Mes vidéos rame(flv, avi)

Résolu
hotfightersfr Messages postés 77 Date d'inscription   Statut Membre Dernière intervention   -  
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   -
Bonjour,

mon pc rame progressivement puis à mort quand je regarde une vidéo en plus il s'éteind quand
je scan avec un anti-virus ou ad-ware en mode sans échec. j'ai fait un
scan avec malwarebytes en mode normal j'ai supprimé redémarrer resupprimé.voila ma config +
mon log malwarebytes et highjackthis

Système d'exploitation Microsoft Windows XP Édition familiale
Version 5.1.2600 Service Pack 2 Nu 2600
Éditeur Microsoft Corporation
Ordinateur HUEBMAST-82AFFD
Fabricant Acer
Modèle Aspire 3610
Type PC à base X86
Processeur x86 Family 6 Model 13 Stepping 8 GenuineIntel ~1596 Mhz
Version du BIOS/Date Phoenix Technologies LTD V1.07, 26/09/2005
Version SMBIOS 2.31
Répertoire Windows C:\WINDOWS
Répertoire système C:\WINDOWS\system32
Périphérique de démarrage \Device\HarddiskVolume2
Option régionale France
Couche d'abstraction matérielle Version = "5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)"
Utilisateur HUEBMAST-82AFFD\huebmaster
Fuseaux horaires Paris, Madrid
Mémoire physique totale 512,00 Mo
Mémoire physique disponible 193,63 Mo
Mémoire virtuelle totale 2,00 Go
Mémoire virtuelle disponible 1,96 Go
Espace pour le fichier d'échange 1,93 Go
Fichier d'échange C:\pagefile.sys

Malwarebytes' Anti-Malware 1.20
Version de la base de données: 957
Windows 5.1.2600 Service Pack 2

22:37:38 16/07/2008
mbam-log-7-16-2008 (22-37-38).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 208610
Temps écoulé: 1 hour(s), 10 minute(s), 48 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Casino (Adware.Casino) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

ET VOILA HIGHJACKTHIS
ON M'A DIT QUE CT CA LE PROBLEME
C:\Program Files\Search Settings\SearchSettings.exe
MAIS COMME VOUS POUVEZ LE VOIR PLUS BAS IL EST ENCORE LA

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:32:04, on 17/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.ionos.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: (no name) - {F1836094-57CF-41F7-83A0-37624EC24E78} - C:\WINDOWS\system32\catsrvp.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\huebmaster\Application Data\Dealio\kb127\res\DealioSearch.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{077B5B77-B0F2-42A5-8C83-FF62C0E4DD57}: NameServer = 192.168.1.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll,avgrsstx.dll,
O23 - Service: .NETSecurity - Unknown owner - C:\WINDOWS\system32\netsecurity.exe (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)
O23 - Service: AVG8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

MERCI D'AVANCE A CEUX QUI ME REPONDRANT
--
End of file - 6990 bytes
Configuration: Windows XP
Firefox 3.0

21 réponses

  • 1
  • 2
  1. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Salut,

    * Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
    https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

    * Lance l'installation du programme en exécutant le fichier téléchargé.
    * Double-clique maintenant sur le raccourci de Toolbar-S&D.
    * Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
    * Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
    * Poste le rapport généré. (C:\TB.txt)
    0
  2. hotfightersfr Messages postés 77 Date d'inscription   Statut Membre Dernière intervention   2
     
    voilà!

    -----------\\ ToolBar S&D 1.0.5 XP/Vista

    [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
    [ USER : huebmaster ] [ "C:\Toolbar SD" ] [ Selection : 1 ]
    [ 17/07/2008 | 2:49:41,45 ] [ PC : HUEBMAST-82AFFD ]
    [ MAJ : 16-07-2008 | 1:40 ]

    -----------\\ Recherche de Fichiers / Dossiers ...

    C:\DOCUME~1\HUEBMA~1\APPLIC~1\Dealio
    C:\DOCUME~1\HUEBMA~1\APPLIC~1\Dealio\kb127
    C:\Program Files\Dealio
    C:\Program Files\Dealio\DealioAU.exe
    C:\Program Files\Dealio\kb127
    C:\Program Files\Dealio\SearchSettingsKit.exe
    C:\WINDOWS\Prefetch\DEALIOAU.EXE-0D71B01B.pf
    C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Dealio
    C:\WINDOWS\Prefetch\SEARCHSETTINGS.EXE-30EFBC20.pf
    C:\DOCUME~1\HUEBMA~1\APPLIC~1\Search Settings
    C:\DOCUME~1\HUEBMA~1\APPLIC~1\Search Settings\kb127
    C:\Program Files\Search Settings
    C:\Program Files\Search Settings\kb127
    C:\Program Files\Search Settings\SearchSettings.exe
    0
  3. hotfightersfr Messages postés 77 Date d'inscription   Statut Membre Dernière intervention   2
     
    dsl

    -----------\\ ToolBar S&D 1.0.5 XP/Vista

    [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
    [ USER : huebmaster ] [ "C:\Toolbar SD" ] [ Selection : 1 ]
    [ 17/07/2008 | 2:49:41,45 ] [ PC : HUEBMAST-82AFFD ]
    [ MAJ : 16-07-2008 | 1:40 ]

    -----------\\ Recherche de Fichiers / Dossiers ...

    C:\DOCUME~1\HUEBMA~1\APPLIC~1\Dealio
    C:\DOCUME~1\HUEBMA~1\APPLIC~1\Dealio\kb127
    C:\Program Files\Dealio
    C:\Program Files\Dealio\DealioAU.exe
    C:\Program Files\Dealio\kb127
    C:\Program Files\Dealio\SearchSettingsKit.exe
    C:\WINDOWS\Prefetch\DEALIOAU.EXE-0D71B01B.pf
    C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Dealio
    C:\WINDOWS\Prefetch\SEARCHSETTINGS.EXE-30EFBC20.pf
    C:\DOCUME~1\HUEBMA~1\APPLIC~1\Search Settings
    C:\DOCUME~1\HUEBMA~1\APPLIC~1\Search Settings\kb127
    C:\Program Files\Search Settings
    C:\Program Files\Search Settings\kb127
    C:\Program Files\Search Settings\SearchSettings.exe

    -----------\\ Extensions

    (All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

    (huebmaster) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
    (huebmaster) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Search Page"="https://www.google.com/?gws_rd=ssl"
    "Start Page"="https://www.ionos.fr/"
    "Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
    "Url"="http://www.microsoft.com/athome/community/rss.xml"
    "Url"="http://rss.msn.com/en-us/?feedoutput=rss&ocid=iehrs&unsub=true"
    "Url"="http://www.microsoft.com/atwork/community/rss.xml"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="https://www.01net.com/telecharger/"
    "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Start Page"="https://www.01net.com/telecharger/"
    "Search Bar"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm"

    -----------\\ Fin du rapport a 2:51:12,07
    0
  4. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Relance ToolBar S&D, fais l'option 2 et poste le rapport.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. hotfightersfr Messages postés 77 Date d'inscription   Statut Membre Dernière intervention   2
     
    -----------\\ ToolBar S&D 1.0.5 XP/Vista

    [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
    [ USER : huebmaster ] [ "C:\Toolbar SD" ] [ Selection : 2 ]
    [ 17/07/2008 | 2:57:19,15 ] [ PC : HUEBMAST-82AFFD ]
    [ MAJ : 16-07-2008 | 1:40 ]

    -----------\\ SUPPRESSION

    Supprime! - C:\DOCUME~1\HUEBMA~1\APPLIC~1\Dealio\kb127
    Supprime! - C:\Program Files\Dealio\DealioAU.exe
    Supprime! - C:\Program Files\Dealio\kb127
    Supprime! - C:\Program Files\Dealio\SearchSettingsKit.exe
    Supprime! - C:\WINDOWS\Prefetch\DEALIOAU.EXE-0D71B01B.pf
    Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Dealio
    Supprime! - C:\WINDOWS\Prefetch\SEARCHSETTINGS.EXE-30EFBC20.pf
    Supprime! - C:\DOCUME~1\HUEBMA~1\APPLIC~1\Search Settings\kb127
    Supprime! - C:\Program Files\Search Settings\kb127
    Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
    Supprime! - C:\DOCUME~1\HUEBMA~1\APPLIC~1\Dealio
    Supprime! - C:\Program Files\Dealio
    Supprime! - C:\DOCUME~1\HUEBMA~1\APPLIC~1\Search Settings
    Supprime! - C:\Program Files\Search Settings

    -----------\\ Recherche de Fichiers / Dossiers ...

    -----------\\ Extensions

    (All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

    (huebmaster) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
    (huebmaster) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Search Page"="https://www.google.com/?gws_rd=ssl"
    "Start Page"="https://www.ionos.fr/"
    "Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
    "Url"="http://www.microsoft.com/athome/community/rss.xml"
    "Url"="http://rss.msn.com/en-us/?feedoutput=rss&ocid=iehrs&unsub=true"
    "Url"="http://www.microsoft.com/atwork/community/rss.xml"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="https://www.01net.com/telecharger/"
    "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Start Page"="https://www.01net.com/telecharger/"
    "Search Bar"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm"

    -----------\\ Fin du rapport a 2:59:30,76
    0
  7. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Poste un nouveau rapport HijackThis.
    0
  8. hotfightersfr Messages postés 77 Date d'inscription   Statut Membre Dernière intervention   2
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 03:09:54, on 17/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    D:\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    D:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.ionos.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (file missing)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
    O2 - BHO: (no name) - {F1836094-57CF-41F7-83A0-37624EC24E78} - C:\WINDOWS\system32\catsrvp.dll
    O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O17 - HKLM\System\CCS\Services\Tcpip\..\{077B5B77-B0F2-42A5-8C83-FF62C0E4DD57}: NameServer = 192.168.1.1
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll,avgrsstx.dll,
    O23 - Service: .NETSecurity - Unknown owner - C:\WINDOWS\system32\netsecurity.exe (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)
    O23 - Service: AVG8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    0
  9. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    ---> Relance HijackThis et choisis Do a system scan only

    ---> Coche les cases qui sont devant les lignes suivantes :

    R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (file missing)

    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

    O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)

    O2 - BHO: (no name) - {F1836094-57CF-41F7-83A0-37624EC24E78} - C:\WINDOWS\system32\catsrvp.dll

    O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)

    O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)

    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    ---> Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.

    ---> Redémarre ton PC

    ---> Télécharge OTMoveIt2 à partir du lien ci-dessous :
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe

    ---> Enregistre le fichier sur le Bureau.

    ---> Double-clique sur le fichier OTMoveIt2.exe pour lancer l'outil.
    Assure-toi que la case Unregister Dll's and Ocx's soit bien cochée.

    ---> Copie l'intégralité du texte ci-dessous et colle-le dans la fenêtre intitulée Paste Standard List of Files/Folders to be moved.

    C:\WINDOWS\system32\catsrvp.dll

    ---> Clique sur MoveIt! pour lancer la suppression.
    Lorsqu'un résultat apparaît dans le cadre Results, clique sur Exit.

    Note : Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES.

    ---> Poste le rapport de OTMoveIt qui se trouve dans C:\_OTMoveIt\MovedFiles.

    ---> Poste un nouveau rapport HijackThis
    0
  10. hotfightersfr Messages postés 77 Date d'inscription   Statut Membre Dernière intervention   2
     
    APPAREMMENT CA A PAS MARCHE

    DllUnregisterServer procedure not found in C:\WINDOWS\system32\catsrvp.dll
    C:\WINDOWS\system32\catsrvp.dll NOT unregistered.
    File move failed. C:\WINDOWS\system32\catsrvp.dll scheduled to be moved on reboot.

    OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07172008_032628

    Files moved on Reboot...
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\catsrvp.dll
    C:\WINDOWS\system32\catsrvp.dll NOT unregistered.
    File move failed. C:\WINDOWS\system32\catsrvp.dll scheduled to be moved on reboot.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 03:33:10, on 17/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    D:\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    \?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
    D:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.ionos.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {F1836094-57CF-41F7-83A0-37624EC24E78} - C:\WINDOWS\system32\catsrvp.dll
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{077B5B77-B0F2-42A5-8C83-FF62C0E4DD57}: NameServer = 192.168.1.1
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll,avgrsstx.dll,
    O23 - Service: .NETSecurity - Unknown owner - C:\WINDOWS\system32\netsecurity.exe (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)
    O23 - Service: AVG8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    0
  11. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Le troyen n'a pas voulu bouger. Je sors le bazooka.

    ---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    /!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

    ---> Double-clique sur Combofix.exe
    Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
    Accepte en cliquant sur "Oui"

    ---> Mets-le en langue française F
    Tape sur la touche 1 (Yes) pour démarrer le scan.

    /!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

    En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

    Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

    /!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

    Note : Le rapport se trouve également là : C:\ComboFix.txt
    0
  12. hotfightersfr Messages postés 77 Date d'inscription   Statut Membre Dernière intervention   2
     
    ma connexion wifi est resté activé pendant le scan, je dois réactiver combofix?

    ComboFix 08-07-15.4 - huebmaster 2008-07-17 3:45:25.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.214 [GMT 2:00]
    Endroit: C:\Documents and Settings\huebmaster\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\huebmaster\ravmonlog
    C:\WINDOWS\Bnodp.dll
    C:\WINDOWS\callmbin.dll
    C:\WINDOWS\hlpbinv.dll
    C:\WINDOWS\hovdin.dll
    C:\WINDOWS\system32\x64
    D:\Autorun.inf
    C:\WINDOWS\system32\catsrvp.dll . . . . Echec de suppression

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-17 to 2008-07-17 ))))))))))))))))))))))))))))))))))))
    .

    2008-07-17 03:26 . 2008-07-17 03:26 <REP> d-------- C:\_OTMoveIt
    2008-07-17 02:48 . 2008-07-17 02:59 <REP> d-------- C:\Toolbar SD
    2008-07-16 08:23 . 2008-07-16 08:23 <REP> d-------- C:\Documents and Settings\huebmaster\Application Data\Malwarebytes
    2008-07-16 08:23 . 2008-07-16 08:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-07-16 08:23 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-07-16 08:23 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-07-16 06:09 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
    2008-07-16 06:08 . 2008-07-16 06:08 <REP> d-------- C:\Program Files\Panda Security
    2008-07-15 05:38 . 2003-07-18 13:58 516,784 -ra------ C:\WINDOWS\system32\XceedCry.dll
    2008-07-15 05:38 . 2002-02-28 09:46 217,088 --a------ C:\WINDOWS\system32\DartSock.dll
    2008-07-15 05:38 . 2002-02-21 10:12 118,784 --a------ C:\WINDOWS\system32\DartWeb.dll
    2008-07-15 05:38 . 1998-06-13 22:53 44,544 --a------ C:\WINDOWS\system32\Gif89.dll
    2008-07-15 05:38 . 2002-04-12 13:19 28,672 --a------ C:\WINDOWS\system32\DartWeb.oca
    2008-07-15 04:22 . 2008-07-15 04:22 <REP> d-------- C:\Documents and Settings\huebmaster\Application Data\Media Player Classic
    2008-07-15 03:50 . 2008-07-15 03:50 72 --a------ C:\WINDOWS\MediaManager.INI
    2008-07-15 00:55 . 2008-06-04 18:42 364,544 --a------ C:\WINDOWS\system32\PropertyGrid.ocx
    2008-07-15 00:55 . 2008-07-12 04:52 233,472 --a------ C:\WINDOWS\system32\TubeFinder.exe
    2008-07-15 00:55 . 2008-06-04 18:42 208,500 --a------ C:\WINDOWS\system32\ReyXpBasics.tlb
    2008-07-15 00:55 . 2008-06-04 18:42 84,512 --a------ C:\WINDOWS\system32\PICCLP32.OCX
    2008-07-15 00:55 . 2008-06-04 18:42 24,576 --a------ C:\WINDOWS\system32\ControlSubX.ocx
    2008-07-15 00:55 . 2008-06-04 18:42 9,728 --a------ C:\WINDOWS\system32\PCCLPFR.DLL
    2008-07-14 23:30 . 2008-07-15 00:11 <REP> d-------- C:\Program Files\AVS4YOU
    2008-07-12 00:19 . 2008-07-12 10:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-07-12 00:19 . 2008-07-12 00:19 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-07-10 10:29 . 2008-07-17 01:02 <REP> d-------- C:\Program Files\XnView
    2008-07-03 09:20 . 2008-07-03 09:23 5,423 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
    2008-07-02 18:11 . 2008-07-02 18:11 262,144 --a------ C:\Documents and Settings\YOHANL~2
    2008-06-29 23:07 . 2008-06-30 23:39 <REP> d-------- C:\Program Files\McDonaldsDragons
    2008-06-29 06:09 . 2008-06-29 06:09 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment
    2008-06-29 00:31 . 2008-07-02 17:37 <REP> d--h----- C:\$AVG8.VAULT$
    2008-06-29 00:11 . 2008-07-01 23:03 <REP> d-------- C:\WINDOWS\system32\drivers\Avg
    2008-06-29 00:11 . 2008-06-29 05:39 <REP> d-------- C:\Documents and Settings\huebmaster\Application Data\AVGTOOLBAR
    2008-06-29 00:11 . 2008-07-02 18:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
    2008-06-29 00:11 . 2008-06-29 00:11 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
    2008-06-29 00:11 . 2008-06-29 00:11 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
    2008-06-29 00:11 . 2008-06-29 00:11 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
    2008-06-29 00:08 . 2008-06-29 00:11 8,192 --a------ C:\Documents and Settings\YOHANL~1
    2008-06-29 00:08 . 2008-06-29 00:11 8,192 --a------ C:\Documents and Settings\randryan
    2008-06-24 15:35 . 2008-06-24 15:35 268 --ah----- C:\sqmdata07.sqm
    2008-06-24 15:35 . 2008-06-24 15:35 244 --ah----- C:\sqmnoopt07.sqm
    2008-06-23 23:45 . 2008-06-23 23:48 278,528 --a------ C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    2008-06-22 04:23 . 2007-01-13 09:49 184,320 --a------ C:\WINDOWS\system32\igfxres.dll
    2008-06-22 04:19 . 2007-01-13 09:46 46,080 --a------ C:\WINDOWS\system32\SET24E.tmp
    2008-06-22 04:19 . 2007-01-13 09:46 46,080 --a------ C:\WINDOWS\system32\SET1DE.tmp
    2008-06-22 04:07 . 2005-01-23 10:31 348,160 -ra------ C:\WINDOWS\system32\SET114.tmp
    2008-06-21 14:21 . 2006-07-28 11:00 102,400 -ra------ C:\WINDOWS\system32\SET10F.tmp
    2008-06-21 14:21 . 2006-07-28 11:00 86,016 -ra------ C:\WINDOWS\system32\SET10D.tmp
    2008-06-21 14:11 . 2006-07-28 11:00 102,400 -ra------ C:\WINDOWS\system32\SET108.tmp
    2008-06-21 14:11 . 2006-07-28 11:00 86,016 -ra------ C:\WINDOWS\system32\SET106.tmp
    2008-06-21 12:35 . 2006-07-28 11:00 241,664 -ra------ C:\WINDOWS\system32\SDhp1018.DLL
    2008-06-21 12:08 . 2008-06-21 12:08 <REP> d--h----- C:\Program Files\Zenographics
    2008-06-21 12:08 . 2006-07-30 11:00 143,360 -ra------ C:\WINDOWS\apptune1018.exe
    2008-06-21 12:08 . 2006-07-30 11:00 106,496 -ra------ C:\WINDOWS\system32\vshp1018.dll
    2008-06-21 12:08 . 2006-07-30 11:00 28,672 -ra------ C:\WINDOWS\system32\zlm.dll
    2008-06-21 12:08 . 2006-07-30 11:00 28,672 --a------ C:\WINDOWS\system32\IMF32.DLL
    2008-06-21 12:08 . 2006-07-30 11:00 24,576 --a------ C:\WINDOWS\system32\ZTAG32.DLL
    2008-06-21 12:08 . 2006-07-30 11:00 7,808 -ra------ C:\WINDOWS\system32\ZSHP1018.HLP
    2008-06-21 10:52 . 2008-07-07 01:07 <REP> d-------- C:\Program Files\Hewlett-Packard
    2008-06-21 10:52 . 2006-07-30 11:00 442,368 -ra------ C:\WINDOWS\system32\ZSHP1018.EXE
    2008-06-21 10:52 . 2006-07-30 11:00 129,092 -ra------ C:\WINDOWS\system32\hp1018.img
    2008-06-21 10:52 . 2006-07-28 11:00 102,400 -ra------ C:\WINDOWS\system32\ZLhp1018.DLL
    2008-06-21 10:52 . 2006-07-28 11:00 86,016 -ra------ C:\WINDOWS\system32\ZSPOOL.DLL
    2008-06-21 10:52 . 2007-12-10 08:00 61,440 --a------ C:\WINDOWS\system32\ZIMF.DLL
    2008-06-21 10:52 . 2007-12-10 08:00 53,248 --a------ C:\WINDOWS\system32\ZTAG.DLL
    2008-06-21 10:52 . 2007-12-10 08:00 10,736 --a------ C:\WINDOWS\system32\ZSHP1018.CHM
    2008-06-20 18:55 . 2008-06-20 18:59 <REP> d-------- C:\Documents and Settings\huebmaster\Application Data\NetAppel

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-15 03:44 --------- d-----w C:\Program Files\eMule
    2008-07-15 03:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-07-14 22:11 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia
    2008-07-14 21:37 --------- d-----w C:\Program Files\QuickTime
    2008-07-12 06:17 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-07-11 23:38 --------- d-----w C:\Program Files\Apple Software Update
    2008-07-11 23:37 --------- d-----w C:\Program Files\DivX
    2008-07-11 23:36 --------- d-----w C:\Program Files\Windows Live
    2008-07-11 23:28 --------- d-----w C:\Program Files\Micro Application
    2008-07-11 07:31 --------- d-----w C:\Program Files\Unlocker
    2008-07-06 21:09 --------- d-----w C:\Program Files\TubeMaster
    2008-07-03 07:23 61,274 -c--a-w C:\WINDOWS\BricoPackUninst.cmd
    2008-06-30 21:11 --------- d-----w C:\Program Files\Java
    2008-06-28 22:17 --------- d-----w C:\Program Files\BeClean
    2008-06-28 22:17 --------- d-----w C:\Documents and Settings\huebmaster\Application Data\Smart PC Solutions
    2008-06-28 19:57 --------- d-----w C:\Documents and Settings\huebmaster\Application Data\dvdcss
    2008-06-25 14:47 --------- d-----w C:\Program Files\Wanadoo
    2008-06-22 11:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-06-22 11:02 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-06-20 11:50 132,152 ----a-w C:\Documents and Settings\huebmaster\Application Data\GDIPFONTCACHEV1.DAT
    2008-06-13 16:43 796,672 ----a-w C:\WINDOWS\GPInstall.exe
    2008-06-07 09:14 982 -c--a-w C:\Documents and Settings\huebmaster\Application Data\wklnhst.dat
    2008-06-07 08:55 --------- d-----w C:\Program Files\Power IE
    2008-06-01 20:42 --------- d-----w C:\Program Files\Fichiers communs\Macromedia
    2008-06-01 20:40 --------- d-----w C:\Program Files\Macromedia
    2008-05-30 21:58 --------- d-----w C:\Program Files\Mindscape
    2008-05-22 18:56 --------- d-----w C:\Documents and Settings\huebmaster\Application Data\Kptic
    2008-01-22 23:14 22,623 -c--a-w C:\Documents and Settings\huebmaster\Application Data\mdb.bin
    .

    ------- Sigcheck -------

    2007-04-18 14:44 669696 a3bf56a786b277e881fd9137f55f0b4b C:\WINDOWS\$hf_mig$\KB933566\SP2QFE\wininet.dll
    2007-08-20 11:49 825344 2dd1b0f579c80562edcb8848ff7ea9f6 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
    2007-04-18 14:32 697344 aeff166f0813521d4fe60b6efc6895f4 C:\WINDOWS\$NtUninstallKB933566$\wininet.dll
    2006-03-02 14:00 660480 4e958b97efc3d801f49283d1820f48b7 C:\WINDOWS\$NtUninstallKB933566_0$\wininet.dll
    2007-04-18 14:44 669696 a3bf56a786b277e881fd9137f55f0b4b C:\WINDOWS\ie7\wininet.dll
    2007-06-27 15:24 823808 2274862267d7445e7010d9af826e89c3 C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]c48504da0909bf8b1142195451becc9\sp2gdr\wininet.dll
    2007-06-27 16:14 824320 7201d19b81883b57d5ffe8ebb5a83e8b C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]c48504da0909bf8b1142195451becc9\sp2qfe\wininet.dll
    2006-10-27 16:09 809472 b20a5f4f7588eacce8d08dbe0d9a1183 C:\WINDOWS\system32\wininet.dll
    2006-10-27 16:09 809472 b20a5f4f7588eacce8d08dbe0d9a1183 C:\WINDOWS\system32\dllcache\wininet.dll

    2006-03-02 14:00 978432 c2e06cb7cfb5dbd8767ddd5e2e18cf71 C:\WINDOWS\explorer.exe
    2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2gdr\explorer.exe
    2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2qfe\explorer.exe
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1836094-57CF-41F7-83A0-37624EC24E78}]
    2006-03-02 14:00 106388 --a------ C:\WINDOWS\system32\catsrvp.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
    "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-07-16 15:17 4670704]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 15:49 20480]
    "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 13:01 1037736]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoLogOff"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.PJPG"= Pxjpg.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
    backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^huebmaster^Menu Démarrer^Programmes^Démarrage^RocketDock.lnk]
    path=C:\Documents and Settings\huebmaster\Menu Démarrer\Programmes\Démarrage\RocketDock.lnk
    backup=C:\WINDOWS\pss\RocketDock.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^huebmaster^Menu Démarrer^Programmes^Démarrage^TransBar.lnk]
    path=C:\Documents and Settings\huebmaster\Menu Démarrer\Programmes\Démarrage\TransBar.lnk
    backup=C:\WINDOWS\pss\TransBar.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^huebmaster^Menu Démarrer^Programmes^Démarrage^UberIcon.lnk]
    path=C:\Documents and Settings\huebmaster\Menu Démarrer\Programmes\Démarrage\UberIcon.lnk
    backup=C:\WINDOWS\pss\UberIcon.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^huebmaster^Menu Démarrer^Programmes^Démarrage^Y'z Shadow.lnk]
    path=C:\Documents and Settings\huebmaster\Menu Démarrer\Programmes\Démarrage\Y'z Shadow.lnk
    backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a--c--- 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    --a------ 2006-03-02 14:00 15360 C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    --a------ 2007-01-13 09:47 163840 C:\WINDOWS\system32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    --a------ 2007-01-13 09:47 131072 C:\WINDOWS\system32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a--c--- 2007-08-15 20:15 271672 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
    --a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OFFICE One Startup v1]
    --a--c--- 2004-09-09 17:57 415232 C:\Program Files\Mindscape\OFFICE One\OFFICE One Startup v1\oostartupv1.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfSaver3]
    --a------ 2004-09-05 17:20 380928 D:\Program Files\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    --a------ 2007-01-13 09:46 135168 C:\WINDOWS\system32\igfxpers.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a--c--- 2007-06-29 06:24 286720 C:\Program Files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
    --a------ 2006-09-07 19:19 15872 C:\Program Files\Unlocker\UnlockerAssistant.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
    --a--c--- 2004-08-23 15:50 122880 C:\Program Files\Wanadoo\Shell.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
    --------- 2004-10-14 17:55 32768 C:\PROGRA~1\Wanadoo\GestMAJ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
    --------- 2004-08-23 15:49 20480 C:\PROGRA~1\Wanadoo\Watch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    --a------ 2007-07-16 15:17 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    -ra------ 2005-04-15 12:01 77824 C:\WINDOWS\SOUNDMAN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFaxAppPortStarter]
    --a------ 2001-09-10 22:03 45568 C:\WINDOWS\system32\WFXSNT40.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "UPS"=3 (0x3)
    "TermService"=3 (0x3)
    "TapiSrv"=3 (0x3)
    "SharedAccess"=2 (0x2)
    "SCardSvr"=3 (0x3)
    "RasAuto"=3 (0x3)
    "lanmanserver"=2 (0x2)
    "iPod Service"=3 (0x3)
    "gusvc"=2 (0x2)
    "Apple Mobile Device"=2 (0x2)
    "AVP"=2 (0x2)
    "WMPNetworkSvc"=3 (0x3)
    "RDSessMgr"=3 (0x3)
    "RasMan"=3 (0x3)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "WOOTASKBARICON"=C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\FileZilla\\filezilla.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    R0 lvojdxdt;lvojdxdt;C:\WINDOWS\system32\drivers\mxvbbvxs.dat []
    R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
    R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-29 00:11]
    R1 SSHDRV85;SSHDRV85;C:\WINDOWS\system32\drivers\SSHDRV85.sys [2007-10-13 06:32]
    R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-29 00:11]
    S2 .NETSecurity;.NETSecurity;C:\WINDOWS\system32\netsecurity.exe []
    S2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe []
    S2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe []
    S3 CamDrv.Pixela;JVC Web Camera;C:\WINDOWS\system32\Drivers\CamDrv.sys [2001-12-19 23:49]
    S3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    \Shell\AutoRun\command - D:\setupSNK.exe
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-07-17 02:00:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
    .
    - - - - ORPHANS REMOVED - - - -

    MSConfigStartUp-AVP - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    MSConfigStartUp-MMReminderService - D:\Program Files\Mindjet\MindManager 7\MMReminderService.exe
    MSConfigStartUp-NeroFilterCheck - C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    MSConfigStartUp-OrderReminder - C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
    MSConfigStartUp-RavAV - C:\WINDOWS\AdobeR.exe
    MSConfigStartUp-SpywareTerminator - C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    MSConfigStartUp-swg - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    MSConfigStartUp-Window Washer - C:\Program Files\Webroot\Washer\wwDisp.exe
    MSConfigStartUp-WindowsServicesStartup - C:\DOCUME~1\HUEBMA~1\LOCALS~1\Temp\svchost.exe

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-17 03:54:59
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet011\Services\lvojdxdt]
    "ImagePath"="system32\drivers\mxvbbvxs.dat"
    .
    ------------------------ Other Running Processes ------------------------
    .
    D:\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
    C:\WINDOWS\system32\imapi.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-07-17 4:13:52 - machine was rebooted [huebmaster]
    ComboFix-quarantined-files.txt 2008-07-17 02:12:46

    Pre-Run: 128,954,368 octets libres
    Post-Run: 117,760,000 octets libres

    295 --- E O F --- 2007-07-20 08:10:22
    0
  13. hotfightersfr Messages postés 77 Date d'inscription   Statut Membre Dernière intervention   2
     
    ma connexion wifi est resté activé pendant le scan, je dois réactiver combofix?

    ComboFix 08-07-15.4 - huebmaster 2008-07-17 3:45:25.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.214 [GMT 2:00]
    Endroit: C:\Documents and Settings\huebmaster\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\huebmaster\ravmonlog
    C:\WINDOWS\Bnodp.dll
    C:\WINDOWS\callmbin.dll
    C:\WINDOWS\hlpbinv.dll
    C:\WINDOWS\hovdin.dll
    C:\WINDOWS\system32\x64
    D:\Autorun.inf
    C:\WINDOWS\system32\catsrvp.dll . . . . Echec de suppression

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-17 to 2008-07-17 ))))))))))))))))))))))))))))))))))))
    .

    2008-07-17 03:26 . 2008-07-17 03:26 <REP> d-------- C:\_OTMoveIt
    2008-07-17 02:48 . 2008-07-17 02:59 <REP> d-------- C:\Toolbar SD
    2008-07-16 08:23 . 2008-07-16 08:23 <REP> d-------- C:\Documents and Settings\huebmaster\Application Data\Malwarebytes
    2008-07-16 08:23 . 2008-07-16 08:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-07-16 08:23 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-07-16 08:23 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-07-16 06:09 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
    2008-07-16 06:08 . 2008-07-16 06:08 <REP> d-------- C:\Program Files\Panda Security
    2008-07-15 05:38 . 2003-07-18 13:58 516,784 -ra------ C:\WINDOWS\system32\XceedCry.dll
    2008-07-15 05:38 . 2002-02-28 09:46 217,088 --a------ C:\WINDOWS\system32\DartSock.dll
    2008-07-15 05:38 . 2002-02-21 10:12 118,784 --a------ C:\WINDOWS\system32\DartWeb.dll
    2008-07-15 05:38 . 1998-06-13 22:53 44,544 --a------ C:\WINDOWS\system32\Gif89.dll
    2008-07-15 05:38 . 2002-04-12 13:19 28,672 --a------ C:\WINDOWS\system32\DartWeb.oca
    2008-07-15 04:22 . 2008-07-15 04:22 <REP> d-------- C:\Documents and Settings\huebmaster\Application Data\Media Player Classic
    2008-07-15 03:50 . 2008-07-15 03:50 72 --a------ C:\WINDOWS\MediaManager.INI
    2008-07-15 00:55 . 2008-06-04 18:42 364,544 --a------ C:\WINDOWS\system32\PropertyGrid.ocx
    2008-07-15 00:55 . 2008-07-12 04:52 233,472 --a------ C:\WINDOWS\system32\TubeFinder.exe
    2008-07-15 00:55 . 2008-06-04 18:42 208,500 --a------ C:\WINDOWS\system32\ReyXpBasics.tlb
    2008-07-15 00:55 . 2008-06-04 18:42 84,512 --a------ C:\WINDOWS\system32\PICCLP32.OCX
    2008-07-15 00:55 . 2008-06-04 18:42 24,576 --a------ C:\WINDOWS\system32\ControlSubX.ocx
    2008-07-15 00:55 . 2008-06-04 18:42 9,728 --a------ C:\WINDOWS\system32\PCCLPFR.DLL
    2008-07-14 23:30 . 2008-07-15 00:11 <REP> d-------- C:\Program Files\AVS4YOU
    2008-07-12 00:19 . 2008-07-12 10:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-07-12 00:19 . 2008-07-12 00:19 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-07-10 10:29 . 2008-07-17 01:02 <REP> d-------- C:\Program Files\XnView
    2008-07-03 09:20 . 2008-07-03 09:23 5,423 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
    2008-07-02 18:11 . 2008-07-02 18:11 262,144 --a------ C:\Documents and Settings\YOHANL~2
    2008-06-29 23:07 . 2008-06-30 23:39 <REP> d-------- C:\Program Files\McDonaldsDragons
    2008-06-29 06:09 . 2008-06-29 06:09 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment
    2008-06-29 00:31 . 2008-07-02 17:37 <REP> d--h----- C:\$AVG8.VAULT$
    2008-06-29 00:11 . 2008-07-01 23:03 <REP> d-------- C:\WINDOWS\system32\drivers\Avg
    2008-06-29 00:11 . 2008-06-29 05:39 <REP> d-------- C:\Documents and Settings\huebmaster\Application Data\AVGTOOLBAR
    2008-06-29 00:11 . 2008-07-02 18:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
    2008-06-29 00:11 . 2008-06-29 00:11 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
    2008-06-29 00:11 . 2008-06-29 00:11 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
    2008-06-29 00:11 . 2008-06-29 00:11 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
    2008-06-29 00:08 . 2008-06-29 00:11 8,192 --a------ C:\Documents and Settings\YOHANL~1
    2008-06-29 00:08 . 2008-06-29 00:11 8,192 --a------ C:\Documents and Settings\randryan
    2008-06-24 15:35 . 2008-06-24 15:35 268 --ah----- C:\sqmdata07.sqm
    2008-06-24 15:35 . 2008-06-24 15:35 244 --ah----- C:\sqmnoopt07.sqm
    2008-06-23 23:45 . 2008-06-23 23:48 278,528 --a------ C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    2008-06-22 04:23 . 2007-01-13 09:49 184,320 --a------ C:\WINDOWS\system32\igfxres.dll
    2008-06-22 04:19 . 2007-01-13 09:46 46,080 --a------ C:\WINDOWS\system32\SET24E.tmp
    2008-06-22 04:19 . 2007-01-13 09:46 46,080 --a------ C:\WINDOWS\system32\SET1DE.tmp
    2008-06-22 04:07 . 2005-01-23 10:31 348,160 -ra------ C:\WINDOWS\system32\SET114.tmp
    2008-06-21 14:21 . 2006-07-28 11:00 102,400 -ra------ C:\WINDOWS\system32\SET10F.tmp
    2008-06-21 14:21 . 2006-07-28 11:00 86,016 -ra------ C:\WINDOWS\system32\SET10D.tmp
    2008-06-21 14:11 . 2006-07-28 11:00 102,400 -ra------ C:\WINDOWS\system32\SET108.tmp
    2008-06-21 14:11 . 2006-07-28 11:00 86,016 -ra------ C:\WINDOWS\system32\SET106.tmp
    2008-06-21 12:35 . 2006-07-28 11:00 241,664 -ra------ C:\WINDOWS\system32\SDhp1018.DLL
    2008-06-21 12:08 . 2008-06-21 12:08 <REP> d--h----- C:\Program Files\Zenographics
    2008-06-21 12:08 . 2006-07-30 11:00 143,360 -ra------ C:\WINDOWS\apptune1018.exe
    2008-06-21 12:08 . 2006-07-30 11:00 106,496 -ra------ C:\WINDOWS\system32\vshp1018.dll
    2008-06-21 12:08 . 2006-07-30 11:00 28,672 -ra------ C:\WINDOWS\system32\zlm.dll
    2008-06-21 12:08 . 2006-07-30 11:00 28,672 --a------ C:\WINDOWS\system32\IMF32.DLL
    2008-06-21 12:08 . 2006-07-30 11:00 24,576 --a------ C:\WINDOWS\system32\ZTAG32.DLL
    2008-06-21 12:08 . 2006-07-30 11:00 7,808 -ra------ C:\WINDOWS\system32\ZSHP1018.HLP
    2008-06-21 10:52 . 2008-07-07 01:07 <REP> d-------- C:\Program Files\Hewlett-Packard
    2008-06-21 10:52 . 2006-07-30 11:00 442,368 -ra------ C:\WINDOWS\system32\ZSHP1018.EXE
    2008-06-21 10:52 . 2006-07-30 11:00 129,092 -ra------ C:\WINDOWS\system32\hp1018.img
    2008-06-21 10:52 . 2006-07-28 11:00 102,400 -ra------ C:\WINDOWS\system32\ZLhp1018.DLL
    2008-06-21 10:52 . 2006-07-28 11:00 86,016 -ra------ C:\WINDOWS\system32\ZSPOOL.DLL
    2008-06-21 10:52 . 2007-12-10 08:00 61,440 --a------ C:\WINDOWS\system32\ZIMF.DLL
    2008-06-21 10:52 . 2007-12-10 08:00 53,248 --a------ C:\WINDOWS\system32\ZTAG.DLL
    2008-06-21 10:52 . 2007-12-10 08:00 10,736 --a------ C:\WINDOWS\system32\ZSHP1018.CHM
    2008-06-20 18:55 . 2008-06-20 18:59 <REP> d-------- C:\Documents and Settings\huebmaster\Application Data\NetAppel

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-15 03:44 --------- d-----w C:\Program Files\eMule
    2008-07-15 03:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-07-14 22:11 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia
    2008-07-14 21:37 --------- d-----w C:\Program Files\QuickTime
    2008-07-12 06:17 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-07-11 23:38 --------- d-----w C:\Program Files\Apple Software Update
    2008-07-11 23:37 --------- d-----w C:\Program Files\DivX
    2008-07-11 23:36 --------- d-----w C:\Program Files\Windows Live
    2008-07-11 23:28 --------- d-----w C:\Program Files\Micro Application
    2008-07-11 07:31 --------- d-----w C:\Program Files\Unlocker
    2008-07-06 21:09 --------- d-----w C:\Program Files\TubeMaster
    2008-07-03 07:23 61,274 -c--a-w C:\WINDOWS\BricoPackUninst.cmd
    2008-06-30 21:11 --------- d-----w C:\Program Files\Java
    2008-06-28 22:17 --------- d-----w C:\Program Files\BeClean
    2008-06-28 22:17 --------- d-----w C:\Documents and Settings\huebmaster\Application Data\Smart PC Solutions
    2008-06-28 19:57 --------- d-----w C:\Documents and Settings\huebmaster\Application Data\dvdcss
    2008-06-25 14:47 --------- d-----w C:\Program Files\Wanadoo
    2008-06-22 11:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-06-22 11:02 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-06-20 11:50 132,152 ----a-w C:\Documents and Settings\huebmaster\Application Data\GDIPFONTCACHEV1.DAT
    2008-06-13 16:43 796,672 ----a-w C:\WINDOWS\GPInstall.exe
    2008-06-07 09:14 982 -c--a-w C:\Documents and Settings\huebmaster\Application Data\wklnhst.dat
    2008-06-07 08:55 --------- d-----w C:\Program Files\Power IE
    2008-06-01 20:42 --------- d-----w C:\Program Files\Fichiers communs\Macromedia
    2008-06-01 20:40 --------- d-----w C:\Program Files\Macromedia
    2008-05-30 21:58 --------- d-----w C:\Program Files\Mindscape
    2008-05-22 18:56 --------- d-----w C:\Documents and Settings\huebmaster\Application Data\Kptic
    2008-01-22 23:14 22,623 -c--a-w C:\Documents and Settings\huebmaster\Application Data\mdb.bin
    .

    ------- Sigcheck -------

    2007-04-18 14:44 669696 a3bf56a786b277e881fd9137f55f0b4b C:\WINDOWS\$hf_mig$\KB933566\SP2QFE\wininet.dll
    2007-08-20 11:49 825344 2dd1b0f579c80562edcb8848ff7ea9f6 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
    2007-04-18 14:32 697344 aeff166f0813521d4fe60b6efc6895f4 C:\WINDOWS\$NtUninstallKB933566$\wininet.dll
    2006-03-02 14:00 660480 4e958b97efc3d801f49283d1820f48b7 C:\WINDOWS\$NtUninstallKB933566_0$\wininet.dll
    2007-04-18 14:44 669696 a3bf56a786b277e881fd9137f55f0b4b C:\WINDOWS\ie7\wininet.dll
    2007-06-27 15:24 823808 2274862267d7445e7010d9af826e89c3 C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]c48504da0909bf8b1142195451becc9\sp2gdr\wininet.dll
    2007-06-27 16:14 824320 7201d19b81883b57d5ffe8ebb5a83e8b C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]c48504da0909bf8b1142195451becc9\sp2qfe\wininet.dll
    2006-10-27 16:09 809472 b20a5f4f7588eacce8d08dbe0d9a1183 C:\WINDOWS\system32\wininet.dll
    2006-10-27 16:09 809472 b20a5f4f7588eacce8d08dbe0d9a1183 C:\WINDOWS\system32\dllcache\wininet.dll

    2006-03-02 14:00 978432 c2e06cb7cfb5dbd8767ddd5e2e18cf71 C:\WINDOWS\explorer.exe
    2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2gdr\explorer.exe
    2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2qfe\explorer.exe
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1836094-57CF-41F7-83A0-37624EC24E78}]
    2006-03-02 14:00 106388 --a------ C:\WINDOWS\system32\catsrvp.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
    "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-07-16 15:17 4670704]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 15:49 20480]
    "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 13:01 1037736]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoLogOff"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.PJPG"= Pxjpg.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
    backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^huebmaster^Menu Démarrer^Programmes^Démarrage^RocketDock.lnk]
    path=C:\Documents and Settings\huebmaster\Menu Démarrer\Programmes\Démarrage\RocketDock.lnk
    backup=C:\WINDOWS\pss\RocketDock.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^huebmaster^Menu Démarrer^Programmes^Démarrage^TransBar.lnk]
    path=C:\Documents and Settings\huebmaster\Menu Démarrer\Programmes\Démarrage\TransBar.lnk
    backup=C:\WINDOWS\pss\TransBar.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^huebmaster^Menu Démarrer^Programmes^Démarrage^UberIcon.lnk]
    path=C:\Documents and Settings\huebmaster\Menu Démarrer\Programmes\Démarrage\UberIcon.lnk
    backup=C:\WINDOWS\pss\UberIcon.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^huebmaster^Menu Démarrer^Programmes^Démarrage^Y'z Shadow.lnk]
    path=C:\Documents and Settings\huebmaster\Menu Démarrer\Programmes\Démarrage\Y'z Shadow.lnk
    backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a--c--- 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    --a------ 2006-03-02 14:00 15360 C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    --a------ 2007-01-13 09:47 163840 C:\WINDOWS\system32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    --a------ 2007-01-13 09:47 131072 C:\WINDOWS\system32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a--c--- 2007-08-15 20:15 271672 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
    --a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OFFICE One Startup v1]
    --a--c--- 2004-09-09 17:57 415232 C:\Program Files\Mindscape\OFFICE One\OFFICE One Startup v1\oostartupv1.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfSaver3]
    --a------ 2004-09-05 17:20 380928 D:\Program Files\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    --a------ 2007-01-13 09:46 135168 C:\WINDOWS\system32\igfxpers.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a--c--- 2007-06-29 06:24 286720 C:\Program Files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
    --a------ 2006-09-07 19:19 15872 C:\Program Files\Unlocker\UnlockerAssistant.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
    --a--c--- 2004-08-23 15:50 122880 C:\Program Files\Wanadoo\Shell.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
    --------- 2004-10-14 17:55 32768 C:\PROGRA~1\Wanadoo\GestMAJ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
    --------- 2004-08-23 15:49 20480 C:\PROGRA~1\Wanadoo\Watch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    --a------ 2007-07-16 15:17 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    -ra------ 2005-04-15 12:01 77824 C:\WINDOWS\SOUNDMAN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFaxAppPortStarter]
    --a------ 2001-09-10 22:03 45568 C:\WINDOWS\system32\WFXSNT40.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "UPS"=3 (0x3)
    "TermService"=3 (0x3)
    "TapiSrv"=3 (0x3)
    "SharedAccess"=2 (0x2)
    "SCardSvr"=3 (0x3)
    "RasAuto"=3 (0x3)
    "lanmanserver"=2 (0x2)
    "iPod Service"=3 (0x3)
    "gusvc"=2 (0x2)
    "Apple Mobile Device"=2 (0x2)
    "AVP"=2 (0x2)
    "WMPNetworkSvc"=3 (0x3)
    "RDSessMgr"=3 (0x3)
    "RasMan"=3 (0x3)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "WOOTASKBARICON"=C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\FileZilla\\filezilla.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    R0 lvojdxdt;lvojdxdt;C:\WINDOWS\system32\drivers\mxvbbvxs.dat []
    R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
    R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-29 00:11]
    R1 SSHDRV85;SSHDRV85;C:\WINDOWS\system32\drivers\SSHDRV85.sys [2007-10-13 06:32]
    R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-29 00:11]
    S2 .NETSecurity;.NETSecurity;C:\WINDOWS\system32\netsecurity.exe []
    S2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe []
    S2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe []
    S3 CamDrv.Pixela;JVC Web Camera;C:\WINDOWS\system32\Drivers\CamDrv.sys [2001-12-19 23:49]
    S3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    \Shell\AutoRun\command - D:\setupSNK.exe
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-07-17 02:00:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
    .
    - - - - ORPHANS REMOVED - - - -

    MSConfigStartUp-AVP - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    MSConfigStartUp-MMReminderService - D:\Program Files\Mindjet\MindManager 7\MMReminderService.exe
    MSConfigStartUp-NeroFilterCheck - C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    MSConfigStartUp-OrderReminder - C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
    MSConfigStartUp-RavAV - C:\WINDOWS\AdobeR.exe
    MSConfigStartUp-SpywareTerminator - C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    MSConfigStartUp-swg - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    MSConfigStartUp-Window Washer - C:\Program Files\Webroot\Washer\wwDisp.exe
    MSConfigStartUp-WindowsServicesStartup - C:\DOCUME~1\HUEBMA~1\LOCALS~1\Temp\svchost.exe

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-17 03:54:59
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet011\Services\lvojdxdt]
    "ImagePath"="system32\drivers\mxvbbvxs.dat"
    .
    ------------------------ Other Running Processes ------------------------
    .
    D:\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
    C:\WINDOWS\system32\imapi.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-07-17 4:13:52 - machine was rebooted [huebmaster]
    ComboFix-quarantined-files.txt 2008-07-17 02:12:46

    Pre-Run: 128,954,368 octets libres
    Post-Run: 117,760,000 octets libres

    295 --- E O F --- 2007-07-20 08:10:22
    0
  14. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    "ma connexion wifi est resté activé pendant le scan, je dois réactiver combofix?"
    ---> Pas grave.

    "C:\WINDOWS\system32\catsrvp.dll . . . . Echec de suppression "
    ---> Il devient chiant ce fichier.

    Recommence la manip' avec OTMoveIT2 mais en mode sans échec :
    https://www.malekal.com/demarrer-windows-mode-sans-echec/

    Je te laisse, bonne nuit.
    0
  15. hotfightersfr Messages postés 77 Date d'inscription   Statut Membre Dernière intervention   2
     
    voilà le rapport

    LoadLibrary failed for C:\WINDOWS\system32\catsrvp.dll
    C:\WINDOWS\system32\catsrvp.dll NOT unregistered.
    File move failed. C:\WINDOWS\system32\catsrvp.dll scheduled to be moved on reboot.

    OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07172008_043730

    Files moved on Reboot...
    LoadLibrary failed for C:\WINDOWS\system32\catsrvp.dll
    C:\WINDOWS\system32\catsrvp.dll NOT unregistered.
    File move failed. C:\WINDOWS\system32\catsrvp.dll scheduled to be moved on reboot.
    0
  16. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonjour

    Je me permet cette intrusion suite a un doublon de hotfightersfr,
    http://www.commentcamarche.net/forum/affich 7443016 c windows system32 catsrvp dll

    Pour ceci je conseil

    selectionne ceci

    driver::
    lvojdxdt

    registry::

    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1836094-57CF-41F7-83A0-37624EC24E78}]

    File::
    C:\WINDOWS\system32\drivers\mxvbbvxs.dat
    C:\WINDOWS\system32\catsrvp.dll
    C:\WINDOWS\system32\XceedCry.dll


    * Copie le texte sélectionné (CTRL+C).
    * Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
    * Veille à ce que Retour à la ligne ne soit pas coché dans Format.
    * Colle le texte copié dans ce bloc-notes (CTRL+V).
    * Sauvegarde ce fichier sous le nom de CFScript.txt
    * Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme ceci
    http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
    * Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
    * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
    * Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    Note: Le code ci-dessus a été intentionnellement rédigé pour CET utilisateur.
    si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système.  
    

    @+

    0
  17. hotfightersfr Messages postés 77 Date d'inscription   Statut Membre Dernière intervention   2
     
    ComboFix 08-07-15.4 - huebmaster 2008-07-18 2:00:30.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.280 [GMT 2:00]
    Endroit: C:\Documents and Settings\huebmaster\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\huebmaster\Bureau\CFScript.txt

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

    FILE ::
    C:\WINDOWS\system32\catsrvp.dll
    C:\WINDOWS\system32\drivers\mxvbbvxs.dat
    C:\WINDOWS\system32\XceedCry.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\catsrvp.dll
    C:\WINDOWS\system32\drivers\mxvbbvxs.dat
    C:\WINDOWS\system32\XceedCry.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_LVOJDXDT
    -------\Service_lvojdxdt

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-18 to 2008-07-18 ))))))))))))))))))))))))))))))))))))
    .

    2008-07-17 03:26 . 2008-07-17 03:26 <REP> d-------- C:\_OTMoveIt
    2008-07-17 02:48 . 2008-07-17 02:59 <REP> d-------- C:\Toolbar SD
    2008-07-16 08:23 . 2008-07-16 08:23 <REP> d-------- C:\Documents and Settings\huebmaster\Application Data\Malwarebytes
    2008-07-16 08:23 . 2008-07-16 08:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-07-16 08:23 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-07-16 08:23 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-07-16 06:09 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
    2008-07-16 06:08 . 2008-07-16 06:08 <REP> d-------- C:\Program Files\Panda Security
    2008-07-15 05:38 . 2002-02-28 09:46 217,088 --a------ C:\WINDOWS\system32\DartSock.dll
    2008-07-15 05:38 . 2002-02-21 10:12 118,784 --a------ C:\WINDOWS\system32\DartWeb.dll
    2008-07-15 05:38 . 1998-06-13 22:53 44,544 --a------ C:\WINDOWS\system32\Gif89.dll
    2008-07-15 05:38 . 2002-04-12 13:19 28,672 --a------ C:\WINDOWS\system32\DartWeb.oca
    2008-07-15 04:22 . 2008-07-15 04:22 <REP> d-------- C:\Documents and Settings\huebmaster\Application Data\Media Player Classic
    2008-07-15 03:50 . 2008-07-15 03:50 72 --a------ C:\WINDOWS\MediaManager.INI
    2008-07-15 00:55 . 2008-06-04 18:42 364,544 --a------ C:\WINDOWS\system32\PropertyGrid.ocx
    2008-07-15 00:55 . 2008-07-12 04:52 233,472 --a------ C:\WINDOWS\system32\TubeFinder.exe
    2008-07-15 00:55 . 2008-06-04 18:42 208,500 --a------ C:\WINDOWS\system32\ReyXpBasics.tlb
    2008-07-15 00:55 . 2008-06-04 18:42 84,512 --a------ C:\WINDOWS\system32\PICCLP32.OCX
    2008-07-15 00:55 . 2008-06-04 18:42 24,576 --a------ C:\WINDOWS\system32\ControlSubX.ocx
    2008-07-15 00:55 . 2008-06-04 18:42 9,728 --a------ C:\WINDOWS\system32\PCCLPFR.DLL
    2008-07-14 23:30 . 2008-07-15 00:11 <REP> d-------- C:\Program Files\AVS4YOU
    2008-07-12 00:19 . 2008-07-17 16:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-07-12 00:19 . 2008-07-12 00:19 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-07-10 10:29 . 2008-07-17 18:59 <REP> d-------- C:\Program Files\XnView
    2008-07-03 09:20 . 2008-07-03 09:23 5,423 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
    2008-07-02 18:11 . 2008-07-02 18:11 262,144 --a------ C:\Documents and Settings\YOHANL~2
    2008-06-29 23:07 . 2008-06-30 23:39 <REP> d-------- C:\Program Files\McDonaldsDragons
    2008-06-29 06:09 . 2008-06-29 06:09 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment
    2008-06-29 00:31 . 2008-07-02 17:37 <REP> d--h----- C:\$AVG8.VAULT$
    2008-06-29 00:11 . 2008-07-01 23:03 <REP> d-------- C:\WINDOWS\system32\drivers\Avg
    2008-06-29 00:11 . 2008-06-29 05:39 <REP> d-------- C:\Documents and Settings\huebmaster\Application Data\AVGTOOLBAR
    2008-06-29 00:11 . 2008-07-02 18:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
    2008-06-29 00:11 . 2008-06-29 00:11 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
    2008-06-29 00:11 . 2008-06-29 00:11 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
    2008-06-29 00:11 . 2008-06-29 00:11 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
    2008-06-29 00:08 . 2008-06-29 00:11 8,192 --a------ C:\Documents and Settings\YOHANL~1
    2008-06-29 00:08 . 2008-06-29 00:11 8,192 --a------ C:\Documents and Settings\randryan
    2008-06-24 15:35 . 2008-06-24 15:35 268 --ah----- C:\sqmdata07.sqm
    2008-06-24 15:35 . 2008-06-24 15:35 244 --ah----- C:\sqmnoopt07.sqm
    2008-06-23 23:45 . 2008-06-23 23:48 278,528 --a------ C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    2008-06-22 04:23 . 2007-01-13 09:49 184,320 --a------ C:\WINDOWS\system32\igfxres.dll
    2008-06-22 04:19 . 2007-01-13 09:46 46,080 --a------ C:\WINDOWS\system32\SET24E.tmp
    2008-06-22 04:19 . 2007-01-13 09:46 46,080 --a------ C:\WINDOWS\system32\SET1DE.tmp
    2008-06-22 04:07 . 2005-01-23 10:31 348,160 -ra------ C:\WINDOWS\system32\SET114.tmp
    2008-06-21 14:21 . 2006-07-28 11:00 102,400 -ra------ C:\WINDOWS\system32\SET10F.tmp
    2008-06-21 14:21 . 2006-07-28 11:00 86,016 -ra------ C:\WINDOWS\system32\SET10D.tmp
    2008-06-21 14:11 . 2006-07-28 11:00 102,400 -ra------ C:\WINDOWS\system32\SET108.tmp
    2008-06-21 14:11 . 2006-07-28 11:00 86,016 -ra------ C:\WINDOWS\system32\SET106.tmp
    2008-06-21 12:35 . 2006-07-28 11:00 241,664 -ra------ C:\WINDOWS\system32\SDhp1018.DLL
    2008-06-21 12:08 . 2008-06-21 12:08 <REP> d--h----- C:\Program Files\Zenographics
    2008-06-21 12:08 . 2006-07-30 11:00 143,360 -ra------ C:\WINDOWS\apptune1018.exe
    2008-06-21 12:08 . 2006-07-30 11:00 106,496 -ra------ C:\WINDOWS\system32\vshp1018.dll
    2008-06-21 12:08 . 2006-07-30 11:00 28,672 -ra------ C:\WINDOWS\system32\zlm.dll
    2008-06-21 12:08 . 2006-07-30 11:00 28,672 --a------ C:\WINDOWS\system32\IMF32.DLL
    2008-06-21 12:08 . 2006-07-30 11:00 24,576 --a------ C:\WINDOWS\system32\ZTAG32.DLL
    2008-06-21 12:08 . 2006-07-30 11:00 7,808 -ra------ C:\WINDOWS\system32\ZSHP1018.HLP
    2008-06-21 10:52 . 2008-07-07 01:07 <REP> d-------- C:\Program Files\Hewlett-Packard
    2008-06-21 10:52 . 2006-07-30 11:00 442,368 -ra------ C:\WINDOWS\system32\ZSHP1018.EXE
    2008-06-21 10:52 . 2006-07-30 11:00 129,092 -ra------ C:\WINDOWS\system32\hp1018.img
    2008-06-21 10:52 . 2006-07-28 11:00 102,400 -ra------ C:\WINDOWS\system32\ZLhp1018.DLL
    2008-06-21 10:52 . 2006-07-28 11:00 86,016 -ra------ C:\WINDOWS\system32\ZSPOOL.DLL
    2008-06-21 10:52 . 2007-12-10 08:00 61,440 --a------ C:\WINDOWS\system32\ZIMF.DLL
    2008-06-21 10:52 . 2007-12-10 08:00 53,248 --a------ C:\WINDOWS\system32\ZTAG.DLL
    2008-06-21 10:52 . 2007-12-10 08:00 10,736 --a------ C:\WINDOWS\system32\ZSHP1018.CHM
    2008-06-20 18:55 . 2008-06-20 18:59 <REP> d-------- C:\Documents and Settings\huebmaster\Application Data\NetAppel

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-15 03:44 --------- d-----w C:\Program Files\eMule
    2008-07-15 03:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-07-14 22:11 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia
    2008-07-14 21:37 --------- d-----w C:\Program Files\QuickTime
    2008-07-12 06:17 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-07-11 23:38 --------- d-----w C:\Program Files\Apple Software Update
    2008-07-11 23:37 --------- d-----w C:\Program Files\DivX
    2008-07-11 23:36 --------- d-----w C:\Program Files\Windows Live
    2008-07-11 23:28 --------- d-----w C:\Program Files\Micro Application
    2008-07-11 07:31 --------- d-----w C:\Program Files\Unlocker
    2008-07-06 21:09 --------- d-----w C:\Program Files\TubeMaster
    2008-07-03 07:23 61,274 -c--a-w C:\WINDOWS\BricoPackUninst.cmd
    2008-06-30 21:11 --------- d-----w C:\Program Files\Java
    2008-06-28 22:17 --------- d-----w C:\Program Files\BeClean
    2008-06-28 22:17 --------- d-----w C:\Documents and Settings\huebmaster\Application Data\Smart PC Solutions
    2008-06-28 19:57 --------- d-----w C:\Documents and Settings\huebmaster\Application Data\dvdcss
    2008-06-25 14:47 --------- d-----w C:\Program Files\Wanadoo
    2008-06-22 11:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-06-22 11:02 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-06-20 11:50 132,152 ----a-w C:\Documents and Settings\huebmaster\Application Data\GDIPFONTCACHEV1.DAT
    2008-06-13 16:43 796,672 ----a-w C:\WINDOWS\GPInstall.exe
    2008-06-07 09:14 982 -c--a-w C:\Documents and Settings\huebmaster\Application Data\wklnhst.dat
    2008-06-07 08:55 --------- d-----w C:\Program Files\Power IE
    2008-06-01 20:42 --------- d-----w C:\Program Files\Fichiers communs\Macromedia
    2008-06-01 20:40 --------- d-----w C:\Program Files\Macromedia
    2008-05-30 21:58 --------- d-----w C:\Program Files\Mindscape
    2008-05-22 18:56 --------- d-----w C:\Documents and Settings\huebmaster\Application Data\Kptic
    2008-01-22 23:14 22,623 -c--a-w C:\Documents and Settings\huebmaster\Application Data\mdb.bin
    .

    ------- Sigcheck -------

    2007-04-18 14:44 669696 a3bf56a786b277e881fd9137f55f0b4b C:\WINDOWS\$hf_mig$\KB933566\SP2QFE\wininet.dll
    2007-08-20 11:49 825344 2dd1b0f579c80562edcb8848ff7ea9f6 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
    2007-04-18 14:32 697344 aeff166f0813521d4fe60b6efc6895f4 C:\WINDOWS\$NtUninstallKB933566$\wininet.dll
    2006-03-02 14:00 660480 4e958b97efc3d801f49283d1820f48b7 C:\WINDOWS\$NtUninstallKB933566_0$\wininet.dll
    2007-04-18 14:44 669696 a3bf56a786b277e881fd9137f55f0b4b C:\WINDOWS\ie7\wininet.dll
    2007-06-27 15:24 823808 2274862267d7445e7010d9af826e89c3 C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]c48504da0909bf8b1142195451becc9\sp2gdr\wininet.dll
    2007-06-27 16:14 824320 7201d19b81883b57d5ffe8ebb5a83e8b C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]c48504da0909bf8b1142195451becc9\sp2qfe\wininet.dll
    2006-10-27 16:09 809472 b20a5f4f7588eacce8d08dbe0d9a1183 C:\WINDOWS\system32\wininet.dll
    2006-10-27 16:09 809472 b20a5f4f7588eacce8d08dbe0d9a1183 C:\WINDOWS\system32\dllcache\wininet.dll

    2006-03-02 14:00 978432 c2e06cb7cfb5dbd8767ddd5e2e18cf71 C:\WINDOWS\explorer.exe
    2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2gdr\explorer.exe
    2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2qfe\explorer.exe
    .
    ((((((((((((((((((((((((((((( snapshot@2008-07-17_ 4.11.49.75 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-07-17 01:33:17 58,930 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-07-17 08:45:01 58,930 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2008-07-17 01:33:18 71,686 ----a-w C:\WINDOWS\system32\perfc00C.dat
    + 2008-07-17 08:45:01 71,686 ----a-w C:\WINDOWS\system32\perfc00C.dat
    - 2008-07-17 01:33:17 46,772 ----a-w C:\WINDOWS\system32\perfc040.dat
    + 2008-07-17 08:45:00 46,772 ----a-w C:\WINDOWS\system32\perfc040.dat
    - 2008-07-17 01:33:17 392,630 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-07-17 08:45:01 392,630 ----a-w C:\WINDOWS\system32\perfh009.dat
    - 2008-07-17 01:33:18 458,886 ----a-w C:\WINDOWS\system32\perfh00C.dat
    + 2008-07-17 08:45:01 458,886 ----a-w C:\WINDOWS\system32\perfh00C.dat
    - 2008-07-17 01:33:17 364,414 ----a-w C:\WINDOWS\system32\perfh040.dat
    + 2008-07-17 08:45:00 364,414 ----a-w C:\WINDOWS\system32\perfh040.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
    "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-07-16 15:17 4670704]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 15:49 20480]
    "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 13:01 1037736]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoLogOff"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.PJPG"= Pxjpg.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
    backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^huebmaster^Menu Démarrer^Programmes^Démarrage^RocketDock.lnk]
    path=C:\Documents and Settings\huebmaster\Menu Démarrer\Programmes\Démarrage\RocketDock.lnk
    backup=C:\WINDOWS\pss\RocketDock.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^huebmaster^Menu Démarrer^Programmes^Démarrage^TransBar.lnk]
    path=C:\Documents and Settings\huebmaster\Menu Démarrer\Programmes\Démarrage\TransBar.lnk
    backup=C:\WINDOWS\pss\TransBar.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^huebmaster^Menu Démarrer^Programmes^Démarrage^UberIcon.lnk]
    path=C:\Documents and Settings\huebmaster\Menu Démarrer\Programmes\Démarrage\UberIcon.lnk
    backup=C:\WINDOWS\pss\UberIcon.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^huebmaster^Menu Démarrer^Programmes^Démarrage^Y'z Shadow.lnk]
    path=C:\Documents and Settings\huebmaster\Menu Démarrer\Programmes\Démarrage\Y'z Shadow.lnk
    backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a--c--- 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    --a------ 2006-03-02 14:00 15360 C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    --a------ 2007-01-13 09:47 163840 C:\WINDOWS\system32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    --a------ 2007-01-13 09:47 131072 C:\WINDOWS\system32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a--c--- 2007-08-15 20:15 271672 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
    --a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OFFICE One Startup v1]
    --a--c--- 2004-09-09 17:57 415232 C:\Program Files\Mindscape\OFFICE One\OFFICE One Startup v1\oostartupv1.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfSaver3]
    --a------ 2004-09-05 17:20 380928 D:\Program Files\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    --a------ 2007-01-13 09:46 135168 C:\WINDOWS\system32\igfxpers.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a--c--- 2007-06-29 06:24 286720 C:\Program Files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
    --a------ 2006-09-07 19:19 15872 C:\Program Files\Unlocker\UnlockerAssistant.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
    --a--c--- 2004-08-23 15:50 122880 C:\Program Files\Wanadoo\Shell.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
    --------- 2004-10-14 17:55 32768 C:\PROGRA~1\Wanadoo\GestMAJ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
    --------- 2004-08-23 15:49 20480 C:\PROGRA~1\Wanadoo\Watch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    --a------ 2007-07-16 15:17 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    -ra------ 2005-04-15 12:01 77824 C:\WINDOWS\SOUNDMAN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFaxAppPortStarter]
    --a------ 2001-09-10 22:03 45568 C:\WINDOWS\system32\WFXSNT40.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "UPS"=3 (0x3)
    "TermService"=3 (0x3)
    "TapiSrv"=3 (0x3)
    "SharedAccess"=2 (0x2)
    "SCardSvr"=3 (0x3)
    "RasAuto"=3 (0x3)
    "lanmanserver"=2 (0x2)
    "iPod Service"=3 (0x3)
    "gusvc"=2 (0x2)
    "Apple Mobile Device"=2 (0x2)
    "AVP"=2 (0x2)
    "WMPNetworkSvc"=3 (0x3)
    "RDSessMgr"=3 (0x3)
    "RasMan"=3 (0x3)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "WOOTASKBARICON"=C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\FileZilla\\filezilla.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
    R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-29 00:11]
    R1 SSHDRV85;SSHDRV85;C:\WINDOWS\system32\drivers\SSHDRV85.sys [2007-10-13 06:32]
    R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-29 00:11]
    S2 .NETSecurity;.NETSecurity;C:\WINDOWS\system32\netsecurity.exe []
    S2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe []
    S2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe []
    S3 CamDrv.Pixela;JVC Web Camera;C:\WINDOWS\system32\Drivers\CamDrv.sys [2001-12-19 23:49]
    S3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys []
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-07-18 00:09:31 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-18 02:10:27
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    **************************************************************************
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\explorer.exe
    -> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    D:\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\ZSHP1018.EXE
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
    C:\WINDOWS\system32\imapi.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-07-18 2:27:52 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-07-18 00:26:47
    ComboFix2.txt 2008-07-17 02:13:53

    Pre-Run: 69,390,336 octets libres
    Post-Run: 58,249,216 octets libres

    302 --- E O F --- 2007-07-20 08:10:22
    0
  18. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Merci ep44.

    - Télécharge et installe MalwareByte's Anti-Malware :
    http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm

    - Mets-le à jour

    - Redémarre en mode sans échec (Recommandé) :
    https://www.malekal.com/demarrer-windows-mode-sans-echec/

    - Choisis ta session habituelle

    - Fais un scan complet avec MalwareByte's Anti-Malware

    - Supprime tout ce que le logiciel trouve, enregistre le rapport

    - Redémarre en mode normal et poste le rapport ici

    Tutorial :
    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
    0
  19. hotfightersfr Messages postés 77 Date d'inscription   Statut Membre Dernière intervention   2
     
    mon pc c'est éteind brutalement après 2 heures 30 de scan (me... ) et malwarebyte n'a laissé aucun rapport en plus
    mais avant ça il a scanner C tout entier et il a rien trouver. est ce que je suis encore infecter par quelque chose?
    0
  20. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Poste un nouveau rapport HijackThis.
    0
  21. hotfightersfr Messages postés 77 Date d'inscription   Statut Membre Dernière intervention   2
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 03:34:02, on 19/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\PROGRA~1\Adobe\ADOBEF~2\Flash.exe
    C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Ciel\Professionnel indépendant\WPI.exe
    C:\WINDOWS\system32\wuauclt.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    D:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.ionos.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - d:\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{077B5B77-B0F2-42A5-8C83-FF62C0E4DD57}: NameServer = 192.168.1.1
    O23 - Service: .NETSecurity - Unknown owner - C:\WINDOWS\system32\netsecurity.exe (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - D:\Lavasoft\Ad-Aware 2007\aawservice.exe (file missing)
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    0
  • 1
  • 2