Visa anti virus 2008 + supression de fichiers

merci de ta reponse ultra rapide =) mais c encore pire, j'avais hijack hier soir.. maintenant j'ai meme plus accès a mes disques durs. le gestionnaire a été désactivé, je sais plus quoi faire. je vais telecharger combofix mais bon, chuis pas sur que j'aurais accès au rapport

j'espère =) merci encore c'est super qu'on me reponde avec serieux et gentilesse ^^

comment te remercier? =)


ComboFix 08-07-30.02 - Administrateur 2008-07-31 19:43:47.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.159 [GMT 2:00]
Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrateur\Application Data\rhcnejj0epfe
C:\Documents and Settings\Administrateur\Application Data\WeatherDPA
C:\Documents and Settings\Administrateur\Favoris\Error Cleaner.url
C:\Documents and Settings\Administrateur\Favoris\Privacy Protector.url
C:\Documents and Settings\Administrateur\Favoris\Spyware&Malware Protection.url
C:\Documents and Settings\Administrateur\Mes documents\My Documents.url
C:\Program Files\PCHealthCenter
C:\Program Files\PCHealthCenter\[u]0[/u].exe
C:\Program Files\PCHealthCenter\[u]0[/u].gif
C:\Program Files\PCHealthCenter\1.exe
C:\Program Files\PCHealthCenter\1.gif
C:\Program Files\PCHealthCenter\2.exe
C:\Program Files\PCHealthCenter\2.gif
C:\Program Files\PCHealthCenter\3.exe
C:\Program Files\PCHealthCenter\3.gif
C:\Program Files\PCHealthCenter\4.exe
C:\Program Files\PCHealthCenter\5.exe
C:\Program Files\PCHealthCenter\sex1.ico
C:\Program Files\PCHealthCenter\sex2.ico
C:\Program Files\rhcnejj0epfe
C:\Program Files\RichVideoCodec
C:\Program Files\RichVideoCodec\InstallRegerLib.dll
C:\Program Files\VAV
C:\Program Files\VAV\vav.cpl
C:\Program Files\VAV\vav.exe
C:\Program Files\VAV\vav.ooo
C:\Program Files\VAV\vav0.dat
C:\Program Files\VAV\vav1.dat
C:\Program Files\Web Technologies
C:\Program Files\Web Technologies\iebr.dll
C:\Program Files\Web Technologies\myd.ico
C:\Program Files\Web Technologies\mym.ico
C:\Program Files\Web Technologies\myp.ico
C:\Program Files\Web Technologies\myv.ico
C:\Program Files\Web Technologies\ot.ico
C:\Program Files\Web Technologies\ts.ico
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\erqe.exe
C:\WINDOWS\grswptdl.exe
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\Sys56.exe
C:\WINDOWS\Sys5B.exe
C:\WINDOWS\Sys8.exe
C:\WINDOWS\system32\_000002_.tmp.dll
C:\WINDOWS\system32\_000003_.tmp.dll
C:\WINDOWS\system32\_000004_.tmp.dll
C:\WINDOWS\system32\_000005_.tmp.dll
C:\WINDOWS\system32\_000010_.tmp.dll
C:\WINDOWS\system32\_000011_.tmp.dll
C:\WINDOWS\system32\_000012_.tmp.dll
C:\WINDOWS\system32\_000019_.tmp.dll
C:\WINDOWS\system32\219725
C:\WINDOWS\system32\219725\219725.dll
C:\WINDOWS\system32\ddcApoNe.dll
C:\WINDOWS\system32\efcCuspP.dll
C:\WINDOWS\system32\efcDTKdC.dll
C:\WINDOWS\system32\ekglve.dll
C:\WINDOWS\system32\geBututq.dll
C:\WINDOWS\system32\hgGyxUoN.dll
C:\WINDOWS\system32\ljJYOEwV.dll
C:\WINDOWS\system32\lphcjejj0epfe.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pmnMdayw.dll
C:\WINDOWS\system32\pphcjejj0epfe.exe
C:\WINDOWS\system32\Qqtvvyay.ini
C:\WINDOWS\system32\Qqtvvyay.ini2
C:\WINDOWS\system32\richvideocodec.dll
C:\WINDOWS\system32\sex1.ico
C:\WINDOWS\system32\sex2.ico
C:\WINDOWS\system32\vav.cpl
C:\WINDOWS\system32\vdlljtex.dll
C:\WINDOWS\system32\vhgfil.dll
C:\WINDOWS\system32\xxyxXpNH.dll
C:\WINDOWS\system32\yayvvtqQ.dll
C:\WINDOWS\system32\ypqfndiy.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-28 to 2008-07-31 ))))))))))))))))))))))))))))))))))))
.

2008-07-31 14:31 . 2008-07-31 14:31 <REP> d-------- C:\Program Files\Windows Sidebar
2008-07-31 14:31 . 2008-07-31 14:40 <REP> d-------- C:\Program Files\Norton AntiVirus
2008-07-31 14:31 . 2008-07-31 14:32 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-07-31 14:31 . 2008-07-31 14:32 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-07-31 14:31 . 2008-07-31 14:32 10,563 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-07-31 14:31 . 2008-07-31 14:32 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-07-31 14:22 . 2008-07-31 14:22 <REP> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-07-31 14:08 . 2008-07-31 14:08 99,200 --a------ C:\WINDOWS\system32\hvwkuxxn.dll
2008-07-31 13:54 . 2008-07-31 14:18 1,100,473 --a------ C:\Run.exe
2008-07-31 13:48 . 2008-07-31 13:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-07-31 02:41 . 2008-07-31 02:41 <REP> d-------- C:\Program Files\AVG
2008-07-31 02:41 . 2008-07-31 03:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-31 02:06 . 2008-07-31 02:06 <REP> d-------- C:\Program Files\Trend Micro
2008-07-31 01:36 . 2008-07-31 19:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-31 01:36 . 2008-07-31 01:36 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-31 01:29 . 2008-07-31 01:30 <REP> d-------- C:\Program Files\QuickTime
2008-07-28 19:06 . 2008-07-28 19:06 <REP> d-------- C:\Program Files\MP3 Remix
2008-07-28 19:06 . 2008-07-28 19:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MP3 Remix
2008-07-21 03:19 . 2008-07-21 03:19 1,072 --a------ C:\WINDOWS\system32\MRT.INI
2008-07-20 20:29 . 2008-07-20 20:31 6,300 --a------ C:\CTMeasureTiming.ini
2008-07-18 06:51 . 2008-07-18 06:51 <REP> d-------- C:\WINDOWS\system32\fr
2008-07-18 06:51 . 2008-07-18 06:51 <REP> d-------- C:\WINDOWS\system32\bits
2008-07-18 06:51 . 2008-07-18 06:51 <REP> d-------- C:\WINDOWS\l2schemas
2008-07-18 06:45 . 2008-07-18 06:51 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-07-18 06:30 . 2004-08-03 22:29 25,471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys
2008-07-18 06:30 . 2004-08-03 22:29 22,271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys
2008-07-18 06:28 . 2004-08-04 00:38 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-07-18 05:57 . 2008-07-31 15:36 <REP> d-------- C:\Program Files\WAV
2008-07-18 05:26 . 2008-07-18 05:50 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-18 04:34 . 2008-07-18 04:34 <REP> d-------- C:\Program Files\iPod
2008-07-18 04:00 . 2008-07-18 04:00 268 --ah----- C:\sqmdata07.sqm
2008-07-18 04:00 . 2008-07-18 04:00 244 --ah----- C:\sqmnoopt07.sqm
2008-07-18 03:22 . 2008-07-18 03:22 268 --ah----- C:\sqmdata06.sqm
2008-07-18 03:22 . 2008-07-18 03:22 244 --ah----- C:\sqmnoopt06.sqm
2008-07-09 19:46 . 2008-07-09 19:46 268 --ah----- C:\sqmdata05.sqm
2008-07-09 19:46 . 2008-07-09 19:46 244 --ah----- C:\sqmnoopt05.sqm
2008-07-08 22:00 . 2008-07-08 22:00 172 --ah----- C:\sqmnoopt04.sqm
2008-07-08 22:00 . 2008-07-08 22:00 172 --ah----- C:\sqmdata04.sqm
2008-07-08 12:06 . 2008-07-08 12:06 268 --ah----- C:\sqmdata03.sqm
2008-07-08 12:06 . 2008-07-08 12:06 244 --ah----- C:\sqmnoopt03.sqm
2008-07-07 19:13 . 2008-07-07 19:13 268 --ah----- C:\sqmdata02.sqm
2008-07-07 19:13 . 2008-07-07 19:13 244 --ah----- C:\sqmnoopt02.sqm
2008-07-07 19:07 . 2008-07-07 19:07 268 --ah----- C:\sqmdata01.sqm
2008-07-07 19:07 . 2008-07-07 19:07 244 --ah----- C:\sqmnoopt01.sqm
2008-06-20 19:47 . 2008-06-20 19:47 247,808 --------- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 19:47 . 2008-06-20 19:47 147,968 --------- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 13:51 . 2008-06-20 13:51 361,600 --------- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 13:40 . 2008-06-20 13:40 138,496 --------- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 13:08 . 2008-06-20 13:08 225,856 --------- C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-15 12:41 . 2008-06-15 12:41 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-06-15 11:48 . 2008-06-15 12:39 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\AdobeUM
2008-06-14 17:24 . 2008-06-14 18:36 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Creative
2008-06-14 17:13 . 2000-05-22 02:58 647,872 --------- C:\WINDOWS\system32\Mscomct2.ocx
2008-06-14 17:13 . 2006-10-06 00:17 53,248 --------- C:\WINDOWS\Ctregrun.exe
2008-06-14 17:12 . 2008-06-14 17:12 <REP> d-------- C:\Program Files\Audible
2008-06-14 17:12 . 2008-06-14 17:12 417,792 --a------ C:\WINDOWS\system32\awrdscdc.ax
2008-06-14 17:12 . 2001-08-17 22:43 24,576 --------- C:\WINDOWS\system32\msxml3a.dll
2008-06-14 17:10 . 2008-06-14 17:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Creative
2008-06-14 17:09 . 1999-12-12 19:01 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE
2008-06-14 17:09 . 1999-11-17 19:00 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE
2008-06-14 17:08 . 2008-06-14 17:08 <REP> d-------- C:\Program Files\Fichiers communs\Creative
2008-06-14 17:08 . 2008-06-14 17:10 <REP> d--h----- C:\Program Files\Creative Installation Information
2008-06-14 17:08 . 2008-06-14 17:13 <REP> d-------- C:\Program Files\Creative
2008-06-12 03:58 . 2008-06-12 03:58 144 --a------ C:\WINDOWS\Eudcedit.ini
2008-06-11 04:50 . 2008-07-29 11:08 <REP> d-------- C:\Program Files\Axis Communications
2008-06-10 23:27 . 2008-05-08 16:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-10 23:25 . 2008-06-14 19:33 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 23:25 . 2008-06-14 19:33 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-04 02:56 . 2008-07-08 23:59 78 --a------ C:\WINDOWS\iPlayer.INI
2008-06-04 02:54 . 2008-06-04 02:54 <REP> d-------- C:\Program Files\InterActual
2008-06-04 00:59 . 2008-07-07 19:16 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\dvdcss
2008-06-02 05:15 . 2008-06-02 05:16 <REP> d-------- C:\WINDOWS\system32\Adobe
2008-06-02 00:11 . 2008-06-02 00:11 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InterVideo

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-31 17:51 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-07-31 13:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-31 12:32 --------- d-----w C:\Program Files\Symantec
2008-07-31 11:58 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\LimeWire
2008-07-30 23:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-29 15:07 --------- d-----w C:\Program Files\LimeWire
2008-07-18 11:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-18 03:24 13,312 --s-a-w C:\WINDOWS\system32\cxbrk.dll
2008-07-18 02:35 --------- d-----w C:\Program Files\iTunes
2008-07-18 02:09 --------- d-----w C:\Program Files\Safari
2008-07-11 22:45 --------- d-----w C:\Program Files\IDoser v4
2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-05-29 14:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-29 14:43 --------- d-----w C:\Program Files\ConvertEuro
2008-05-09 10:55 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:55 90,112 ------w C:\WINDOWS\system32\dllcache\wshext.dll
2008-05-09 10:55 512,000 ------w C:\WINDOWS\system32\dllcache\jscript.dll
2008-05-09 10:55 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:55 430,080 ------w C:\WINDOWS\system32\dllcache\vbscript.dll
2008-05-09 10:55 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:55 180,224 ------w C:\WINDOWS\system32\dllcache\scrobj.dll
2008-05-09 10:55 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-09 10:55 172,032 ------w C:\WINDOWS\system32\dllcache\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-08 11:24 155,648 ------w C:\WINDOWS\system32\dllcache\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 09:07 135,168 ------w C:\WINDOWS\system32\dllcache\cscript.exe
2008-05-07 05:11 1,294,336 ------w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:11 1,294,336 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-23 20:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:41 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:41 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-04-14 02:50 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 02:37 332,800 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 02:33 98,816 ----a-w C:\WINDOWS\system32\psbase.dll
2008-04-14 02:32 86,073 ----a-w C:\WINDOWS\system32\dllcache\voicesub.dll
2008-04-14 02:31 97,792 ----a-w C:\WINDOWS\system32\dllcache\chtmbx.dll
2008-04-14 02:07 2,147,328 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 02:07 2,025,984 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 02:06 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 02:04 93,184 ------w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 02:04 93,184 ------w C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-04-14 02:03 81,920 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 02:02 50,688 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 02:00 572,416 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 01:59 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 01:58 1,845,760 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 01:58 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-14 01:57 70,144 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:43 9,728 ------w C:\WINDOWS\system32\comsdupd.exe
2008-04-13 18:43 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
2008-04-13 18:40 445,440 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 18:36 2,986,496 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 18:35 197,632 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:34 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-13 17:33 424,960 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-13 17:33 1,005,056 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 16:43 70,144 ----a-w C:\WINDOWS\system32\dllcache\pintlphr.exe
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
2007-09-26 17:31 2,532,922 ----a-w C:\WINDOWS\inf\SET2C2.tmp
2007-09-26 17:31 2,532,922 ------w C:\WINDOWS\inf\SET181.tmp
2004-08-05 08:00 1,568,358 ----a-w C:\WINDOWS\inf\SET332.tmp
2004-08-05 08:00 1,568,358 ----a-w C:\WINDOWS\inf\SET1FF.tmp
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-26 21:47 68856]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-06-01 12:46 196608]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 11:03 868352]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 10:11 925696]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"PTHOSTTR"="C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-02-14 11:56 122880]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-08-31 05:20 122940]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 18:46 761948]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 14:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 14:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 14:17 118784]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 10:49 454656]
"CognizanceTS"="C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 20:12 17920]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2006-01-26 14:35 172094]
"Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [2005-12-20 16:51 1187840]
"Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2006-03-09 17:38 806912]
"Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [2006-02-15 17:43 892928]
"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2005-11-08 12:59 184320]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-05-21 19:11 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 11:09 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 11:03 217088]
"CTCheck"="C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 11:08 397312]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-01-26 03:47 51048]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2008-02-07 08:49 718704]
"MsmqIntCert"="mqrt.dll" [2008-04-14 04:33 177152 C:\WINDOWS\system32\mqrt.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:33 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2005-07-25 20:41 40960 C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc"= ITIG726.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\WINDOWS\\SMINST\\Scheduler.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R2 ASChannel;Canal de communication local;C:\WINDOWS\System32\svchost.exe [2008-04-14 04:34]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe [2008-01-26 03:47]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
S3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys []
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 20:45]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27bba3c1-0b41-11dd-85cb-0014a5fba491}]
\Shell\AutoRun\command - F:\wd_windows_tools\setup.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

2008-07-31 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Administrateur.job
- C:\Program Files\Norton AntiVirus\Navw32.exe [2008-02-07 16:05]
.
- - - - ORPHANS REMOVED - - - -

BHO-{6305A9FC-3EFC-43DC-8DFC-0C2A15C762C2} - C:\WINDOWS\nfavxwdbxqn.dll
Toolbar-{F486C881-8E8F-4C25-B89F-36E1268FACD2} - C:\WINDOWS\fdkowvbp.dll
HKCU-Run-AUTORUN_VAL - C:\Program Files\ASC 2.1\asc 2.1.exe
HKCU-Run-\Win11.exe - C:\Windows\system32\Win11.exe
HKCU-Run-\Win12.exe - C:\Windows\system32\Win12.exe
HKCU-Run-\Win13.exe - C:\Windows\system32\Win13.exe
HKCU-Run-\Win14.exe - C:\Windows\system32\Win14.exe
HKCU-Run-\WinE.exe - C:\Windows\system32\WinE.exe
HKCU-Run-\WinF.exe - C:\Windows\system32\WinF.exe
HKCU-Run-\Win10.exe - C:\Windows\system32\Win10.exe
HKLM-Run-asc32 - C:\Program Files\ASC 2.1\asc 2.1.exe
HKLM-Run-Antivirus - C:\Program Files\VAV\vav.exe
HKLM-Run-lphcjejj0epfe - C:\WINDOWS\system32\lphcjejj0epfe.exe
HKLM-Run-SMrhcnejj0epfe - C:\Program Files\rhcnejj0epfe\rhcnejj0epfe.exe
HKLM-Run-\Win11.exe - C:\Windows\system32\Win11.exe
HKLM-Run-\Win12.exe - C:\Windows\system32\Win12.exe
HKLM-Run-\Win13.exe - C:\Windows\system32\Win13.exe
HKLM-Run-\Win14.exe - C:\Windows\system32\Win14.exe
HKLM-Run-\WinE.exe - C:\Windows\system32\WinE.exe
HKLM-Run-\WinF.exe - C:\Windows\system32\WinF.exe
HKLM-Run-\Win10.exe - C:\Windows\system32\Win10.exe
SharedTaskScheduler-{c96395b8-ab09-46a4-b539-7ddf6e061808} - (no file)


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
R0 -: HKCU-Main,Default_Search_URL = hxxp://internetsearchservice.com
R0 -: HKLM-Main,Search Bar = hxxp://internetsearchservice.com/ie6.html
R0 -: HKLM-Main,SearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
R1 -: HKLM-Internet Explorer,SearchURL = hxxp://internetsearchservice.com

O16 -: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://62.49.26.13/activex/AMC.cab
C:\WINDOWS\Downloaded Program Files\setup.inf

O16 -: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://65.7.199.200:7000/activex/AMC.cab
C:\WINDOWS\Downloaded Program Files\setup.inf


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-31 19:51:58
Windows 5.1.2600 Service Pack 3 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????^??????P??|?????? ??4B??????????????hB? ????^?

Balayage des fichiers cach‚s ...


**************************************************************************

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\Win11.exe"="C:\\Windows\\system32\\Win11.exe"
"\\Win12.exe"="C:\\Windows\\system32\\Win12.exe"
"\\Win13.exe"="C:\\Windows\\system32\\Win13.exe"
"\\Win14.exe"="C:\\Windows\\system32\\Win14.exe"
"\\WinE.exe"="C:\\Windows\\system32\\WinE.exe"
"\\WinF.exe"="C:\\Windows\\system32\\WinF.exe"
"\\Win10.exe"="C:\\Windows\\system32\\Win10.exe"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HPQ\IAM\Bin\asghost.exe
C:\WINDOWS\system32\scardsvr.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-31 19:59:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-31 17:58:26

Pre-Run: 13,648,220,160 octets libres
Post-Run: 14,227,873,792 octets libres

413 --- E O F --- 2008-07-25 01:01:09