings\utilisateur\Application Data\LimeWire
2008-06-09 16:30 1,494 ----a-w D:\Documents and Settings\utilisateur\Application Data\filterclsid.dat
2008-05-17 20:04 --------- d-----w C:\Program Files\SopCast
2008-05-17 19:51 --------- d-----w C:\Program Files\TVAnts
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-03-05 09:24 61,808 ----a-w D:\Documents and Settings\utilisateur\Application Data\GDIPFONTCACHEV1.DAT
2008-02-13 17:29 61,224 ----a-w D:\Documents and Settings\utilisateur\GoToAssistDownloadHelper.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-18_21.17.21.42 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-18 19:09:16 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-18 20:47:35 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"RTEGPRS"="C:\Program Files\Fichiers communs\SmartCom\rtegprs.exe" [2006-01-13 18:19 2293760]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-16 20:28 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 14:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00 455168]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-08 16:55 57344]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 21:05 339968]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 13:25 14720000 C:\WINDOWS\RTHDCPL.EXE]
"Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 11:43 90112]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 13:48 127118]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 11:31 24576]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-09-14 18:08 24576]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2004-09-14 18:08 49152]
"Ulead AutoDetector"="C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-03-24 19:29 45056]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2003-09-29 08:10 81990]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2003-09-10 04:11 135251]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-09-02 22:14 180269]
"BigDog305"="C:\WINDOWS\VM305_STI.exe" [2005-08-05 15:15 61440]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-19 07:55 1838592]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 21:16 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 19:36 267048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\mpegacm.acm
"MSACM.MI-SC4"= MI-SC4.acm
[HKLM\~\startupfolder\D:^Documents and Settings^utilisateur^Menu Démarrer^Programmes^Démarrage^SM.lnk]
path=D:\Documents and Settings\utilisateur\Menu Démarrer\Programmes\Démarrage\SM.lnk
backup=C:\WINDOWS\pss\SM.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2005-06-29 19:09 17605160 C:\APPS\skype\phone\Skype.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\APPS\\Inventime\\my.exe"=
"C:\\Program Files\\WebEye\\WebEye.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\PPStream\\PPStream.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\APPS\\skype\\phone\\Skype.exe"=
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-05-27 12:51]
S3 mu05bus;Sagem Communication Mobile Platform MU2005 driver (WDM);C:\WINDOWS\system32\DRIVERS\mu05bus.sys [2005-08-01 22:42]
S3 mu05mdfl;Sagem Communication MU2005 CDC WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\mu05mdfl.sys [2005-08-01 22:44]
S3 mu05mdm;Sagem Communication MU2005 CDC WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\mu05mdm.sys [2005-08-01 22:44]
S3 mu05mgmt;Sagem Communication MU2005 CDC WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\mu05mgmt.sys [2005-08-01 22:45]
S3 mu05obex;Sagem Communication MU2005 CDC WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\mu05obex.sys [2005-08-01 22:46]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 13:44]
S3 ZSMC0305;VIMICRO USB PC Camera V;C:\WINDOWS\system32\Drivers\usbVM305.sys [2005-11-30 12:50]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26c01128-2ced-11da-8fa1-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-06-17 16:13:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-18 17:30:00 C:\WINDOWS\Tasks\Configurer mon PC.job"
- C:\Apps\SMP\PCSETUP.EXE
"2005-09-24 11:24:10 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-06-18 20:22:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
voila le rapport de hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:04, on 2008-06-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\SmartCom\rtegprs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fmsger%2ftabs%2f_pictos%2fcoca%2fPictoCoke02.png%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\SmartCom\rtegprs.exe" tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\QooBox\Quarantine\C\WINDOWS\system32\mcntpkdn.exe.vir
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rwwnw64d.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: VP-EYE.lnk = C:\VP-EYE\control\vpeyev4.exe
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Post Image to Blog - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Transload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5004
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5001
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
Re !
Recommence le CFScript avec toute les précautions d'usage avec :
File::
C:\WINDOWS\system32\{b59b4733-a217-1d58-94e9-cb72cb6e4076}.dll-uninst.exe
Driver::
Legacy_PlugPlayRPC
Service_PlugPlayRPC
Poste le rapport
a++
Recommence le CFScript avec toute les précautions d'usage avec :
File::
C:\WINDOWS\system32\{b59b4733-a217-1d58-94e9-cb72cb6e4076}.dll-uninst.exe
Driver::
Legacy_PlugPlayRPC
Service_PlugPlayRPC
Poste le rapport
a++
re
voici le rapport :
ComboFix 08-06-16.5 - utilisateur 2008-06-19 11:01:38.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.519 [GMT 2:00]
Endroit: D:\Documents and Settings\utilisateur\Bureau\ComboFix.exe
Command switches used :: D:\Documents and Settings\utilisateur\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
FILE ::
C:\WINDOWS\system32\{b59b4733-a217-1d58-94e9-cb72cb6e4076}.dll-uninst.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
D:\Documents and Settings\utilisateur\Menu Démarrer\Programmes\Démarrage\Deewoo.lnk
D:\Documents and Settings\utilisateur\Menu Démarrer\Programmes\Démarrage\DW_Start.lnk
.
---- Previous Run -------
.
C:\Program Files\ErreurChasseur
C:\Program Files\ErreurChasseur\atl71.dll
C:\Program Files\ErreurChasseur\kernel.dll
C:\Program Files\ErreurChasseur\License.rtf
C:\Program Files\ErreurChasseur\mfc71.dll
C:\Program Files\ErreurChasseur\msvcp71.dll
C:\Program Files\ErreurChasseur\msvcr71.dll
C:\Program Files\ErreurChasseur\Readme.rtf
C:\Program Files\ErreurChasseur\Res\Main.ico
C:\Program Files\ErreurChasseur\Res\RecycleBin.ico
C:\Program Files\ErreurChasseur\rm.url
C:\Program Files\ErreurChasseur\sr.log
C:\Program Files\ErreurChasseur\swupd.log
C:\Program Files\ErreurChasseur\SysRep.exe
C:\Program Files\ErreurChasseur\SysRep.exe.Log
C:\Program Files\ErreurChasseur\SysRep.exe.xml
C:\Program Files\ErreurChasseur\SysRep.url
C:\Program Files\ErreurChasseur\transpaid.exe
C:\Program Files\ErreurChasseur\ucookw.exe
C:\Program Files\ErreurChasseur\unins000.dat
C:\Program Files\ErreurChasseur\unins000.exe
C:\Program Files\ErreurChasseur\urls.ini
C:\Program Files\Fichiers communs\ErreurChasseur
C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe
C:\Program Files\Macrogaming
C:\Program Files\Macrogaming\SweetIM\conf\users\main_user_config.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\marine4_du75@hotmail.fr\emoticons_shortcut.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\marine4_du75@hotmail.fr\user_config.xml
C:\Program Files\Macrogaming\SweetIM\data\contentdb\[u]0/u1050001.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\cache_indx.dat
C:\Program Files\Navilog1
C:\Program Files\Navilog1\Backupnavi\afmugldcb.dat
C:\Program Files\Navilog1\Backupnavi\afmugldcb.exe
C:\Program Files\Navilog1\Backupnavi\afmugldcb_nav.dat
C:\Program Files\Navilog1\Backupnavi\afmugldcb_navps.dat
C:\Program Files\Navilog1\Backupnavi\aqqstk.exe
C:\Program Files\Navilog1\Backupnavi\bjtgjem.exe
C:\Program Files\Navilog1\Backupnavi\dfdsszlqx.exe
C:\Program Files\Navilog1\Backupnavi\dplpcew.exe
C:\Program Files\Navilog1\Backupnavi\drijhz.exe
C:\Program Files\Navilog1\Backupnavi\dtnmig.exe
C:\Program Files\Navilog1\Backupnavi\etegmzr.exe
C:\Program Files\Navilog1\Backupnavi\fbffipynf.exe
C:\Program Files\Navilog1\Backupnavi\fjocjnrpah.exe
C:\Program Files\Navilog1\Backupnavi\grcnmqgum.exe
C:\Program Files\Navilog1\Backupnavi\hdrmxel.exe
C:\Program Files\Navilog1\Backupnavi\hlwdfcnn.exe
C:\Program Files\Navilog1\Backupnavi\hqgddyx.exe
C:\Program Files\Navilog1\Backupnavi\iojrnzf.exe
C:\Program Files\Navilog1\Backupnavi\irpqwmdnh.exe
C:\Program Files\Navilog1\Backupnavi\iuxxbos.exe
C:\Program Files\Navilog1\Backupnavi\iuznncgiw.exe
C:\Program Files\Navilog1\Backupnavi\jaeptaisb.exe
C:\Program Files\Navilog1\Backupnavi\jdmvwa.exe
C:\Program Files\Navilog1\Backupnavi\khsfekiiq.exe
C:\Program Files\Navilog1\Backupnavi\kkopapsa.exe
C:\Program Files\Navilog1\Backupnavi\kuulcv.exe
C:\Program Files\Navilog1\Backupnavi\lcibtsmjh.exe
C:\Program Files\Navilog1\Backupnavi\lcrohg.exe
C:\Program Files\Navilog1\Backupnavi\lphalqo.exe
C:\Program Files\Navilog1\Backupnavi\lrducbjcev.exe
C:\Program Files\Navilog1\Backupnavi\mognpssn.exe
C:\Program Files\Navilog1\Backupnavi\mykrcax.exe
C:\Program Files\Navilog1\Backupnavi\ndbcqp.exe
C:\Program Files\Navilog1\Backupnavi\nhhcpwxks.exe
C:\Program Files\Navilog1\Backupnavi\nkrxgr.exe
C:\Program Files\Navilog1\Backupnavi\nleagiwus.exe
C:\Program Files\Navilog1\Backupnavi\odutyg.exe
C:\Program Files\Navilog1\Backupnavi\osfspw.exe
C:\Program Files\Navilog1\Backupnavi\ovkrpoxljw.exe
C:\Program Files\Navilog1\Backupnavi\qcwcsay.dat
C:\Program Files\Navilog1\Backupnavi\QCWCSAY.EXE-0BE6F2A8.pf
C:\Program Files\Navilog1\Backupnavi\qcwcsay.exe
C:\Program Files\Navilog1\Backupnavi\qcwcsay_nav.dat
C:\Program Files\Navilog1\Backupnavi\qcwcsay_navps.dat
C:\Program Files\Navilog1\Backupnavi\qcwcsay_navup.dat
C:\Program Files\Navilog1\Backupnavi\qxpqcds.exe
C:\Program Files\Navilog1\Backupnavi\qzsgqmotk.exe
C:\Program Files\Navilog1\Backupnavi\rdujei.exe
C:\Program Files\Navilog1\Backupnavi\rkotevlbn.exe
C:\Program Files\Navilog1\Backupnavi\sfcggm.exe
C:\Program Files\Navilog1\Backupnavi\sfzzrr.exe
C:\Program Files\Navilog1\Backupnavi\sgkdnwteob.exe
C:\Program Files\Navilog1\Backupnavi\sqatzte.exe
C:\Program Files\Navilog1\Backupnavi\tpdfqabedo.exe
C:\Program Files\Navilog1\Backupnavi\tsjhih.exe
C:\Program Files\Navilog1\Backupnavi\tssuprpwk.exe
C:\Program Files\Navilog1\Backupnavi\txtngfd.exe
C:\Program Files\Navilog1\Backupnavi\vkdejc.exe
C:\Program Files\Navilog1\Backupnavi\wzixcze.exe
C:\Program Files\Navilog1\Backupnavi\xakcpx.exe
C:\Program Files\Navilog1\Backupnavi\xrcugrtkkq.exe
C:\Program Files\Navilog1\Backupnavi\xvzfrahtqk.exe
C:\Program Files\Navilog1\Backupnavi\xyuvycm.exe
C:\Program Files\Navilog1\Backupnavi\yejklopzk.exe
C:\Program Files\Navilog1\catchme.exe
C:\Program Files\Navilog1\GetPaths.exe
C:\Program Files\Navilog1\gnc.exe
C:\Program Files\Navilog1\navilog1.bat
C:\Program Files\Navilog1\navreb.bat
C:\Program Files\Navilog1\oem2ansi.exe
C:\Program Files\Navilog1\Process.exe
C:\Program Files\Navilog1\reboot.exe
C:\Program Files\Navilog1\reg.exe
C:\Program Files\Navilog1\regnavi.reg
C:\Program Files\Navilog1\Safebackup\backup_registry.dat
C:\Program Files\Navilog1\Safebackup\HKCU_Run.reg
C:\Program Files\Navilog1\Safebackup\HKLM_Arpcache.reg
C:\Program Files\Navilog1\Safebackup\HKLM_Run.reg
C:\Program Files\Navilog1\Safebackup\HKLM_Startupreg.reg
C:\Program Files\Navilog1\Safebackup\HKLM_Uninstall.reg
C:\Program Files\Navilog1\traite.bat
C:\Program Files\Navilog1\traite2.bat
C:\Program Files\Navilog1\traite3.bat
C:\Program Files\Navilog1\unins000.dat
C:\Program Files\Navilog1\unins000.exe
C:\Program Files\network monitor
C:\Program Files\SpyMaxx
C:\SDFix
C:\SDFix\apps\assosfix.reg
C:\SDFix\apps\cliptext.exe
C:\SDFix\apps\download.exe
C:\SDFix\apps\dummy.sys
C:\SDFix\apps\Enable_Command_Prompt.reg
C:\SDFix\apps\ERDNT.E_E
C:\SDFix\apps\ERDNTDOS.LOC
C:\SDFix\apps\ERDNTWIN.LOC
C:\SDFix\apps\ERUNT.EXE
C:\SDFix\apps\ERUNT.LOC
C:\SDFix\apps\fix.reg
C:\SDFix\apps\FixBH.reg
C:\SDFix\apps\FixComponents.reg
C:\SDFix\apps\FIXCU.reg
C:\SDFix\apps\FIXLM.reg
C:\SDFix\apps\FixPath.exe
C:\SDFix\apps\FixRedir.reg
C:\SDFix\apps\FixSchedule.reg
C:\SDFix\apps\FixWebCheck.reg
C:\SDFix\apps\fixXP.reg
C:\SDFix\apps\FixXPsp2.reg
C:\SDFix\apps\grep.exe
C:\SDFix\apps\HPFix.reg
C:\SDFix\apps\HPFix2.reg
C:\SDFix\apps\HPFix3.reg
C:\SDFix\apps\HPFix4.reg
C:\SDFix\apps\HPFix5.reg
C:\SDFix\apps\HPFix6.reg
C:\SDFix\apps\HPFix7.reg
C:\SDFix\apps\HPFix8.reg
C:\SDFix\apps\HPFix9.reg
C:\SDFix\apps\isadmin.exe
C:\SDFix\apps\leg2.txt
C:\SDFix\apps\legacy.txt
C:\SDFix\apps\legacybk.txt
C:\SDFix\apps\locate.com
C:\SDFix\apps\LS.exe
C:\SDFix\apps\MD5File.exe
C:\SDFix\apps\MyGcpvFix.reg
C:\SDFix\apps\MyGkFix2.reg
C:\SDFix\apps\Process.exe
C:\SDFix\apps\procs.exe
C:\SDFix\apps\psservice.exe
C:\SDFix\apps\Rem.txt
C:\SDFix\apps\Rem2.txt
C:\SDFix\apps\Replace\regedit.exe
C:\SDFix\apps\Replace\W2K.exe
C:\SDFix\apps\Replace\w2k\beep.sys
C:\SDFix\apps\Replace\w2k\null.sys
C:\SDFix\apps\Replace\XP.exe
C:\SDFix\apps\Replace\xp\beep.sys
C:\SDFix\apps\Replace\xp\null.sys
C:\SDFix\apps\Reset_AppInit_DLLs.reg
C:\SDFix\apps\RestartIt!.exe
C:\SDFix\apps\Restore_SecurityCenter.reg
C:\SDFix\apps\Restore_SharedAccess.reg
C:\SDFix\apps\sc.exe
C:\SDFix\apps\sed.exe
C:\SDFix\apps\SF.exe
C:\SDFix\apps\shutdown.exe
C:\SDFix\apps\srv2.txt
C:\SDFix\apps\srv2bk.txt
C:\SDFix\apps\svc.txt
C:\SDFix\apps\svcbk.txt
C:\SDFix\apps\swreg.exe
C:\SDFix\apps\swsc.exe
C:\SDFix\apps\unzip.exe
C:\SDFix\apps\vfind.exe
C:\SDFix\apps\WINMSG.EXE
C:\SDFix\apps\winsec.reg
C:\SDFix\apps\zip.exe
C:\SDFix\attrib.exe
C:\SDFix\backupreg\AppInit_DLLs.reg
C:\SDFix\backupreg\bat_shell_open.reg
C:\SDFix\backupreg\BHO.reg
C:\SDFix\backupreg\com_shell_open.reg
C:\SDFix\backupreg\ControlPanel_Load.reg
C:\SDFix\backupreg\Drivers32.reg
C:\SDFix\backupreg\exe_shell_open.reg
C:\SDFix\backupreg\HKCU_SOFTWARE_Policy.reg
C:\SDFix\backupreg\HKCU_WINDOWS_Policy.reg
C:\SDFix\backupreg\HKCURun.reg
C:\SDFix\backupreg\HKCURunServices.reg
C:\SDFix\backupreg\HKLM_SOFTWARE_Policy.reg
C:\SDFix\backupreg\HKLM_WINDOWS_Policy.reg
C:\SDFix\backupreg\HKLMRun.reg
C:\SDFix\backupreg\HKLMRunServices.reg
C:\SDFix\backupreg\hta_shell_open.reg
C:\SDFix\backupreg\IEDesktop.reg
C:\SDFix\backupreg\IEMain.reg
C:\SDFix\backupreg\Installed_Components.reg
C:\SDFix\backupreg\pif_shell_open.reg
C:\SDFix\backupreg\reg_shell_open.reg
C:\SDFix\backupreg\SecurityProviders.reg
C:\SDFix\backupreg\SharedTaskScheduler.reg
C:\SDFix\backupreg\ShellServiceObjectDelayLoad.reg
C:\SDFix\backupreg\SubSystems.reg
C:\SDFix\backupreg\txt_shell_open.reg
C:\SDFix\backupreg\Winlogon.reg
C:\SDFix\backupreg\WinlogonNotify.reg
C:\SDFix\backups\msnav32.ax
C:\SDFix\backups\RepairRun09.reg
C:\SDFix\backups\rwwnw64d.exe
C:\SDFix\backups\zxdnt3d.cfg
C:\SDFix\backups_old\[u]0/u6.17.08_17_23_48.log
C:\SDFix\backups_old\[u]0/u6.17.08_17_29_13.log
C:\SDFix\backups_old\[u]0/u6.17.08_17_29_38.log
C:\SDFix\backups_old\accesss.exe
C:\SDFix\backups_old\asappsrv.dll
C:\SDFix\backups_old\astctl32.ocx
C:\SDFix\backups_old\atmtd.dll
C:\SDFix\backups_old\atmtd.dll._
C:\SDFix\backups_old\avpcc.dll
C:\SDFix\backups_old\clrssn.exe
C:\SDFix\backups_old\command.exe
C:\SDFix\backups_old\config.dat
C:\SDFix\backups_old\cpan.dll
C:\SDFix\backups_old\ctfmon32.exe
C:\SDFix\backups_old\ctrlpan.dll
C:\SDFix\backups_old\default.htm
C:\SDFix\backups_old\directx32.exe
C:\SDFix\backups_old\dnsrelay.dll
C:\SDFix\backups_old\editpad.exe
C:\SDFix\backups_old\explore.exe
C:\SDFix\backups_old\explorer32.exe
C:\SDFix\backups_old\filesbase.bin
C:\SDFix\backups_old\funniest.exe
C:\SDFix\backups_old\funny.exe
C:\SDFix\backups_old\gfmnaaa.dll
C:\SDFix\backups_old\global_virus_table.bin
C:\SDFix\backups_old\helpcvs.exe
C:\SDFix\backups_old\hljwugsf.bin
C:\SDFix\backups_old\iedll.exe
C:\SDFix\backups_old\iexplorer.exe
C:\SDFix\backups_old\iftuyszv.exe
C:\SDFix\backups_old\ignoredomainsbase.bin
C:\SDFix\backups_old\ignorefilesbase.bin
C:\SDFix\backups_old\ignoreregsbase.bin
C:\SDFix\backups_old\inetinf.exe
C:\SDFix\backups_old\internet.exe
C:\SDFix\backups_old\loader.exe
C:\SDFix\backups_old\mdReg.dll
C:\SDFix\backups_old\megavid.cdt
C:\SDFix\backups_old\mrofinu1000106.exe
C:\SDFix\backups_old\msconfd.dll
C:\SDFix\backups_old\msnav32.ax
C:\SDFix\backups_old\msspi.dll
C:\SDFix\backups_old\mssys.exe
C:\SDFix\backups_old\msupdate.exe
C:\SDFix\backups_old\mswsc10.dll
C:\SDFix\backups_old\mswsc20.dll
C:\SDFix\backups_old\mtwirl32.dll
C:\SDFix\backups_old\muotr.so
C:\SDFix\backups_old\netmon.exe
C:\SDFix\backups_old\netrax051080.exe
C:\SDFix\backups_old\netrax182328.exe
C:\SDFix\backups_old\notepad32.exe
C:\SDFix\backups_old\olehelp.exe
C:\SDFix\backups_old\pac.txt
C:\SDFix\backups_old\parser.exe
C:\SDFix\backups_old\qttasks.exe
C:\SDFix\backups_old\quicken.exe
C:\SDFix\backups_old\regbase.bin
C:\SDFix\backups_old\RepairVundo.reg
C:\SDFix\backups_old\rundll16.exe
C:\SDFix\backups_old\rundll32.vbe
C:\SDFix\backups_old\rwwnw64d.exe
C:\SDFix\backups_old\searchword.dll
C:\SDFix\backups_old\sistem.exe
C:\SDFix\backups_old\sm_ie_monitor.dll
C:\SDFix\backups_old\SpyMaxx.exe
C:\SDFix\backups_old\SpyMaxx.exe.MANIFEST
C:\SDFix\backups_old\stat.bin
C:\SDFix\backups_old\svchost32.exe
C:\SDFix\backups_old\svcinit.exe
C:\SDFix\backups_old\syscheck.log
C:\SDFix\backups_old\systeem.exe
C:\SDFix\backups_old\systemcritical.exe
C:\SDFix\backups_old\time.exe
C:\SDFix\backups_old\uninstall.exe
C:\SDFix\backups_old\uninstall.log
C:\SDFix\backups_old\uninstall_nmon.vbs
C:\SDFix\backups_old\urlbase.bin
C:\SDFix\backups_old\urqOFxYs.dll
C:\SDFix\backups_old\users32.exe
C:\SDFix\backups_old\waol.exe
C:\SDFix\backups_old\win32e.exe
C:\SDFix\backups_old\win64.exe
C:\SDFix\backups_old\winajbm.dll
C:\SDFix\backups_old\window.exe
C:\SDFix\backups_old\winmgnt.exe
C:\SDFix\backups_old\x.exe
C:\SDFix\backups_old\xplugin.dll
C:\SDFix\backups_old\xrlDv35Wsrl5xrK.vbs
C:\SDFix\backups_old\xxxvideo.hta
C:\SDFix\backups_old\y.exe
C:\SDFix\backups_old\zxdnt3d.cfg
C:\SDFix\backups_old1\RepairVundo.reg
C:\SDFix\bpTEST1.TXT
C:\SDFix\bpTEST3.TXT
C:\SDFix\catchme.exe
C:\SDFix\delavi0.txt
C:\SDFix\delzip0.txt
C:\SDFix\dest.txt
C:\SDFix\dummy.exe
C:\SDFix\dummy.sys
C:\SDFix\FileList1.txt
C:\SDFix\find.exe
C:\SDFix\Find.txt
C:\SDFix\FindAdbandrun1.txt
C:\SDFix\FindAdbandrun2.txt
C:\SDFix\FindAdbandrun3.txt
C:\SDFix\FindAdbandrun3a.txt
C:\SDFix\FindAdbandrun4.txt
C:\SDFix\FindAdbandrun4a.txt
C:\SDFix\FindAdbandrun5.txt
C:\SDFix\Findbhos1.txt
C:\SDFix\Findkrakenrun.txt
C:\SDFix\Findroguerun1.txt
C:\SDFix\Findrun.txt
C:\SDFix\Findrun002.txt
C:\SDFix\Findrun002a.txt
C:\SDFix\Findrun2.txt
C:\SDFix\Findrun3.txt
C:\SDFix\Findrun30.txt
C:\SDFix\Findrun30b.txt
C:\SDFix\Findrun31.txt
C:\SDFix\Findrun32.txt
C:\SDFix\findstr.exe
C:\SDFix\Findzip.txt
C:\SDFix\Foundsvc.txt
C:\SDFix\HOSTS
C:\SDFix\kill.txt
C:\SDFix\ndloc.txt
C:\SDFix\Patched2.txt
C:\SDFix\regedit.exe
C:\SDFix\RepairRun09.reg
C:\SDFix\RepairVundo1.reg
C:\SDFix\Report.txt
C:\SDFix\Report_old_1.txt
C:\SDFix\RunThis.bat
C:\SDFix\SDFIX_ReadMe_Online.url
C:\SDFix\userinfix.reg
C:\SDFix\W2K_CodecRepair.inf
C:\SDFix\XP_CodecRepair.inf
C:\Temp\1cb
C:\Temp\itmp4
C:\Temp\itmp4\mkbv4i.log
C:\WINDOWS\444.470
C:\WINDOWS\BMf792fefd.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\dXRpbGlzYXRldXI
C:\WINDOWS\lfn.exe
C:\WINDOWS\mainms.vpi
C:\WINDOWS\portsv.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\{b59b4733-a217-1d58-94e9-cb72cb6e4076}.dll
C:\WINDOWS\system32\2690
C:\WINDOWS\system32\B93113129F.sys
C:\WINDOWS\system32\ecrwdhjj.ini
C:\WINDOWS\system32\efcATJAt.dll
C:\WINDOWS\system32\eftaxcis.dll
C:\WINDOWS\system32\ert
C:\WINDOWS\system32\ert\dinacomDE.exe
C:\WINDOWS\system32\g4.exe
C:\WINDOWS\system32\goc
C:\WINDOWS\system32\goc\vbashcom3.exe
C:\WINDOWS\system32\gside.exe
C:\WINDOWS\system32\jjhdwrce.dll
C:\WINDOWS\system32\jownw64o.exe
C:\WINDOWS\system32\KGyGaAvL.sys
C:\WINDOWS\system32\khfETnlm.dll
C:\WINDOWS\system32\mcntmadm.exe
C:\WINDOWS\system32\mcntpkdm.exe
C:\WINDOWS\system32\mcntpkdn.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mlnTEfhk.ini
C:\WINDOWS\system32\mlnTEfhk.ini2
C:\WINDOWS\system32\MRI
C:\WINDOWS\system32\MRI\btuxderr.exe
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
C:\WINDOWS\system32\netrax05
C:\WINDOWS\system32\netrax18
C:\WINDOWS\system32\qhdbgoou.ini
C:\WINDOWS\system32\rdonwyiv.dll
C:\WINDOWS\system32\tcntaxdn.exe
C:\WINDOWS\system32\thacgbim.dll
C:\WINDOWS\system32\troqtuut.dll
C:\WINDOWS\system32\viywnodr.ini
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\xeogxsjcbyocwdbc.dll-uninst.exe
C:\WINDOWS\system32\xeogxsjcbyocwdbc.dll
C:\WINDOWS\system32\yeehvfyy.dll
C:\WINDOWS\system32\zxdnt3d.cfg
D:\Documents and Settings\All Users\Application Data\erreurchasseur
D:\Documents and Settings\All Users\Application Data\erreurchasseur\Data\ac
D:\Documents and Settings\All Users\Application Data\erreurchasseur\Data\ActivationDomain
D:\Documents and Settings\All Users\Application Data\erreurchasseur\Data\em
D:\Documents and Settings\All Users\Application Data\erreurchasseur\Data\ErreurChasseur.exe.cer
D:\Documents and Settings\All Users\Application Data\erreurchasseur\Data\oid
D:\Documents and Settings\All Users\Application Data\erreurchasseur\Data\save2.db
D:\Documents and Settings\All Users\Application Data\erreurchasseur\Data\user
D:\Documents and Settings\All Users\Application Data\SalesMon
D:\Documents and Settings\LocalService\Application Data\NetMon
D:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
D:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
D:\Documents and Settings\utilisateur\Application Data\setup_fr[1].exe
D:\Documents and Settings\utilisateur\lsass.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_PlugPlayRPC
-------\Service_PlugPlayRPC
((((((((((((((((((((((((((((( Fichiers créés 2008-05-19 to 2008-06-19 ))))))))))))))))))))))))))))))))))))
.
2008-06-18 17:45 . 2008-06-18 17:45 <REP> d-------- C:\WINDOWS\ERUNT
2008-06-18 16:45 . 2004-08-17 02:55 <REP> d--h----- D:\Documents and Settings\Administrateur\Voisinage réseau
2008-06-18 16:45 . 2004-08-17 02:55 <REP> d--h----- D:\Documents and Settings\Administrateur\Voisinage d'impression
2008-06-18 16:45 . 2005-09-03 06:51 <REP> d--h----- D:\Documents and Settings\Administrateur\Modèles
2008-06-18 16:45 . 2005-09-02 22:21 <REP> dr------- D:\Documents and Settings\Administrateur\Mes documents
2008-06-18 16:45 . 2005-09-03 06:51 <REP> dr------- D:\Documents and Settings\Administrateur\Menu Démarrer
2008-06-18 16:45 . 2005-09-02 22:09 <REP> dr------- D:\Documents and Settings\Administrateur\Favoris
2008-06-18 16:45 . 2008-06-18 21:09 <REP> dr------- D:\Documents and Settings\Administrateur\Bureau
2008-06-18 16:45 . 2005-09-02 22:08 <REP> d-------- D:\Documents and Settings\Administrateur\Application Data\You've Got Pictures Screensaver
2008-06-18 16:45 . 2005-09-02 22:11 <REP> d-------- D:\Documents and Settings\Administrateur\Application Data\Symantec
2008-06-18 16:45 . 2008-06-18 16:45 <REP> d-------- D:\Documents and Settings\Administrateur
2008-06-18 16:08 . 2008-06-18 23:04 <REP> d-------- C:\HijackThis
2008-06-17 18:52 . 2008-06-17 18:53 63,918 --a------ C:\WINDOWS\system32\{b59b4733-a217-1d58-94e9-cb72cb6e4076}.dll-uninst.exe
2008-06-17 15:37 . 2008-06-17 15:37 <REP> dr------- D:\Documents and Settings\LocalService\Favoris
2008-06-17 15:37 . 2008-06-18 22:45 <REP> d-------- C:\Temp
2008-06-15 20:59 . 2008-06-15 20:59 <REP> d-------- C:\Program Files\Fichiers communs\Adobe AIR
2008-06-15 20:59 . 2008-06-15 20:59 <REP> d-------- C:\Program Files\Adobe Media Player
2008-06-13 14:30 . 2008-06-18 09:39 <REP> d-------- C:\Program Files\eMule
2008-06-11 19:01 . 2008-04-14 17:52 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 19:01 . 2008-04-14 17:52 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-19 07:23 --------- d-----w D:\Documents and Settings\utilisateur\Application Data\OpenOffice.org2
2008-06-17 15:47 --------- d-----w D:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-17 13:53 --------- d-----w C:\Program Files\Incomplete
2008-06-17 11:55 --------- d-----w D:\Documents and Settings\utilisateur\Application Data\LimeWire
2008-06-09 16:30 1,494 ----a-w D:\Documents and Settings\utilisateur\Application Data\filterclsid.dat
2008-05-17 20:04 --------- d-----w C:\Program Files\SopCast
2008-05-17 19:51 --------- d-----w C:\Program Files\TVAnts
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:15 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-23 20:16 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:41 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:41 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 194,144 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-05 09:24 61,808 ----a-w D:\Documents and Settings\utilisateur\Application Data\GDIPFONTCACHEV1.DAT
2008-02-13 17:29 61,224 ----a-w D:\Documents and Settings\utilisateur\GoToAssistDownloadHelper.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-18_21.17.21.42 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-18 19:09:16 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-19 07:22:05 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"RTEGPRS"="C:\Program Files\Fichiers communs\SmartCom\rtegprs.exe" [2006-01-13 18:19 2293760]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-16 20:28 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 14:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00 455168]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-08 16:55 57344]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 21:05 339968]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 13:25 14720000 C:\WINDOWS\RTHDCPL.EXE]
"Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 11:43 90112]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 13:48 127118]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 11:31 24576]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-09-14 18:08 24576]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2004-09-14 18:08 49152]
"Ulead AutoDetector"="C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-03-24 19:29 45056]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2003-09-29 08:10 81990]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2003-09-10 04:11 135251]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-09-02 22:14 180269]
"BigDog305"="C:\WINDOWS\VM305_STI.exe" [2005-08-05 15:15 61440]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-19 07:55 1838592]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 21:16 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 19:36 267048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
D:\Documents and Settings\utilisateur\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]
VP-EYE.lnk - C:\VP-EYE\control\vpeyev4.exe [2004-05-06 08:57:50 1273856]
D:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
NaturalColorLoad.lnk - C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe [2005-09-24 13:30:04 155715]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784]
ZDWLan Utility.lnk - C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2007-06-22 13:58:25 487424]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\mpegacm.acm
"MSACM.MI-SC4"= MI-SC4.acm
[HKLM\~\startupfolder\D:^Documents and Settings^utilisateur^Menu Démarrer^Programmes^Démarrage^SM.lnk]
path=D:\Documents and Settings\utilisateur\Menu Démarrer\Programmes\Démarrage\SM.lnk
backup=C:\WINDOWS\pss\SM.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2005-06-29 19:09 17605160 C:\APPS\skype\phone\Skype.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\APPS\\Inventime\\my.exe"=
"C:\\Program Files\\WebEye\\WebEye.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\PPStream\\PPStream.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\APPS\\skype\\phone\\Skype.exe"=
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-05-27 12:51]
S3 mu05bus;Sagem Communication Mobile Platform MU2005 driver (WDM);C:\WINDOWS\system32\DRIVERS\mu05bus.sys [2005-08-01 22:42]
S3 mu05mdfl;Sagem Communication MU2005 CDC WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\mu05mdfl.sys [2005-08-01 22:44]
S3 mu05mdm;Sagem Communication MU2005 CDC WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\mu05mdm.sys [2005-08-01 22:44]
S3 mu05mgmt;Sagem Communication MU2005 CDC WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\mu05mgmt.sys [2005-08-01 22:45]
S3 mu05obex;Sagem Communication MU2005 CDC WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\mu05obex.sys [2005-08-01 22:46]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 13:44]
S3 ZSMC0305;VIMICRO USB PC Camera V;C:\WINDOWS\system32\Drivers\usbVM305.sys [2005-11-30 12:50]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26c01128-2ced-11da-8fa1-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-06-17 16:13:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-19 09:00:00 C:\WINDOWS\Tasks\Configurer mon PC.job"
- C:\Apps\SMP\PCSETUP.EXE
"2005-09-24 11:24:10 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-06-19 08:22:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-19 11:03:58
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MysqlInventime]
"ImagePath"="C:\Apps\INVENT~1\mysql\bin\mysqld-nt --defaults-file=C:\Apps\Inventime\mysql\my.ini MysqlInventime"
.
Temps d'accomplissement: 2008-06-19 11:05:57
ComboFix-quarantined-files.txt 2008-06-19 09:04:57
Pre-Run: 11,164,733,440 octets libres
Post-Run: 11,149,742,080 octets libres
620 --- E O F --- 2008-06-11 20:29:27
voici le rapport :
ComboFix 08-06-16.5 - utilisateur 2008-06-19 11:01:38.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.519 [GMT 2:00]
Endroit: D:\Documents and Settings\utilisateur\Bureau\ComboFix.exe
Command switches used :: D:\Documents and Settings\utilisateur\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
FILE ::
C:\WINDOWS\system32\{b59b4733-a217-1d58-94e9-cb72cb6e4076}.dll-uninst.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Documents and Settings\utilisateur\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
D:\Documents and Settings\utilisateur\Menu Démarrer\Programmes\Démarrage\Deewoo.lnk
D:\Documents and Settings\utilisateur\Menu Démarrer\Programmes\Démarrage\DW_Start.lnk
.
---- Previous Run -------
.
C:\Program Files\ErreurChasseur
C:\Program Files\ErreurChasseur\atl71.dll
C:\Program Files\ErreurChasseur\kernel.dll
C:\Program Files\ErreurChasseur\License.rtf
C:\Program Files\ErreurChasseur\mfc71.dll
C:\Program Files\ErreurChasseur\msvcp71.dll
C:\Program Files\ErreurChasseur\msvcr71.dll
C:\Program Files\ErreurChasseur\Readme.rtf
C:\Program Files\ErreurChasseur\Res\Main.ico
C:\Program Files\ErreurChasseur\Res\RecycleBin.ico
C:\Program Files\ErreurChasseur\rm.url
C:\Program Files\ErreurChasseur\sr.log
C:\Program Files\ErreurChasseur\swupd.log
C:\Program Files\ErreurChasseur\SysRep.exe
C:\Program Files\ErreurChasseur\SysRep.exe.Log
C:\Program Files\ErreurChasseur\SysRep.exe.xml
C:\Program Files\ErreurChasseur\SysRep.url
C:\Program Files\ErreurChasseur\transpaid.exe
C:\Program Files\ErreurChasseur\ucookw.exe
C:\Program Files\ErreurChasseur\unins000.dat
C:\Program Files\ErreurChasseur\unins000.exe
C:\Program Files\ErreurChasseur\urls.ini
C:\Program Files\Fichiers communs\ErreurChasseur
C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe
C:\Program Files\Macrogaming
C:\Program Files\Macrogaming\SweetIM\conf\users\main_user_config.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\marine4_du75@hotmail.fr\emoticons_shortcut.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\marine4_du75@hotmail.fr\user_config.xml
C:\Program Files\Macrogaming\SweetIM\data\contentdb\[u]0/u1050001.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\cache_indx.dat
C:\Program Files\Navilog1
C:\Program Files\Navilog1\Backupnavi\afmugldcb.dat
C:\Program Files\Navilog1\Backupnavi\afmugldcb.exe
C:\Program Files\Navilog1\Backupnavi\afmugldcb_nav.dat
C:\Program Files\Navilog1\Backupnavi\afmugldcb_navps.dat
C:\Program Files\Navilog1\Backupnavi\aqqstk.exe
C:\Program Files\Navilog1\Backupnavi\bjtgjem.exe
C:\Program Files\Navilog1\Backupnavi\dfdsszlqx.exe
C:\Program Files\Navilog1\Backupnavi\dplpcew.exe
C:\Program Files\Navilog1\Backupnavi\drijhz.exe
C:\Program Files\Navilog1\Backupnavi\dtnmig.exe
C:\Program Files\Navilog1\Backupnavi\etegmzr.exe
C:\Program Files\Navilog1\Backupnavi\fbffipynf.exe
C:\Program Files\Navilog1\Backupnavi\fjocjnrpah.exe
C:\Program Files\Navilog1\Backupnavi\grcnmqgum.exe
C:\Program Files\Navilog1\Backupnavi\hdrmxel.exe
C:\Program Files\Navilog1\Backupnavi\hlwdfcnn.exe
C:\Program Files\Navilog1\Backupnavi\hqgddyx.exe
C:\Program Files\Navilog1\Backupnavi\iojrnzf.exe
C:\Program Files\Navilog1\Backupnavi\irpqwmdnh.exe
C:\Program Files\Navilog1\Backupnavi\iuxxbos.exe
C:\Program Files\Navilog1\Backupnavi\iuznncgiw.exe
C:\Program Files\Navilog1\Backupnavi\jaeptaisb.exe
C:\Program Files\Navilog1\Backupnavi\jdmvwa.exe
C:\Program Files\Navilog1\Backupnavi\khsfekiiq.exe
C:\Program Files\Navilog1\Backupnavi\kkopapsa.exe
C:\Program Files\Navilog1\Backupnavi\kuulcv.exe
C:\Program Files\Navilog1\Backupnavi\lcibtsmjh.exe
C:\Program Files\Navilog1\Backupnavi\lcrohg.exe
C:\Program Files\Navilog1\Backupnavi\lphalqo.exe
C:\Program Files\Navilog1\Backupnavi\lrducbjcev.exe
C:\Program Files\Navilog1\Backupnavi\mognpssn.exe
C:\Program Files\Navilog1\Backupnavi\mykrcax.exe
C:\Program Files\Navilog1\Backupnavi\ndbcqp.exe
C:\Program Files\Navilog1\Backupnavi\nhhcpwxks.exe
C:\Program Files\Navilog1\Backupnavi\nkrxgr.exe
C:\Program Files\Navilog1\Backupnavi\nleagiwus.exe
C:\Program Files\Navilog1\Backupnavi\odutyg.exe
C:\Program Files\Navilog1\Backupnavi\osfspw.exe
C:\Program Files\Navilog1\Backupnavi\ovkrpoxljw.exe
C:\Program Files\Navilog1\Backupnavi\qcwcsay.dat
C:\Program Files\Navilog1\Backupnavi\QCWCSAY.EXE-0BE6F2A8.pf
C:\Program Files\Navilog1\Backupnavi\qcwcsay.exe
C:\Program Files\Navilog1\Backupnavi\qcwcsay_nav.dat
C:\Program Files\Navilog1\Backupnavi\qcwcsay_navps.dat
C:\Program Files\Navilog1\Backupnavi\qcwcsay_navup.dat
C:\Program Files\Navilog1\Backupnavi\qxpqcds.exe
C:\Program Files\Navilog1\Backupnavi\qzsgqmotk.exe
C:\Program Files\Navilog1\Backupnavi\rdujei.exe
C:\Program Files\Navilog1\Backupnavi\rkotevlbn.exe
C:\Program Files\Navilog1\Backupnavi\sfcggm.exe
C:\Program Files\Navilog1\Backupnavi\sfzzrr.exe
C:\Program Files\Navilog1\Backupnavi\sgkdnwteob.exe
C:\Program Files\Navilog1\Backupnavi\sqatzte.exe
C:\Program Files\Navilog1\Backupnavi\tpdfqabedo.exe
C:\Program Files\Navilog1\Backupnavi\tsjhih.exe
C:\Program Files\Navilog1\Backupnavi\tssuprpwk.exe
C:\Program Files\Navilog1\Backupnavi\txtngfd.exe
C:\Program Files\Navilog1\Backupnavi\vkdejc.exe
C:\Program Files\Navilog1\Backupnavi\wzixcze.exe
C:\Program Files\Navilog1\Backupnavi\xakcpx.exe
C:\Program Files\Navilog1\Backupnavi\xrcugrtkkq.exe
C:\Program Files\Navilog1\Backupnavi\xvzfrahtqk.exe
C:\Program Files\Navilog1\Backupnavi\xyuvycm.exe
C:\Program Files\Navilog1\Backupnavi\yejklopzk.exe
C:\Program Files\Navilog1\catchme.exe
C:\Program Files\Navilog1\GetPaths.exe
C:\Program Files\Navilog1\gnc.exe
C:\Program Files\Navilog1\navilog1.bat
C:\Program Files\Navilog1\navreb.bat
C:\Program Files\Navilog1\oem2ansi.exe
C:\Program Files\Navilog1\Process.exe
C:\Program Files\Navilog1\reboot.exe
C:\Program Files\Navilog1\reg.exe
C:\Program Files\Navilog1\regnavi.reg
C:\Program Files\Navilog1\Safebackup\backup_registry.dat
C:\Program Files\Navilog1\Safebackup\HKCU_Run.reg
C:\Program Files\Navilog1\Safebackup\HKLM_Arpcache.reg
C:\Program Files\Navilog1\Safebackup\HKLM_Run.reg
C:\Program Files\Navilog1\Safebackup\HKLM_Startupreg.reg
C:\Program Files\Navilog1\Safebackup\HKLM_Uninstall.reg
C:\Program Files\Navilog1\traite.bat
C:\Program Files\Navilog1\traite2.bat
C:\Program Files\Navilog1\traite3.bat
C:\Program Files\Navilog1\unins000.dat
C:\Program Files\Navilog1\unins000.exe
C:\Program Files\network monitor
C:\Program Files\SpyMaxx
C:\SDFix
C:\SDFix\apps\assosfix.reg
C:\SDFix\apps\cliptext.exe
C:\SDFix\apps\download.exe
C:\SDFix\apps\dummy.sys
C:\SDFix\apps\Enable_Command_Prompt.reg
C:\SDFix\apps\ERDNT.E_E
C:\SDFix\apps\ERDNTDOS.LOC
C:\SDFix\apps\ERDNTWIN.LOC
C:\SDFix\apps\ERUNT.EXE
C:\SDFix\apps\ERUNT.LOC
C:\SDFix\apps\fix.reg
C:\SDFix\apps\FixBH.reg
C:\SDFix\apps\FixComponents.reg
C:\SDFix\apps\FIXCU.reg
C:\SDFix\apps\FIXLM.reg
C:\SDFix\apps\FixPath.exe
C:\SDFix\apps\FixRedir.reg
C:\SDFix\apps\FixSchedule.reg
C:\SDFix\apps\FixWebCheck.reg
C:\SDFix\apps\fixXP.reg
C:\SDFix\apps\FixXPsp2.reg
C:\SDFix\apps\grep.exe
C:\SDFix\apps\HPFix.reg
C:\SDFix\apps\HPFix2.reg
C:\SDFix\apps\HPFix3.reg
C:\SDFix\apps\HPFix4.reg
C:\SDFix\apps\HPFix5.reg
C:\SDFix\apps\HPFix6.reg
C:\SDFix\apps\HPFix7.reg
C:\SDFix\apps\HPFix8.reg
C:\SDFix\apps\HPFix9.reg
C:\SDFix\apps\isadmin.exe
C:\SDFix\apps\leg2.txt
C:\SDFix\apps\legacy.txt
C:\SDFix\apps\legacybk.txt
C:\SDFix\apps\locate.com
C:\SDFix\apps\LS.exe
C:\SDFix\apps\MD5File.exe
C:\SDFix\apps\MyGcpvFix.reg
C:\SDFix\apps\MyGkFix2.reg
C:\SDFix\apps\Process.exe
C:\SDFix\apps\procs.exe
C:\SDFix\apps\psservice.exe
C:\SDFix\apps\Rem.txt
C:\SDFix\apps\Rem2.txt
C:\SDFix\apps\Replace\regedit.exe
C:\SDFix\apps\Replace\W2K.exe
C:\SDFix\apps\Replace\w2k\beep.sys
C:\SDFix\apps\Replace\w2k\null.sys
C:\SDFix\apps\Replace\XP.exe
C:\SDFix\apps\Replace\xp\beep.sys
C:\SDFix\apps\Replace\xp\null.sys
C:\SDFix\apps\Reset_AppInit_DLLs.reg
C:\SDFix\apps\RestartIt!.exe
C:\SDFix\apps\Restore_SecurityCenter.reg
C:\SDFix\apps\Restore_SharedAccess.reg
C:\SDFix\apps\sc.exe
C:\SDFix\apps\sed.exe
C:\SDFix\apps\SF.exe
C:\SDFix\apps\shutdown.exe
C:\SDFix\apps\srv2.txt
C:\SDFix\apps\srv2bk.txt
C:\SDFix\apps\svc.txt
C:\SDFix\apps\svcbk.txt
C:\SDFix\apps\swreg.exe
C:\SDFix\apps\swsc.exe
C:\SDFix\apps\unzip.exe
C:\SDFix\apps\vfind.exe
C:\SDFix\apps\WINMSG.EXE
C:\SDFix\apps\winsec.reg
C:\SDFix\apps\zip.exe
C:\SDFix\attrib.exe
C:\SDFix\backupreg\AppInit_DLLs.reg
C:\SDFix\backupreg\bat_shell_open.reg
C:\SDFix\backupreg\BHO.reg
C:\SDFix\backupreg\com_shell_open.reg
C:\SDFix\backupreg\ControlPanel_Load.reg
C:\SDFix\backupreg\Drivers32.reg
C:\SDFix\backupreg\exe_shell_open.reg
C:\SDFix\backupreg\HKCU_SOFTWARE_Policy.reg
C:\SDFix\backupreg\HKCU_WINDOWS_Policy.reg
C:\SDFix\backupreg\HKCURun.reg
C:\SDFix\backupreg\HKCURunServices.reg
C:\SDFix\backupreg\HKLM_SOFTWARE_Policy.reg
C:\SDFix\backupreg\HKLM_WINDOWS_Policy.reg
C:\SDFix\backupreg\HKLMRun.reg
C:\SDFix\backupreg\HKLMRunServices.reg
C:\SDFix\backupreg\hta_shell_open.reg
C:\SDFix\backupreg\IEDesktop.reg
C:\SDFix\backupreg\IEMain.reg
C:\SDFix\backupreg\Installed_Components.reg
C:\SDFix\backupreg\pif_shell_open.reg
C:\SDFix\backupreg\reg_shell_open.reg
C:\SDFix\backupreg\SecurityProviders.reg
C:\SDFix\backupreg\SharedTaskScheduler.reg
C:\SDFix\backupreg\ShellServiceObjectDelayLoad.reg
C:\SDFix\backupreg\SubSystems.reg
C:\SDFix\backupreg\txt_shell_open.reg
C:\SDFix\backupreg\Winlogon.reg
C:\SDFix\backupreg\WinlogonNotify.reg
C:\SDFix\backups\msnav32.ax
C:\SDFix\backups\RepairRun09.reg
C:\SDFix\backups\rwwnw64d.exe
C:\SDFix\backups\zxdnt3d.cfg
C:\SDFix\backups_old\[u]0/u6.17.08_17_23_48.log
C:\SDFix\backups_old\[u]0/u6.17.08_17_29_13.log
C:\SDFix\backups_old\[u]0/u6.17.08_17_29_38.log
C:\SDFix\backups_old\accesss.exe
C:\SDFix\backups_old\asappsrv.dll
C:\SDFix\backups_old\astctl32.ocx
C:\SDFix\backups_old\atmtd.dll
C:\SDFix\backups_old\atmtd.dll._
C:\SDFix\backups_old\avpcc.dll
C:\SDFix\backups_old\clrssn.exe
C:\SDFix\backups_old\command.exe
C:\SDFix\backups_old\config.dat
C:\SDFix\backups_old\cpan.dll
C:\SDFix\backups_old\ctfmon32.exe
C:\SDFix\backups_old\ctrlpan.dll
C:\SDFix\backups_old\default.htm
C:\SDFix\backups_old\directx32.exe
C:\SDFix\backups_old\dnsrelay.dll
C:\SDFix\backups_old\editpad.exe
C:\SDFix\backups_old\explore.exe
C:\SDFix\backups_old\explorer32.exe
C:\SDFix\backups_old\filesbase.bin
C:\SDFix\backups_old\funniest.exe
C:\SDFix\backups_old\funny.exe
C:\SDFix\backups_old\gfmnaaa.dll
C:\SDFix\backups_old\global_virus_table.bin
C:\SDFix\backups_old\helpcvs.exe
C:\SDFix\backups_old\hljwugsf.bin
C:\SDFix\backups_old\iedll.exe
C:\SDFix\backups_old\iexplorer.exe
C:\SDFix\backups_old\iftuyszv.exe
C:\SDFix\backups_old\ignoredomainsbase.bin
C:\SDFix\backups_old\ignorefilesbase.bin
C:\SDFix\backups_old\ignoreregsbase.bin
C:\SDFix\backups_old\inetinf.exe
C:\SDFix\backups_old\internet.exe
C:\SDFix\backups_old\loader.exe
C:\SDFix\backups_old\mdReg.dll
C:\SDFix\backups_old\megavid.cdt
C:\SDFix\backups_old\mrofinu1000106.exe
C:\SDFix\backups_old\msconfd.dll
C:\SDFix\backups_old\msnav32.ax
C:\SDFix\backups_old\msspi.dll
C:\SDFix\backups_old\mssys.exe
C:\SDFix\backups_old\msupdate.exe
C:\SDFix\backups_old\mswsc10.dll
C:\SDFix\backups_old\mswsc20.dll
C:\SDFix\backups_old\mtwirl32.dll
C:\SDFix\backups_old\muotr.so
C:\SDFix\backups_old\netmon.exe
C:\SDFix\backups_old\netrax051080.exe
C:\SDFix\backups_old\netrax182328.exe
C:\SDFix\backups_old\notepad32.exe
C:\SDFix\backups_old\olehelp.exe
C:\SDFix\backups_old\pac.txt
C:\SDFix\backups_old\parser.exe
C:\SDFix\backups_old\qttasks.exe
C:\SDFix\backups_old\quicken.exe
C:\SDFix\backups_old\regbase.bin
C:\SDFix\backups_old\RepairVundo.reg
C:\SDFix\backups_old\rundll16.exe
C:\SDFix\backups_old\rundll32.vbe
C:\SDFix\backups_old\rwwnw64d.exe
C:\SDFix\backups_old\searchword.dll
C:\SDFix\backups_old\sistem.exe
C:\SDFix\backups_old\sm_ie_monitor.dll
C:\SDFix\backups_old\SpyMaxx.exe
C:\SDFix\backups_old\SpyMaxx.exe.MANIFEST
C:\SDFix\backups_old\stat.bin
C:\SDFix\backups_old\svchost32.exe
C:\SDFix\backups_old\svcinit.exe
C:\SDFix\backups_old\syscheck.log
C:\SDFix\backups_old\systeem.exe
C:\SDFix\backups_old\systemcritical.exe
C:\SDFix\backups_old\time.exe
C:\SDFix\backups_old\uninstall.exe
C:\SDFix\backups_old\uninstall.log
C:\SDFix\backups_old\uninstall_nmon.vbs
C:\SDFix\backups_old\urlbase.bin
C:\SDFix\backups_old\urqOFxYs.dll
C:\SDFix\backups_old\users32.exe
C:\SDFix\backups_old\waol.exe
C:\SDFix\backups_old\win32e.exe
C:\SDFix\backups_old\win64.exe
C:\SDFix\backups_old\winajbm.dll
C:\SDFix\backups_old\window.exe
C:\SDFix\backups_old\winmgnt.exe
C:\SDFix\backups_old\x.exe
C:\SDFix\backups_old\xplugin.dll
C:\SDFix\backups_old\xrlDv35Wsrl5xrK.vbs
C:\SDFix\backups_old\xxxvideo.hta
C:\SDFix\backups_old\y.exe
C:\SDFix\backups_old\zxdnt3d.cfg
C:\SDFix\backups_old1\RepairVundo.reg
C:\SDFix\bpTEST1.TXT
C:\SDFix\bpTEST3.TXT
C:\SDFix\catchme.exe
C:\SDFix\delavi0.txt
C:\SDFix\delzip0.txt
C:\SDFix\dest.txt
C:\SDFix\dummy.exe
C:\SDFix\dummy.sys
C:\SDFix\FileList1.txt
C:\SDFix\find.exe
C:\SDFix\Find.txt
C:\SDFix\FindAdbandrun1.txt
C:\SDFix\FindAdbandrun2.txt
C:\SDFix\FindAdbandrun3.txt
C:\SDFix\FindAdbandrun3a.txt
C:\SDFix\FindAdbandrun4.txt
C:\SDFix\FindAdbandrun4a.txt
C:\SDFix\FindAdbandrun5.txt
C:\SDFix\Findbhos1.txt
C:\SDFix\Findkrakenrun.txt
C:\SDFix\Findroguerun1.txt
C:\SDFix\Findrun.txt
C:\SDFix\Findrun002.txt
C:\SDFix\Findrun002a.txt
C:\SDFix\Findrun2.txt
C:\SDFix\Findrun3.txt
C:\SDFix\Findrun30.txt
C:\SDFix\Findrun30b.txt
C:\SDFix\Findrun31.txt
C:\SDFix\Findrun32.txt
C:\SDFix\findstr.exe
C:\SDFix\Findzip.txt
C:\SDFix\Foundsvc.txt
C:\SDFix\HOSTS
C:\SDFix\kill.txt
C:\SDFix\ndloc.txt
C:\SDFix\Patched2.txt
C:\SDFix\regedit.exe
C:\SDFix\RepairRun09.reg
C:\SDFix\RepairVundo1.reg
C:\SDFix\Report.txt
C:\SDFix\Report_old_1.txt
C:\SDFix\RunThis.bat
C:\SDFix\SDFIX_ReadMe_Online.url
C:\SDFix\userinfix.reg
C:\SDFix\W2K_CodecRepair.inf
C:\SDFix\XP_CodecRepair.inf
C:\Temp\1cb
C:\Temp\itmp4
C:\Temp\itmp4\mkbv4i.log
C:\WINDOWS\444.470
C:\WINDOWS\BMf792fefd.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\dXRpbGlzYXRldXI
C:\WINDOWS\lfn.exe
C:\WINDOWS\mainms.vpi
C:\WINDOWS\portsv.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\{b59b4733-a217-1d58-94e9-cb72cb6e4076}.dll
C:\WINDOWS\system32\2690
C:\WINDOWS\system32\B93113129F.sys
C:\WINDOWS\system32\ecrwdhjj.ini
C:\WINDOWS\system32\efcATJAt.dll
C:\WINDOWS\system32\eftaxcis.dll
C:\WINDOWS\system32\ert
C:\WINDOWS\system32\ert\dinacomDE.exe
C:\WINDOWS\system32\g4.exe
C:\WINDOWS\system32\goc
C:\WINDOWS\system32\goc\vbashcom3.exe
C:\WINDOWS\system32\gside.exe
C:\WINDOWS\system32\jjhdwrce.dll
C:\WINDOWS\system32\jownw64o.exe
C:\WINDOWS\system32\KGyGaAvL.sys
C:\WINDOWS\system32\khfETnlm.dll
C:\WINDOWS\system32\mcntmadm.exe
C:\WINDOWS\system32\mcntpkdm.exe
C:\WINDOWS\system32\mcntpkdn.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mlnTEfhk.ini
C:\WINDOWS\system32\mlnTEfhk.ini2
C:\WINDOWS\system32\MRI
C:\WINDOWS\system32\MRI\btuxderr.exe
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
C:\WINDOWS\system32\netrax05
C:\WINDOWS\system32\netrax18
C:\WINDOWS\system32\qhdbgoou.ini
C:\WINDOWS\system32\rdonwyiv.dll
C:\WINDOWS\system32\tcntaxdn.exe
C:\WINDOWS\system32\thacgbim.dll
C:\WINDOWS\system32\troqtuut.dll
C:\WINDOWS\system32\viywnodr.ini
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\xeogxsjcbyocwdbc.dll-uninst.exe
C:\WINDOWS\system32\xeogxsjcbyocwdbc.dll
C:\WINDOWS\system32\yeehvfyy.dll
C:\WINDOWS\system32\zxdnt3d.cfg
D:\Documents and Settings\All Users\Application Data\erreurchasseur
D:\Documents and Settings\All Users\Application Data\erreurchasseur\Data\ac
D:\Documents and Settings\All Users\Application Data\erreurchasseur\Data\ActivationDomain
D:\Documents and Settings\All Users\Application Data\erreurchasseur\Data\em
D:\Documents and Settings\All Users\Application Data\erreurchasseur\Data\ErreurChasseur.exe.cer
D:\Documents and Settings\All Users\Application Data\erreurchasseur\Data\oid
D:\Documents and Settings\All Users\Application Data\erreurchasseur\Data\save2.db
D:\Documents and Settings\All Users\Application Data\erreurchasseur\Data\user
D:\Documents and Settings\All Users\Application Data\SalesMon
D:\Documents and Settings\LocalService\Application Data\NetMon
D:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
D:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
D:\Documents and Settings\utilisateur\Application Data\setup_fr[1].exe
D:\Documents and Settings\utilisateur\lsass.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_PlugPlayRPC
-------\Service_PlugPlayRPC
((((((((((((((((((((((((((((( Fichiers créés 2008-05-19 to 2008-06-19 ))))))))))))))))))))))))))))))))))))
.
2008-06-18 17:45 . 2008-06-18 17:45 <REP> d-------- C:\WINDOWS\ERUNT
2008-06-18 16:45 . 2004-08-17 02:55 <REP> d--h----- D:\Documents and Settings\Administrateur\Voisinage réseau
2008-06-18 16:45 . 2004-08-17 02:55 <REP> d--h----- D:\Documents and Settings\Administrateur\Voisinage d'impression
2008-06-18 16:45 . 2005-09-03 06:51 <REP> d--h----- D:\Documents and Settings\Administrateur\Modèles
2008-06-18 16:45 . 2005-09-02 22:21 <REP> dr------- D:\Documents and Settings\Administrateur\Mes documents
2008-06-18 16:45 . 2005-09-03 06:51 <REP> dr------- D:\Documents and Settings\Administrateur\Menu Démarrer
2008-06-18 16:45 . 2005-09-02 22:09 <REP> dr------- D:\Documents and Settings\Administrateur\Favoris
2008-06-18 16:45 . 2008-06-18 21:09 <REP> dr------- D:\Documents and Settings\Administrateur\Bureau
2008-06-18 16:45 . 2005-09-02 22:08 <REP> d-------- D:\Documents and Settings\Administrateur\Application Data\You've Got Pictures Screensaver
2008-06-18 16:45 . 2005-09-02 22:11 <REP> d-------- D:\Documents and Settings\Administrateur\Application Data\Symantec
2008-06-18 16:45 . 2008-06-18 16:45 <REP> d-------- D:\Documents and Settings\Administrateur
2008-06-18 16:08 . 2008-06-18 23:04 <REP> d-------- C:\HijackThis
2008-06-17 18:52 . 2008-06-17 18:53 63,918 --a------ C:\WINDOWS\system32\{b59b4733-a217-1d58-94e9-cb72cb6e4076}.dll-uninst.exe
2008-06-17 15:37 . 2008-06-17 15:37 <REP> dr------- D:\Documents and Settings\LocalService\Favoris
2008-06-17 15:37 . 2008-06-18 22:45 <REP> d-------- C:\Temp
2008-06-15 20:59 . 2008-06-15 20:59 <REP> d-------- C:\Program Files\Fichiers communs\Adobe AIR
2008-06-15 20:59 . 2008-06-15 20:59 <REP> d-------- C:\Program Files\Adobe Media Player
2008-06-13 14:30 . 2008-06-18 09:39 <REP> d-------- C:\Program Files\eMule
2008-06-11 19:01 . 2008-04-14 17:52 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 19:01 . 2008-04-14 17:52 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-19 07:23 --------- d-----w D:\Documents and Settings\utilisateur\Application Data\OpenOffice.org2
2008-06-17 15:47 --------- d-----w D:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-17 13:53 --------- d-----w C:\Program Files\Incomplete
2008-06-17 11:55 --------- d-----w D:\Documents and Settings\utilisateur\Application Data\LimeWire
2008-06-09 16:30 1,494 ----a-w D:\Documents and Settings\utilisateur\Application Data\filterclsid.dat
2008-05-17 20:04 --------- d-----w C:\Program Files\SopCast
2008-05-17 19:51 --------- d-----w C:\Program Files\TVAnts
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:15 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-23 20:16 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:41 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:41 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 194,144 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-05 09:24 61,808 ----a-w D:\Documents and Settings\utilisateur\Application Data\GDIPFONTCACHEV1.DAT
2008-02-13 17:29 61,224 ----a-w D:\Documents and Settings\utilisateur\GoToAssistDownloadHelper.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-18_21.17.21.42 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-18 19:09:16 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-19 07:22:05 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"RTEGPRS"="C:\Program Files\Fichiers communs\SmartCom\rtegprs.exe" [2006-01-13 18:19 2293760]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-16 20:28 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 14:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00 455168]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-08 16:55 57344]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 21:05 339968]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 13:25 14720000 C:\WINDOWS\RTHDCPL.EXE]
"Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 11:43 90112]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 13:48 127118]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 11:31 24576]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-09-14 18:08 24576]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2004-09-14 18:08 49152]
"Ulead AutoDetector"="C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-03-24 19:29 45056]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2003-09-29 08:10 81990]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2003-09-10 04:11 135251]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-09-02 22:14 180269]
"BigDog305"="C:\WINDOWS\VM305_STI.exe" [2005-08-05 15:15 61440]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-19 07:55 1838592]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 21:16 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 19:36 267048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
D:\Documents and Settings\utilisateur\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]
VP-EYE.lnk - C:\VP-EYE\control\vpeyev4.exe [2004-05-06 08:57:50 1273856]
D:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
NaturalColorLoad.lnk - C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe [2005-09-24 13:30:04 155715]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784]
ZDWLan Utility.lnk - C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2007-06-22 13:58:25 487424]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\mpegacm.acm
"MSACM.MI-SC4"= MI-SC4.acm
[HKLM\~\startupfolder\D:^Documents and Settings^utilisateur^Menu Démarrer^Programmes^Démarrage^SM.lnk]
path=D:\Documents and Settings\utilisateur\Menu Démarrer\Programmes\Démarrage\SM.lnk
backup=C:\WINDOWS\pss\SM.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2005-06-29 19:09 17605160 C:\APPS\skype\phone\Skype.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\APPS\\Inventime\\my.exe"=
"C:\\Program Files\\WebEye\\WebEye.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\PPStream\\PPStream.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\APPS\\skype\\phone\\Skype.exe"=
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-05-27 12:51]
S3 mu05bus;Sagem Communication Mobile Platform MU2005 driver (WDM);C:\WINDOWS\system32\DRIVERS\mu05bus.sys [2005-08-01 22:42]
S3 mu05mdfl;Sagem Communication MU2005 CDC WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\mu05mdfl.sys [2005-08-01 22:44]
S3 mu05mdm;Sagem Communication MU2005 CDC WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\mu05mdm.sys [2005-08-01 22:44]
S3 mu05mgmt;Sagem Communication MU2005 CDC WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\mu05mgmt.sys [2005-08-01 22:45]
S3 mu05obex;Sagem Communication MU2005 CDC WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\mu05obex.sys [2005-08-01 22:46]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 13:44]
S3 ZSMC0305;VIMICRO USB PC Camera V;C:\WINDOWS\system32\Drivers\usbVM305.sys [2005-11-30 12:50]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26c01128-2ced-11da-8fa1-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-06-17 16:13:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-19 09:00:00 C:\WINDOWS\Tasks\Configurer mon PC.job"
- C:\Apps\SMP\PCSETUP.EXE
"2005-09-24 11:24:10 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-06-19 08:22:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-19 11:03:58
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MysqlInventime]
"ImagePath"="C:\Apps\INVENT~1\mysql\bin\mysqld-nt --defaults-file=C:\Apps\Inventime\mysql\my.ini MysqlInventime"
.
Temps d'accomplissement: 2008-06-19 11:05:57
ComboFix-quarantined-files.txt 2008-06-19 09:04:57
Pre-Run: 11,164,733,440 octets libres
Post-Run: 11,149,742,080 octets libres
620 --- E O F --- 2008-06-11 20:29:27
Re !
Bon il résiste.
Télécharge The Avenger par Swandog46 sur ton Bureau:
Fait un clique droit sur ' Avenger.zip ' > extraire tout ( toujours sur le bureau )
Copie tout le texte en gras ci-dessous (CTRL+C) :
Begin copying here:
Drivers to delete:
PlugPlayRPC
Files to delete:
C:\WINDOWS\system32\{b59b4733-a217-1d58-94e9-cb72cb6e4076}.dll-uninst.exe
→ Maintenant, lance The Avenger en cliquant sur son icône du bureau.
Un message en anglais va te demander de confirmer , répond ' OK '
Dans le cadre qui apparait sous 'input script there ' Colle le texte copié précédemment ( CTRL +V )
Vérifie que les cases ' Scan for rootkit ' & 'Automatically disable any rootkits found ' soient cochées.
Clique sur ' Execute '
...........The Avenger va automatiquement faire ce qui suit:
→ Redémarrage du pc .....
→ Pendant le re-démarrage, il apparaitra brièvement une fenêtre de commande de windows noire sur ton bureau -> NORMAL.
→ Après le re-démarrage, il crée un fichier log qui s'ouvrira, faisant apparaitre les actions exécutées par The Avenger. Ce fichier log se trouve ici : C:\avenger.txt
→ Copie-en le contenu et poste le moi.
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Bon il résiste.
Télécharge The Avenger par Swandog46 sur ton Bureau:
Fait un clique droit sur ' Avenger.zip ' > extraire tout ( toujours sur le bureau )
Copie tout le texte en gras ci-dessous (CTRL+C) :
Begin copying here:
Drivers to delete:
PlugPlayRPC
Files to delete:
C:\WINDOWS\system32\{b59b4733-a217-1d58-94e9-cb72cb6e4076}.dll-uninst.exe
→ Maintenant, lance The Avenger en cliquant sur son icône du bureau.
Un message en anglais va te demander de confirmer , répond ' OK '
Dans le cadre qui apparait sous 'input script there ' Colle le texte copié précédemment ( CTRL +V )
Vérifie que les cases ' Scan for rootkit ' & 'Automatically disable any rootkits found ' soient cochées.
Clique sur ' Execute '
...........The Avenger va automatiquement faire ce qui suit:
→ Redémarrage du pc .....
→ Pendant le re-démarrage, il apparaitra brièvement une fenêtre de commande de windows noire sur ton bureau -> NORMAL.
→ Après le re-démarrage, il crée un fichier log qui s'ouvrira, faisant apparaitre les actions exécutées par The Avenger. Ce fichier log se trouve ici : C:\avenger.txt
→ Copie-en le contenu et poste le moi.
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
re
le voici :
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\PlugPlayRPC" not found!
Deletion of driver "PlugPlayRPC" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\{b59b4733-a217-1d58-94e9-cb72cb6e4076}.dll-uninst.exe" not found!
Deletion of file "C:\WINDOWS\system32\{b59b4733-a217-1d58-94e9-cb72cb6e4076}.dll-uninst.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Completed script processing.
*******************
Finished! Terminate.
le voici :
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\PlugPlayRPC" not found!
Deletion of driver "PlugPlayRPC" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\{b59b4733-a217-1d58-94e9-cb72cb6e4076}.dll-uninst.exe" not found!
Deletion of file "C:\WINDOWS\system32\{b59b4733-a217-1d58-94e9-cb72cb6e4076}.dll-uninst.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Completed script processing.
*******************
Finished! Terminate.
Re ,,
Rend-toi à l'onglet affichage .
Menu "Outils"
" Option des dossiers "
Onglet "Affichage"
Active la case "Afficher les fichiers et dossiers cachés".
Désactive la case "Masquer les extensions des fichiers dont le type est connu".
Désactive la case "Masquer les fichiers protégés du système d'exploitation".
Cliques sur "Appliquer à tous les dossiers".
Tuto : http://pitcatsite.ovh.org/html/dossierwindows.html
Et cherche ce fichier :
C:\WINDOWS\system32\{b59b4733-a217-1d58-94e9-cb72cb6e4076}.dll-uninst.exe
Supprime-le si tu le trouves.
Et reposte moi un rapport Hijackthis.
A++
Rend-toi à l'onglet affichage .
Menu "Outils"
" Option des dossiers "
Onglet "Affichage"
Active la case "Afficher les fichiers et dossiers cachés".
Désactive la case "Masquer les extensions des fichiers dont le type est connu".
Désactive la case "Masquer les fichiers protégés du système d'exploitation".
Cliques sur "Appliquer à tous les dossiers".
Tuto : http://pitcatsite.ovh.org/html/dossierwindows.html
Et cherche ce fichier :
C:\WINDOWS\system32\{b59b4733-a217-1d58-94e9-cb72cb6e4076}.dll-uninst.exe
Supprime-le si tu le trouves.
Et reposte moi un rapport Hijackthis.
A++