Comment desinstaller Antivirus XP 2008 ?
Résolu/Fermé
Camille30
Messages postés
7
Date d'inscription
lundi 4 août 2008
Statut
Membre
Dernière intervention
8 septembre 2008
-
4 août 2008 à 21:18
Camille30 Messages postés 7 Date d'inscription lundi 4 août 2008 Statut Membre Dernière intervention 8 septembre 2008 - 7 août 2008 à 21:56
Camille30 Messages postés 7 Date d'inscription lundi 4 août 2008 Statut Membre Dernière intervention 8 septembre 2008 - 7 août 2008 à 21:56
A voir également:
- Comment desinstaller Antivirus XP 2008 ?
- Desinstaller edge - Guide
- Désinstaller onedrive - Guide
- Désinstaller mcafee - Guide
- Desinstaller logiciel windows - Guide
- Désinstaller bing - Guide
9 réponses
IronVI
Messages postés
72
Date d'inscription
lundi 28 juillet 2008
Statut
Membre
Dernière intervention
7 août 2008
7
4 août 2008 à 21:20
4 août 2008 à 21:20
salut !
Télécharger sur le bureau
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
=Double clic sur SmitfraudFix.zip
= Extraire tout
=Double clic sur SmitfraudFix
= Double Clic sur SmitfraudFix.cmd
=Choisir Option 1
= Sauver le rapport
---------
Redémarrer en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
Attention, pas d’accès à internet dans ce mode. Enregistrer ou imprimer les consignes.
Relancer le Pc et tapoter la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionner Mode sans échec ==> entrée ==>nom utilisateur habituel
---
Relancer Smitfraudfix
=Choisir Option 2
= Sauver le rapport
= Copier/coller les rapports dans la réponse
---------------------
++++++++++
Télécharger sur le bureau
http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe
=Double-clic dessus
= Clic Do a system scan and save the log
= copier le rapport, le coller dans la réponse
Télécharger sur le bureau
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
=Double clic sur SmitfraudFix.zip
= Extraire tout
=Double clic sur SmitfraudFix
= Double Clic sur SmitfraudFix.cmd
=Choisir Option 1
= Sauver le rapport
---------
Redémarrer en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
Attention, pas d’accès à internet dans ce mode. Enregistrer ou imprimer les consignes.
Relancer le Pc et tapoter la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionner Mode sans échec ==> entrée ==>nom utilisateur habituel
---
Relancer Smitfraudfix
=Choisir Option 2
= Sauver le rapport
= Copier/coller les rapports dans la réponse
---------------------
++++++++++
Télécharger sur le bureau
http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe
=Double-clic dessus
= Clic Do a system scan and save the log
= copier le rapport, le coller dans la réponse
Camille30
Messages postés
7
Date d'inscription
lundi 4 août 2008
Statut
Membre
Dernière intervention
8 septembre 2008
4 août 2008 à 21:25
4 août 2008 à 21:25
Merci de ta réponse aussi rapide !
Je le fais et je te tiens au courant.
Merci encore!
Je le fais et je te tiens au courant.
Merci encore!
Camille30
Messages postés
7
Date d'inscription
lundi 4 août 2008
Statut
Membre
Dernière intervention
8 septembre 2008
4 août 2008 à 22:12
4 août 2008 à 22:12
Voilà qui est fait !!
Alors le premier rapport :
SmitFraudFix v2.333
Rapport fait à 21:29:54,64, 04/08/2008
Executé à partir de C:\Documents and Settings\camille\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\EoRezo\EoEngine.exe
C:\Program Files\rhct84j0e785\rhct84j0e785.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe
C:\WINDOWS\system32\pphcp84j0e785.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\camille
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\camille\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\camille\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: SiS191 1000/100/10 Ethernet Device - Miniport d'ordonnancement de paquets
DNS Server Search Order: 195.5.219.1
Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 86.64.145.143
DNS Server Search Order: 84.103.237.143
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9E7099F1-7AA9-42F9-A4AA-14BFD42B4FB9}: DhcpNameServer=195.5.219.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C3ACD4A0-0863-4A57-8D09-444A4D38BB25}: NameServer=86.64.145.143 84.103.237.143
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9E7099F1-7AA9-42F9-A4AA-14BFD42B4FB9}: DhcpNameServer=195.5.219.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9E7099F1-7AA9-42F9-A4AA-14BFD42B4FB9}: DhcpNameServer=195.5.219.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9E7099F1-7AA9-42F9-A4AA-14BFD42B4FB9}: DhcpNameServer=195.5.219.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C3ACD4A0-0863-4A57-8D09-444A4D38BB25}: NameServer=86.64.145.143 84.103.237.143
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Le deuxieme en mode sans echec :
SmitFraudFix v2.333
Rapport fait à 21:46:30,76, 04/08/2008
Executé à partir de C:\Documents and Settings\camille\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9E7099F1-7AA9-42F9-A4AA-14BFD42B4FB9}: DhcpNameServer=195.5.219.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9E7099F1-7AA9-42F9-A4AA-14BFD42B4FB9}: DhcpNameServer=195.5.219.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9E7099F1-7AA9-42F9-A4AA-14BFD42B4FB9}: DhcpNameServer=195.5.219.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9E7099F1-7AA9-42F9-A4AA-14BFD42B4FB9}: DhcpNameServer=195.5.219.1
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
et enfin le troisieme avec hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:07:10, on 04/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\EoRezo\EoEngine.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Documents and Settings\camille\Local Settings\Temporary Internet Files\Content.IE5\H9N6NU1Z\HiJackThis[1].exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: (no name) - {23CC34FB-8CB2-0BB4-88B5-C5CD509AC1A4} - C:\DOCUME~1\RIC~1\APPLIC~1\LESSMO~1\DebugThe.exe (file missing)
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [fenaffiche] C:\Program Files\FenAffiche\FenUnika.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [InstaFinderK] C:\Program Files\INSTAFINK\InstaFinderK_inst.exe
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [Jugs Cake Default Once] C:\Documents and Settings\All Users\Application Data\amok test jugs cake\regsbags.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [MBBalloon] C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [wajpmywsi] c:\windows\system32\wajpmywsi.exe wajpmywsi
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [ItsTV] "C:\Program Files\ItsLabel\ItsTV.exe"
O4 - HKLM\..\Run: [advap32] "C:\DOCUME~1\rico\LOCALS~1\Temp\loader.exe" /r
O4 - HKLM\..\Run: [SMrhct84j0e785] C:\Program Files\rhct84j0e785\rhct84j0e785.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\procia.exe /run
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: MediaChecker.lnk = C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office2K\Office\OSA9.EXE
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://www.tele2mail.com/static/apps/utils/AccountHelper.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3ACD4A0-0863-4A57-8D09-444A4D38BB25}: NameServer = 86.64.145.144 84.103.237.144
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! Web Scanner avast!Browser (avast!Browser) - Unknown owner - C:\WINDOWS\
O23 - Service: avast! Mail Scanner avast!wscsvc (avast!wscsvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Service de transfert intelligent en arrière-plan BITSlanmanworkstation (BITSlanmanworkstation) - Unknown owner - C:\WINDOWS\
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Bluetooth Service btwdinslanmanserver (btwdinslanmanserver) - Unknown owner - C:\WINDOWS\
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Gestionnaire de l'Album ClipSrvSysmonLog (ClipSrvSysmonLog) - Unknown owner - C:\WINDOWS\
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Creative Service for CDROM Access CreativeRDSessMgr (CreativeRDSessMgr) - Unknown owner - C:\WINDOWS\
O23 - Service: Lanceur de processus serveur DCOM DcomLaunchNtmsSvc (DcomLaunchNtmsSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Service d'administration du Gestionnaire de disque logique dmadminEventlog (dmadminEventlog) - Unknown owner - C:\WINDOWS\
O23 - Service: Gestionnaire de disque logique dmservernavapsvcCryptSvc (dmservernavapsvcCryptSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Journal des événements EventlogSwPrvSamSs (EventlogSwPrvSamSs) - Unknown owner - C:\WINDOWS\
O23 - Service: Système d'événements de COM+ EventSystemClipSrvSysmonLog (EventSystemClipSrvSysmonLog) - Unknown owner - C:\WINDOWS\
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Serveur lanmanserverdmadminEventlog (lanmanserverdmadminEventlog) - Unknown owner - C:\WINDOWS\
O23 - Service: Assistance TCP/IP NetBIOS LmHostswuauserv (LmHostswuauserv) - Unknown owner - C:\WINDOWS\
O23 - Service: Affichage des messages MessengerEventlog (MessengerEventlog) - Unknown owner - C:\WINDOWS\
O23 - Service: Affichage des messages MessengerEventlog MessengerEventlogSSDPSRV (MessengerEventlogSSDPSRV) - Unknown owner - C:\WINDOWS\
O23 - Service: Partage de Bureau à distance NetMeeting mnmsrvc Antivirus (mnmsrvc Antivirus) - Unknown owner - C:\WINDOWS\
O23 - Service: Partage de Bureau à distance NetMeeting mnmsrvcImapiService (mnmsrvcImapiService) - Unknown owner - C:\WINDOWS\
O23 - Service: Partage de Bureau à distance NetMeeting mnmsrvcImapiService mnmsrvcImapiServiceProtectedStorage (mnmsrvcImapiServiceProtectedStorage) - Unknown owner - C:\WINDOWS\
O23 - Service: Windows Installer MSIServerWudfSvcWebClient (MSIServerWudfSvcWebClient) - Unknown owner - C:\WINDOWS\
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Service Norton AntiVirus Auto-Protect navapsvcCryptSvc (navapsvcCryptSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Services IPSEC PolicyAgentSAVScan (PolicyAgentSAVScan) - Unknown owner - C:\WINDOWS\
O23 - Service: PsShutdown (PsShutdownSvc) - Systems Internals - C:\WINDOWS\System32\PSSDNSVC.EXE
O23 - Service: PsShutdown PsShutdownSvcSpooler (PsShutdownSvcSpooler) - Unknown owner - C:\WINDOWS\
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: SAVScan SAVScanPsShutdownSvc (SAVScanPsShutdownSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: SAVScan SAVScanPsShutdownSvc SAVScanPsShutdownSvcSSDPSRV (SAVScanPsShutdownSvcSSDPSRV) - Unknown owner - C:\WINDOWS\
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: ScriptBlocking Service SBServiceRasAuto (SBServiceRasAuto) - Unknown owner - C:\WINDOWS\
O23 - Service: ScriptBlocking Service SBServiceSSDPSRVavast!Browser (SBServiceSSDPSRVavast!Browser) - Unknown owner - C:\WINDOWS\
O23 - Service: Notification d'événement système SENSSamSs (SENSSamSs) - Unknown owner - C:\WINDOWS\
O23 - Service: Pare-feu Windows / Partage de connexion Internet SharedAccessTrkWks (SharedAccessTrkWks) - Unknown owner - C:\WINDOWS\
O23 - Service: Service de restauration système srserviceTrkWksWebClientxmlprov (srserviceTrkWksWebClientxmlprov) - Unknown owner - C:\WINDOWS\
O23 - Service: Service de découvertes SSDP SSDPSRVavast!Browser (SSDPSRVavast!Browser) - Unknown owner - C:\WINDOWS\
O23 - Service: MS Software Shadow Copy Provider SwPrvSamSs (SwPrvSamSs) - Unknown owner - C:\WINDOWS\
O23 - Service: Client de suivi de lien distribué TrkWksTapiSrv (TrkWksTapiSrv) - Unknown owner - C:\WINDOWS\
O23 - Service: Client de suivi de lien distribué TrkWksWebClientxmlprov (TrkWksWebClientxmlprov) - Unknown owner - C:\WINDOWS\
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: WebClient WebClient Antivirus (WebClient Antivirus) - Unknown owner - C:\WINDOWS\
O23 - Service: WebClient WebClientxmlprov (WebClientxmlprov) - Unknown owner - C:\WINDOWS\
O23 - Service: Service de numéro de série du lecteur multimédia portable WmdmPmSNccPwdSvc (WmdmPmSNccPwdSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Carte de performance WMI WmiApSrvaspnet_state (WmiApSrvaspnet_state) - Unknown owner - C:\WINDOWS\
O23 - Service: Carte de performance WMI WmiApSrvaspnet_state WmiApSrvaspnet_stateRpcLocator (WmiApSrvaspnet_stateRpcLocator) - Unknown owner - C:\WINDOWS\
O23 - Service: Service Partage réseau du Lecteur Windows Media WMPNetworkSvc Antivirus (WMPNetworkSvc Antivirus) - Unknown owner - C:\WINDOWS\
O23 - Service: Windows Driver Foundation - User-mode Driver Framework WudfSvcWebClient (WudfSvcWebClient) - Unknown owner - C:\WINDOWS\
Alors le premier rapport :
SmitFraudFix v2.333
Rapport fait à 21:29:54,64, 04/08/2008
Executé à partir de C:\Documents and Settings\camille\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\EoRezo\EoEngine.exe
C:\Program Files\rhct84j0e785\rhct84j0e785.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe
C:\WINDOWS\system32\pphcp84j0e785.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\camille
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\camille\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\camille\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: SiS191 1000/100/10 Ethernet Device - Miniport d'ordonnancement de paquets
DNS Server Search Order: 195.5.219.1
Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 86.64.145.143
DNS Server Search Order: 84.103.237.143
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9E7099F1-7AA9-42F9-A4AA-14BFD42B4FB9}: DhcpNameServer=195.5.219.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C3ACD4A0-0863-4A57-8D09-444A4D38BB25}: NameServer=86.64.145.143 84.103.237.143
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9E7099F1-7AA9-42F9-A4AA-14BFD42B4FB9}: DhcpNameServer=195.5.219.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9E7099F1-7AA9-42F9-A4AA-14BFD42B4FB9}: DhcpNameServer=195.5.219.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9E7099F1-7AA9-42F9-A4AA-14BFD42B4FB9}: DhcpNameServer=195.5.219.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C3ACD4A0-0863-4A57-8D09-444A4D38BB25}: NameServer=86.64.145.143 84.103.237.143
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Le deuxieme en mode sans echec :
SmitFraudFix v2.333
Rapport fait à 21:46:30,76, 04/08/2008
Executé à partir de C:\Documents and Settings\camille\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9E7099F1-7AA9-42F9-A4AA-14BFD42B4FB9}: DhcpNameServer=195.5.219.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9E7099F1-7AA9-42F9-A4AA-14BFD42B4FB9}: DhcpNameServer=195.5.219.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9E7099F1-7AA9-42F9-A4AA-14BFD42B4FB9}: DhcpNameServer=195.5.219.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9E7099F1-7AA9-42F9-A4AA-14BFD42B4FB9}: DhcpNameServer=195.5.219.1
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
et enfin le troisieme avec hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:07:10, on 04/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\EoRezo\EoEngine.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Documents and Settings\camille\Local Settings\Temporary Internet Files\Content.IE5\H9N6NU1Z\HiJackThis[1].exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: (no name) - {23CC34FB-8CB2-0BB4-88B5-C5CD509AC1A4} - C:\DOCUME~1\RIC~1\APPLIC~1\LESSMO~1\DebugThe.exe (file missing)
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [fenaffiche] C:\Program Files\FenAffiche\FenUnika.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [InstaFinderK] C:\Program Files\INSTAFINK\InstaFinderK_inst.exe
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [Jugs Cake Default Once] C:\Documents and Settings\All Users\Application Data\amok test jugs cake\regsbags.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [MBBalloon] C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [wajpmywsi] c:\windows\system32\wajpmywsi.exe wajpmywsi
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [ItsTV] "C:\Program Files\ItsLabel\ItsTV.exe"
O4 - HKLM\..\Run: [advap32] "C:\DOCUME~1\rico\LOCALS~1\Temp\loader.exe" /r
O4 - HKLM\..\Run: [SMrhct84j0e785] C:\Program Files\rhct84j0e785\rhct84j0e785.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\procia.exe /run
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: MediaChecker.lnk = C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office2K\Office\OSA9.EXE
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://www.tele2mail.com/static/apps/utils/AccountHelper.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3ACD4A0-0863-4A57-8D09-444A4D38BB25}: NameServer = 86.64.145.144 84.103.237.144
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! Web Scanner avast!Browser (avast!Browser) - Unknown owner - C:\WINDOWS\
O23 - Service: avast! Mail Scanner avast!wscsvc (avast!wscsvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Service de transfert intelligent en arrière-plan BITSlanmanworkstation (BITSlanmanworkstation) - Unknown owner - C:\WINDOWS\
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Bluetooth Service btwdinslanmanserver (btwdinslanmanserver) - Unknown owner - C:\WINDOWS\
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Gestionnaire de l'Album ClipSrvSysmonLog (ClipSrvSysmonLog) - Unknown owner - C:\WINDOWS\
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Creative Service for CDROM Access CreativeRDSessMgr (CreativeRDSessMgr) - Unknown owner - C:\WINDOWS\
O23 - Service: Lanceur de processus serveur DCOM DcomLaunchNtmsSvc (DcomLaunchNtmsSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Service d'administration du Gestionnaire de disque logique dmadminEventlog (dmadminEventlog) - Unknown owner - C:\WINDOWS\
O23 - Service: Gestionnaire de disque logique dmservernavapsvcCryptSvc (dmservernavapsvcCryptSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Journal des événements EventlogSwPrvSamSs (EventlogSwPrvSamSs) - Unknown owner - C:\WINDOWS\
O23 - Service: Système d'événements de COM+ EventSystemClipSrvSysmonLog (EventSystemClipSrvSysmonLog) - Unknown owner - C:\WINDOWS\
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Serveur lanmanserverdmadminEventlog (lanmanserverdmadminEventlog) - Unknown owner - C:\WINDOWS\
O23 - Service: Assistance TCP/IP NetBIOS LmHostswuauserv (LmHostswuauserv) - Unknown owner - C:\WINDOWS\
O23 - Service: Affichage des messages MessengerEventlog (MessengerEventlog) - Unknown owner - C:\WINDOWS\
O23 - Service: Affichage des messages MessengerEventlog MessengerEventlogSSDPSRV (MessengerEventlogSSDPSRV) - Unknown owner - C:\WINDOWS\
O23 - Service: Partage de Bureau à distance NetMeeting mnmsrvc Antivirus (mnmsrvc Antivirus) - Unknown owner - C:\WINDOWS\
O23 - Service: Partage de Bureau à distance NetMeeting mnmsrvcImapiService (mnmsrvcImapiService) - Unknown owner - C:\WINDOWS\
O23 - Service: Partage de Bureau à distance NetMeeting mnmsrvcImapiService mnmsrvcImapiServiceProtectedStorage (mnmsrvcImapiServiceProtectedStorage) - Unknown owner - C:\WINDOWS\
O23 - Service: Windows Installer MSIServerWudfSvcWebClient (MSIServerWudfSvcWebClient) - Unknown owner - C:\WINDOWS\
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Service Norton AntiVirus Auto-Protect navapsvcCryptSvc (navapsvcCryptSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Services IPSEC PolicyAgentSAVScan (PolicyAgentSAVScan) - Unknown owner - C:\WINDOWS\
O23 - Service: PsShutdown (PsShutdownSvc) - Systems Internals - C:\WINDOWS\System32\PSSDNSVC.EXE
O23 - Service: PsShutdown PsShutdownSvcSpooler (PsShutdownSvcSpooler) - Unknown owner - C:\WINDOWS\
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: SAVScan SAVScanPsShutdownSvc (SAVScanPsShutdownSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: SAVScan SAVScanPsShutdownSvc SAVScanPsShutdownSvcSSDPSRV (SAVScanPsShutdownSvcSSDPSRV) - Unknown owner - C:\WINDOWS\
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: ScriptBlocking Service SBServiceRasAuto (SBServiceRasAuto) - Unknown owner - C:\WINDOWS\
O23 - Service: ScriptBlocking Service SBServiceSSDPSRVavast!Browser (SBServiceSSDPSRVavast!Browser) - Unknown owner - C:\WINDOWS\
O23 - Service: Notification d'événement système SENSSamSs (SENSSamSs) - Unknown owner - C:\WINDOWS\
O23 - Service: Pare-feu Windows / Partage de connexion Internet SharedAccessTrkWks (SharedAccessTrkWks) - Unknown owner - C:\WINDOWS\
O23 - Service: Service de restauration système srserviceTrkWksWebClientxmlprov (srserviceTrkWksWebClientxmlprov) - Unknown owner - C:\WINDOWS\
O23 - Service: Service de découvertes SSDP SSDPSRVavast!Browser (SSDPSRVavast!Browser) - Unknown owner - C:\WINDOWS\
O23 - Service: MS Software Shadow Copy Provider SwPrvSamSs (SwPrvSamSs) - Unknown owner - C:\WINDOWS\
O23 - Service: Client de suivi de lien distribué TrkWksTapiSrv (TrkWksTapiSrv) - Unknown owner - C:\WINDOWS\
O23 - Service: Client de suivi de lien distribué TrkWksWebClientxmlprov (TrkWksWebClientxmlprov) - Unknown owner - C:\WINDOWS\
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: WebClient WebClient Antivirus (WebClient Antivirus) - Unknown owner - C:\WINDOWS\
O23 - Service: WebClient WebClientxmlprov (WebClientxmlprov) - Unknown owner - C:\WINDOWS\
O23 - Service: Service de numéro de série du lecteur multimédia portable WmdmPmSNccPwdSvc (WmdmPmSNccPwdSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Carte de performance WMI WmiApSrvaspnet_state (WmiApSrvaspnet_state) - Unknown owner - C:\WINDOWS\
O23 - Service: Carte de performance WMI WmiApSrvaspnet_state WmiApSrvaspnet_stateRpcLocator (WmiApSrvaspnet_stateRpcLocator) - Unknown owner - C:\WINDOWS\
O23 - Service: Service Partage réseau du Lecteur Windows Media WMPNetworkSvc Antivirus (WMPNetworkSvc Antivirus) - Unknown owner - C:\WINDOWS\
O23 - Service: Windows Driver Foundation - User-mode Driver Framework WudfSvcWebClient (WudfSvcWebClient) - Unknown owner - C:\WINDOWS\
IronVI
Messages postés
72
Date d'inscription
lundi 28 juillet 2008
Statut
Membre
Dernière intervention
7 août 2008
7
6 août 2008 à 16:18
6 août 2008 à 16:18
Il y'a des infections toujours présente .
Télécharger sur le bureau https://www.besttechie.com/resources/malwarebytes/ Malwarebyte's Anti-Malware
=> double-clic sur mbam-setup pour lancer l'installation
=> Installer simplement sans rien modifier
=> Quand le programme lancé ==> onglet Mise à jour cliquer sur => Recherche de mise à jour
Onglet Recherche=> cocher Exécuter un examen complet
=> Clic Rechercher
=> Eventuellement décocher les disque à ne pas analyser
=> Clic Lancer l'examen
=> En fin de scan , si infection trouvée
==> Clic Afficher résultat
=> Fermer vos applications en cours
=> Vérifier si tout est coché et clic Supprimer la sélection
=> un rapport s'ouvre le copier et le coller dans la réponse
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Télécharger et enregistrer sur le bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe Combofix
=Double-clic sur Combofix
= Presser 1 si demandé
= Attendre la fermeture de l’outil ( 5 -10 mn ou plus si infection importante)
=Copier/coller le rapport dans la réponse
Un rapport dans C:\Combofix.txt à mettre dans la réponse
Réactiver l'antivirus
============
supprimer ensuite
combofix
QooBox qui est à C:\
Télécharger sur le bureau https://www.besttechie.com/resources/malwarebytes/ Malwarebyte's Anti-Malware
=> double-clic sur mbam-setup pour lancer l'installation
=> Installer simplement sans rien modifier
=> Quand le programme lancé ==> onglet Mise à jour cliquer sur => Recherche de mise à jour
Onglet Recherche=> cocher Exécuter un examen complet
=> Clic Rechercher
=> Eventuellement décocher les disque à ne pas analyser
=> Clic Lancer l'examen
=> En fin de scan , si infection trouvée
==> Clic Afficher résultat
=> Fermer vos applications en cours
=> Vérifier si tout est coché et clic Supprimer la sélection
=> un rapport s'ouvre le copier et le coller dans la réponse
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Télécharger et enregistrer sur le bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe Combofix
=Double-clic sur Combofix
= Presser 1 si demandé
= Attendre la fermeture de l’outil ( 5 -10 mn ou plus si infection importante)
=Copier/coller le rapport dans la réponse
Un rapport dans C:\Combofix.txt à mettre dans la réponse
Réactiver l'antivirus
============
supprimer ensuite
combofix
QooBox qui est à C:\
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Camille30
Messages postés
7
Date d'inscription
lundi 4 août 2008
Statut
Membre
Dernière intervention
8 septembre 2008
7 août 2008 à 12:01
7 août 2008 à 12:01
Alors
Voici le premier rapport par Malwarebyte's :
Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1030
Windows 5.1.2600 Service Pack 2
11:18:41 07/08/2008
mbam-log-8-7-2008 (11-18-41).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 159883
Temps écoulé: 10 hour(s), 50 minute(s), 12 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 76
Fichier(s) infecté(s): 100
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhct84j0e785 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhct84j0e785 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\BootStera (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\Instant Access (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Center (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Center\Icons (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\DesktopIcons (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\589403806 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\589403806\es6-external-api.dlv4.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\589403806\es6-external-api.dlv4.com\js (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\589403806\es6-scripts.dlv4.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\589403806\es6-scripts.dlv4.com\Common (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\589403806\es6-scripts.dlv4.com\custom (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\589403806\es6-scripts.dlv4.com\custom\1 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\589403806\es6-scripts.dlv4.com\custom\4102 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\589403806\es6-scripts.dlv4.com\custom\4102\FR (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\589403806\www.rapid-pass.net (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\es6-external-api.dlv4.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\es6-external-api.dlv4.com\js (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\es6-scripts.dlv4.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\es6-scripts.dlv4.com\Common (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\es6-scripts.dlv4.com\custom (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\es6-scripts.dlv4.com\custom\1 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\es6-scripts.dlv4.com\custom\4102 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\es6-scripts.dlv4.com\custom\4102\FR (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\www.5ZGMU7O20KT5D8YQ.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\www.5ZGMU7O20KT5D8YQ.com\Common (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\www.f5biz.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\www.f5biz.com\dial (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\www.f5biz.com\dial\htm (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\www.f5biz.com\dial\htm\img (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\www.f5biz.com\dial\htm\photos (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\www.f5biz.com\dial\htm\photos\beurettes (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\www.rapid-pass.net (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060514230534 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060514230534\Common (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060514230534\js (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060514230534\medias (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060528230558 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060528230558\Common (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060528230558\js (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060528230558\medias (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\rhct84j0e785 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Application Data\rhct84j0e785 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Application Data\rhct84j0e785\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Application Data\rhct84j0e785\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Application Data\rhct84j0e785\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Application Data\rhct84j0e785\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Application Data\rhct84j0e785\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Application Data\rhct84j0e785\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Application Data\rhct84j0e785\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Application Data\rhct84j0e785\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Application Data\rhct84j0e785\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Application Data\rhct84j0e785\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\frédérique\Application Data\rhct84j0e785 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\frédérique\Application Data\rhct84j0e785\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\frédérique\Application Data\rhct84j0e785\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\frédérique\Application Data\rhct84j0e785\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\frédérique\Application Data\rhct84j0e785\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\frédérique\Application Data\rhct84j0e785\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\frédérique\Application Data\rhct84j0e785\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\frédérique\Application Data\rhct84j0e785\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\frédérique\Application Data\rhct84j0e785\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\frédérique\Application Data\rhct84j0e785\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\frédérique\Application Data\rhct84j0e785\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\camille\Application Data\rhct84j0e785 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\camille\Application Data\rhct84j0e785\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\camille\Application Data\rhct84j0e785\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\camille\Application Data\rhct84j0e785\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\camille\Application Data\rhct84j0e785\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\camille\Application Data\rhct84j0e785\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\camille\Application Data\rhct84j0e785\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\camille\Application Data\rhct84j0e785\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\camille\Application Data\rhct84j0e785\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\camille\Application Data\rhct84j0e785\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\camille\Application Data\rhct84j0e785\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\System Volume Information\_restore{8B26E68C-EAC6-4030-A534-10211A3E8170}\RP766\A0311637.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8B26E68C-EAC6-4030-A534-10211A3E8170}\RP766\A0311629.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8B26E68C-EAC6-4030-A534-10211A3E8170}\RP766\A0311630.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8B26E68C-EAC6-4030-A534-10211A3E8170}\RP766\A0311631.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8B26E68C-EAC6-4030-A534-10211A3E8170}\RP766\A0311632.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8B26E68C-EAC6-4030-A534-10211A3E8170}\RP766\A0311633.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8B26E68C-EAC6-4030-A534-10211A3E8170}\RP766\A0311634.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8B26E68C-EAC6-4030-A534-10211A3E8170}\RP766\A0311635.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8B26E68C-EAC6-4030-A534-10211A3E8170}\RP766\A0311636.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Acces-Sex.ico (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Center\Acces-Sex.lnk (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Center\sexe69.lnk (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Center\sexe69.upd (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Center\tray1.ico (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Center\Icons\sexe69.lnk (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\DesktopIcons\Acces-Sex.lnk (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\DesktopIcons\sexe69.lnk (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\589403806\es6-external-api.dlv4.com\js\0d5a07f8f714187329300d1e3582eac7 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\589403806\es6-scripts.dlv4.com\Common\9a139172888eb350b46e1f52016875cc.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\589403806\es6-scripts.dlv4.com\custom\1\dialer.ico (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\589403806\es6-scripts.dlv4.com\custom\4102\FR\button1.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\589403806\es6-scripts.dlv4.com\custom\4102\FR\button2.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\589403806\es6-scripts.dlv4.com\custom\4102\FR\button3.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\589403806\es6-scripts.dlv4.com\custom\4102\FR\button4.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\589403806\www.rapid-pass.net\8a7d78d1e1e513ca5c4658a6d088b8bc (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\es6-external-api.dlv4.com\js\989143010427cbf3954b1d39c4334d7d (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\es6-scripts.dlv4.com\Common\cf41b3cb6f53310682d339367c808fcf.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\es6-scripts.dlv4.com\custom\1\dialer.ico (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\es6-scripts.dlv4.com\custom\4102\FR\button1.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\es6-scripts.dlv4.com\custom\4102\FR\button2.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\es6-scripts.dlv4.com\custom\4102\FR\button3.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\es6-scripts.dlv4.com\custom\4102\FR\button4.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\www.f5biz.com\dial\htm\e4d645669e44dc918c510566d92866a2.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\www.f5biz.com\dial\htm\img\pix.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\www.f5biz.com\dial\htm\photos\beurettes\4.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\www.rapid-pass.net\6dccd65610936763bdb232a470290fac_ (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060514230534\dialerexe.ini (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060514230534\Common\module.php (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060514230534\js\js_api_dialer.php (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060514230534\medias\3804_dialer.ico (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060514230534\medias\button1.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060514230534\medias\button2.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060514230534\medias\button3.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060514230534\medias\button4.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060528230558\dialerexe.ini (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060528230558\Common\module.php (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060528230558\js\js_api_dialer.php (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060528230558\medias\button1.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060528230558\medias\button2.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060528230558\medias\button3.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060528230558\medias\button4.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060528230558\medias\dialer.ico (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\rhct84j0e785\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhct84j0e785\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhct84j0e785\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhct84j0e785\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhct84j0e785\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhct84j0e785\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhct84j0e785\rhct84j0e785.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhct84j0e785\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Bureau\Antivirus XP 2008.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphcp84j0e785.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcp84j0e785.jpg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\tmlpcert2007 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pqqrbmphi_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wajpmywsi_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yawtesgq_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yoczeskmeb_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yyspqrg_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zkaojmftao_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pqqrbmphi_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wajpmywsi_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yawtesgq_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yoczeskmeb_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yyspqrg_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zkaojmftao_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\camille\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Local Settings\Temp\.tt15.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\frédérique\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\frédérique\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\frédérique\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\frédérique\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\frédérique\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\frédérique\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\frédérique\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
Celui par ComboFix :
ComboFix 08-08-06.02 - camille 2008-08-07 11:27:31.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.583 [GMT 2:00]
Endroit: C:\Documents and Settings\camille\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\rico\Application Data\inst.exe
C:\Program Files\Altnet
C:\Program Files\Need2Find
C:\Program Files\Need2Find\bar\1.bin\N2FFXTBR.JAR
C:\Program Files\Need2Find\bar\1.bin\N2NTSTBR.JAR
C:\Program Files\Need2Find\bar\1.bin\PARTNER.DAT
C:\Program Files\Need2Find\bar\Cache\[u]0/u0091E3A
C:\Program Files\Need2Find\bar\Cache\files.ini
C:\Program Files\Need2Find\bar\History\search
C:\Program Files\Need2Find\bar\Settings\prevcfg.htm
C:\WINDOWS\smdat32a.sys
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\system32\6.tmp
C:\WINDOWS\system32\7.tmp
C:\WINDOWS\system32\8.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\P2P Networking
C:\WINDOWS\system32\P2P Networking\Cache\Database\file-1001-597.sig
C:\WINDOWS\system32\P2P Networking\Cache\Database\index256.dbb
C:\WINDOWS\system32\P2P Networking\P2P Networking.eng
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\zkaojmftao.dat
C:\WINDOWS\system32\zkaojmftao_navtmp.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_FOPN
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-07 to 2008-08-07 ))))))))))))))))))))))))))))))))))))
.
2008-08-04 21:30 . 2008-08-04 21:46 6,048 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-04 19:15 . 2008-08-04 19:15 <REP> d-------- C:\Documents and Settings\camille\Application Data\TuneUp Software
2008-08-04 19:15 . 2008-08-04 19:15 355,584 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-08-04 19:15 . 2008-05-29 09:28 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-08-04 19:14 . 2008-08-04 19:15 <REP> d-------- C:\Program Files\TuneUp Utilities 2008
2008-08-04 19:14 . 2008-08-04 19:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-08-04 13:00 . 2008-08-04 13:00 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-04 13:00 . 2008-08-04 13:00 <REP> d-------- C:\Documents and Settings\camille\Application Data\SUPERAntiSpyware.com
2008-08-04 13:00 . 2008-08-04 13:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-04 12:50 . 2008-08-04 12:51 <REP> d-------- C:\Program Files\Navilog1
2008-08-04 12:46 . 2008-08-04 12:46 <REP> d-------- C:\Lop SD
2008-08-04 12:43 . 2008-08-04 12:43 <REP> d-------- C:\Program Files\CCleaner
2008-08-04 11:58 . 2008-08-04 11:58 <REP> d-------- C:\Documents and Settings\camille\Application Data\Malwarebytes
2008-08-04 11:58 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-04 11:58 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-04 11:57 . 2008-08-07 00:25 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-04 11:57 . 2008-08-04 11:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-04 11:40 . 2008-08-04 11:40 <REP> d-------- C:\Program Files\Trend Micro
2008-08-04 11:17 . 2008-08-04 11:29 <REP> d-------- C:\Program Files\RogueRemover FREE
2008-08-01 17:10 . 2008-08-01 17:10 0 --a------ C:\WINDOWS\system32\D.tmp
2008-07-31 18:40 . 2008-07-31 18:40 <REP> d-------- C:\Documents and Settings\camille\Application Data\Avira
2008-07-31 18:35 . 2008-08-04 20:32 <REP> d-------- C:\Program Files\Avira
2008-07-31 18:35 . 2008-08-04 20:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-30 13:30 . 2008-07-30 13:30 268 --ah----- C:\sqmdata19.sqm
2008-07-30 13:30 . 2008-07-30 13:30 244 --ah----- C:\sqmnoopt19.sqm
2008-07-30 13:18 . 2008-07-30 13:34 32 --a-s---- C:\WINDOWS\system32\272536097.dat
2008-07-29 21:09 . 2008-07-29 21:09 268 --ah----- C:\sqmdata18.sqm
2008-07-29 21:09 . 2008-07-29 21:09 244 --ah----- C:\sqmnoopt18.sqm
2008-07-28 17:54 . 2008-07-28 17:54 <REP> d-------- C:\Program Files\VSO
2008-07-28 17:54 . 2008-07-28 18:03 <REP> d-------- C:\Documents and Settings\rico\Application Data\Vso
2008-07-28 17:54 . 2008-07-28 17:54 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-07-28 17:54 . 2008-07-28 17:54 47,360 --a------ C:\Documents and Settings\rico\Application Data\pcouffin.sys
2008-07-25 17:34 . 2008-07-25 17:34 268 --ah----- C:\sqmdata17.sqm
2008-07-25 17:34 . 2008-07-25 17:34 244 --ah----- C:\sqmnoopt17.sqm
2008-07-25 14:40 . 2008-07-25 14:40 <REP> d-------- C:\Documents and Settings\rico\Application Data\ItsLabel
2008-07-24 22:01 . 2008-07-24 22:01 268 --ah----- C:\sqmdata16.sqm
2008-07-24 22:01 . 2008-07-24 22:01 244 --ah----- C:\sqmnoopt16.sqm
2008-07-24 18:05 . 2008-07-24 18:05 <REP> d-------- C:\Documents and Settings\camille\Application Data\ItsLabel
2008-07-24 18:05 . 2008-08-06 11:17 <REP> d-------- C:\Documents and Settings\camille\Application Data\EoRezo
2008-07-24 17:40 . 2008-07-24 17:40 <REP> d-------- C:\Program Files\Rocket Division Software
2008-07-23 20:23 . 2008-08-06 11:17 <REP> d-------- C:\Program Files\EoRezo
2008-07-23 20:23 . 2008-08-06 06:48 <REP> d-------- C:\Documents and Settings\rico\Application Data\EoRezo
2008-07-22 22:39 . 2008-07-22 22:39 172 --ah----- C:\sqmnoopt15.sqm
2008-07-22 22:39 . 2008-07-22 22:39 172 --ah----- C:\sqmdata15.sqm
2008-07-22 15:52 . 2008-07-22 15:52 268 --ah----- C:\sqmdata14.sqm
2008-07-22 15:52 . 2008-07-22 15:52 244 --ah----- C:\sqmnoopt14.sqm
2008-07-18 20:39 . 2008-07-18 20:39 587,264 --a------ C:\WINDOWS\WLXPGSS.SCR
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-07 09:41 --------- d-----w C:\Documents and Settings\camille\Application Data\OpenOffice.org2
2008-08-07 09:40 --------- d-----w C:\Program Files\eMule
2008-08-07 09:25 --------- d-----w C:\Documents and Settings\camille\Application Data\vmntoolbar
2008-08-06 22:23 --------- d-----w C:\Documents and Settings\rico\Application Data\VMNTOOLBAR
2008-08-06 15:46 --------- d-----w C:\Documents and Settings\rico\Application Data\OpenOffice.org2
2008-08-06 15:46 --------- d-----w C:\Documents and Settings\rico\Application Data\AdobeUM
2008-08-06 09:30 --------- d-----w C:\Documents and Settings\camille\Application Data\LimeWire
2008-08-06 09:16 --------- d-----w C:\Program Files\InterActual
2008-08-04 17:13 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-08-03 09:58 1,796 ----a-w C:\Documents and Settings\rico\Application Data\wklnhst.dat
2008-08-02 16:19 --------- d-----w C:\Program Files\FinePixViewer
2008-07-28 15:58 --------- d-----w C:\Documents and Settings\rico\Application Data\Ahead
2008-07-25 13:46 --------- d-----w C:\Documents and Settings\rico\Application Data\LimeWire
2008-07-12 16:53 12,830 ----a-w C:\Documents and Settings\camille\Application Data\wklnhst.dat
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-24 03:51 7 ----a-w C:\Documents and Settings\rico\license.bin
2007-10-16 22:04 4,823,189 ----a-w C:\Documents and Settings\rico\pPokerSetup.exe
2007-03-08 17:33 10,823 ---ha-w C:\Program Files\GIFAnimator.GID
2006-10-10 17:41 578 ----a-w C:\Documents and Settings\marie\Application Data\wklnhst.dat
2006-08-30 21:26 536,064 ----a-w C:\Program Files\GIFAnimator.exe
2006-08-30 21:26 248 ----a-w C:\Program Files\GIFAnimator.cnt
2006-08-30 21:26 17,642 ----a-w C:\Program Files\GIFAnimator.hlp
2006-08-30 21:26 10,752 ----a-w C:\Program Files\README.WRI
2006-01-26 15:13 28,672 ----a-w C:\Documents and Settings\rico\LicenceWM.exe
2007-01-02 16:13 8 --sh--r C:\WINDOWS\system32\4D491A983E.sys
2007-01-02 16:14 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
------- Sigcheck -------
2006-01-13 19:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 12:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2005-05-25 21:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2006-01-13 04:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 13:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2008-06-20 12:45 360320 1cc09561e21a48a7f649a40f18235860 C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 12:45 360320 1cc09561e21a48a7f649a40f18235860 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-01-01 19:57 40960]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 10:06 700416]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2005-07-26 15:12 4771840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-11 16:29 5562368]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winaf48.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winaf50.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wincg51.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windh15.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windh26.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windi26.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windi72.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windj41.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windj63.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winej04.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfk40.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfk61.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfk62.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfl73.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wingm37.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winhm03.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winin15.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winin38.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winin72.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winjn83.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winkp26.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winlp04.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winlq50.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winlq72.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winmr04.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winmr15.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winmr61.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winmr72.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winns50.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winnv06.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winos61.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winot83.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winpu04.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winpu37.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winqv15.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winqv83.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winqw48.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winrw37.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winrw40.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winrx63.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winsa30.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winsx52.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winsx72.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winty48.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winty61.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winua48.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winvb26.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winvb48.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winvb61.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwd15.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winxc83.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winxd04.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winye72.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2008-01-03 20:24]
R0 RITCPT;RITCPT;C:\WINDOWS\system32\drivers\RITCPT.sys [2004-09-21 17:39]
R0 VVBackd5;VVBackd5;C:\WINDOWS\system32\drivers\VVBackd5.sys [2004-09-21 17:39]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 14:00]
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2003-09-19 13:24]
R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2003-09-19 13:24]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S2 FBAPI;FBAPI;C:\WINDOWS\system32\drivers\FBAPI.sys []
S3 PsShutdownSvc;PsShutdown;C:\WINDOWS\System32\PSSDNSVC.EXE [2005-07-11 18:23]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-08-04 19:15]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
S3 Winaf48;Winaf48;C:\WINDOWS\System32\drivers\Winaf48.sys []
S3 Winaf50;Winaf50;C:\WINDOWS\System32\drivers\Winaf50.sys []
S3 Windh15;Windh15;C:\WINDOWS\System32\drivers\Windh15.sys []
S3 Windh26;Windh26;C:\WINDOWS\System32\drivers\Windh26.sys []
S3 Windi26;Windi26;C:\WINDOWS\System32\drivers\Windi26.sys []
S3 Windj41;Windj41;C:\WINDOWS\System32\drivers\Windj41.sys []
S3 Winfk40;Winfk40;C:\WINDOWS\System32\drivers\Winfk40.sys []
S3 Wingm37;Wingm37;C:\WINDOWS\System32\drivers\Wingm37.sys []
S3 Winin72;Winin72;C:\WINDOWS\System32\drivers\Winin72.sys []
S3 Winlp04;Winlp04;C:\WINDOWS\System32\drivers\Winlp04.sys []
S3 Winmr61;Winmr61;C:\WINDOWS\System32\drivers\Winmr61.sys []
S3 Winnv06;Winnv06;C:\WINDOWS\System32\drivers\Winnv06.sys []
S3 Winos61;Winos61;C:\WINDOWS\System32\drivers\Winos61.sys []
S3 Winpu04;Winpu04;C:\WINDOWS\System32\drivers\Winpu04.sys []
S3 Winpu37;Winpu37;C:\WINDOWS\System32\drivers\Winpu37.sys []
S3 Winqv83;Winqv83;C:\WINDOWS\System32\drivers\Winqv83.sys []
S3 Winqw48;Winqw48;C:\WINDOWS\System32\drivers\Winqw48.sys []
S3 Winrw37;Winrw37;C:\WINDOWS\System32\drivers\Winrw37.sys []
S3 Winsx72;Winsx72;C:\WINDOWS\System32\drivers\Winsx72.sys []
S3 Winty61;Winty61;C:\WINDOWS\System32\drivers\Winty61.sys []
S3 Winua48;Winua48;C:\WINDOWS\System32\drivers\Winua48.sys []
S3 Winxc83;Winxc83;C:\WINDOWS\System32\drivers\Winxc83.sys []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2ea233f-f2d9-11d9-8563-806d6172696f}]
\shell\PlayWithPowerDVD\Command - "C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l"
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
2008-08-07 C:\WINDOWS\Tasks\AEDFB92F9184295B.job
- c:\docume~1\frdriq~1\applic~1\flawcomp\Dash media kind.exe []
2008-08-05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 18:13]
2008-08-07 C:\WINDOWS\Tasks\B43C41809147ED5C.job
- c:\docume~1\ric~1\applic~1\flawcomp\Dash media kind.exe []
2008-08-07 C:\WINDOWS\Tasks\Maintenance en 1 clic.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:23]
2008-08-06 C:\WINDOWS\Tasks\User_Feed_Synchronization-{7952CC5F-C165-4ECC-9F53-79CB0E6C8B77}.job
- C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 12:58]
.
- - - - ORPHANS REMOVED - - - -
BHO-{23CC34FB-8CB2-0BB4-88B5-C5CD509AC1A4} - C:\DOCUME~1\RIC~1\APPLIC~1\LESSMO~1\DebugThe.exe
HKLM-Run-EoEngine - (no file)
HKU-Default-Run-ALUAlert - C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://google.fr/
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://fr.yahoo.com/
O8 -: &Traduire à partir de l'anglais - C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Envoyer au périphérique &Bluetooth... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O8 -: Pages liées - C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 -: Pages similaires - C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 -: Recherche &Google - C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 -: Version de la page actuelle disponible dans le cache Google - C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O16 -: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} - hxxp://www.tele2mail.com/static/apps/utils/AccountHelper.cab
C:\WINDOWS\Downloaded Program Files\Account.inf
C:\WINDOWS\Downloaded Program Files\Account.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-07 11:38:44
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\avast!Browser]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\avast!wscsvc]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\BITSlanmanworkstation]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\btwdinslanmanserver]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ClipSrvSysmonLog]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\CreativeRDSessMgr]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\DcomLaunchNtmsSvc]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\dmadminEventlog]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\dmservernavapsvcCryptSvc]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EventlogSwPrvSamSs]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EventSystemClipSrvSysmonLog]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\lanmanserverdmadminEventlog]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\LmHostswuauserv]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MessengerEventlog]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MessengerEventlogSSDPSRV]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mnmsrvc Antivirus]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mnmsrvcImapiService]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mnmsrvcImapiServiceProtectedStorage]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MSIServerWudfSvcWebClient]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\navapsvcCryptSvc]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PolicyAgentSAVScan]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PsShutdownSvcSpooler]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SAVScanPsShutdownSvc]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SAVScanPsShutdownSvcSSDPSRV]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SBServiceRasAuto]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SBServiceSSDPSRVavast!Browser]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SENSSamSs]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccessTrkWks]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\srserviceTrkWksWebClientxmlprov]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SSDPSRVavast!Browser]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SwPrvSamSs]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TrkWksTapiSrv]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TrkWksWebClientxmlprov]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WebClient Antivirus]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WebClientxmlprov]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WmdmPmSNccPwdSvc]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WmiApSrvaspnet_state]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WmiApSrvaspnet_stateRpcLocator]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WMPNetworkSvc Antivirus]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WudfSvcWebClient]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.bin
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-07 11:50:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-07 09:50:34
Pre-Run: 109,079,846,912 octets libres
Post-Run: 110,543,421,440 octets libres
458 --- E O F --- 2008-08-07 01:02:58
Voilà par contre le rapport dans C:\Combofix.txt c'est exactement le même que celui là je n'en ai pas d'autre. Merci de passer autant de temps à m'aider !
Voici le premier rapport par Malwarebyte's :
Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1030
Windows 5.1.2600 Service Pack 2
11:18:41 07/08/2008
mbam-log-8-7-2008 (11-18-41).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 159883
Temps écoulé: 10 hour(s), 50 minute(s), 12 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 76
Fichier(s) infecté(s): 100
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhct84j0e785 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhct84j0e785 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\BootStera (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\Instant Access (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Center (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Center\Icons (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\DesktopIcons (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\589403806 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\589403806\es6-external-api.dlv4.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\589403806\es6-external-api.dlv4.com\js (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\589403806\es6-scripts.dlv4.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\589403806\es6-scripts.dlv4.com\Common (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\589403806\es6-scripts.dlv4.com\custom (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\589403806\es6-scripts.dlv4.com\custom\1 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\589403806\es6-scripts.dlv4.com\custom\4102 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\589403806\es6-scripts.dlv4.com\custom\4102\FR (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\589403806\www.rapid-pass.net (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\es6-external-api.dlv4.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\es6-external-api.dlv4.com\js (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\es6-scripts.dlv4.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\es6-scripts.dlv4.com\Common (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\es6-scripts.dlv4.com\custom (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\es6-scripts.dlv4.com\custom\1 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\es6-scripts.dlv4.com\custom\4102 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\es6-scripts.dlv4.com\custom\4102\FR (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\www.5ZGMU7O20KT5D8YQ.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\www.5ZGMU7O20KT5D8YQ.com\Common (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\www.f5biz.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\www.f5biz.com\dial (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\www.f5biz.com\dial\htm (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\www.f5biz.com\dial\htm\img (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\www.f5biz.com\dial\htm\photos (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\www.f5biz.com\dial\htm\photos\beurettes (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\www.rapid-pass.net (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060514230534 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060514230534\Common (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060514230534\js (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060514230534\medias (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060528230558 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060528230558\Common (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060528230558\js (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060528230558\medias (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\rhct84j0e785 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Application Data\rhct84j0e785 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Application Data\rhct84j0e785\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Application Data\rhct84j0e785\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Application Data\rhct84j0e785\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Application Data\rhct84j0e785\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Application Data\rhct84j0e785\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Application Data\rhct84j0e785\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Application Data\rhct84j0e785\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Application Data\rhct84j0e785\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Application Data\rhct84j0e785\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Application Data\rhct84j0e785\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\frédérique\Application Data\rhct84j0e785 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\frédérique\Application Data\rhct84j0e785\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\frédérique\Application Data\rhct84j0e785\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\frédérique\Application Data\rhct84j0e785\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\frédérique\Application Data\rhct84j0e785\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\frédérique\Application Data\rhct84j0e785\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\frédérique\Application Data\rhct84j0e785\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\frédérique\Application Data\rhct84j0e785\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\frédérique\Application Data\rhct84j0e785\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\frédérique\Application Data\rhct84j0e785\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\frédérique\Application Data\rhct84j0e785\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\camille\Application Data\rhct84j0e785 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\camille\Application Data\rhct84j0e785\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\camille\Application Data\rhct84j0e785\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\camille\Application Data\rhct84j0e785\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\camille\Application Data\rhct84j0e785\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\camille\Application Data\rhct84j0e785\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\camille\Application Data\rhct84j0e785\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\camille\Application Data\rhct84j0e785\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\camille\Application Data\rhct84j0e785\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\camille\Application Data\rhct84j0e785\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\camille\Application Data\rhct84j0e785\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\System Volume Information\_restore{8B26E68C-EAC6-4030-A534-10211A3E8170}\RP766\A0311637.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8B26E68C-EAC6-4030-A534-10211A3E8170}\RP766\A0311629.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8B26E68C-EAC6-4030-A534-10211A3E8170}\RP766\A0311630.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8B26E68C-EAC6-4030-A534-10211A3E8170}\RP766\A0311631.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8B26E68C-EAC6-4030-A534-10211A3E8170}\RP766\A0311632.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8B26E68C-EAC6-4030-A534-10211A3E8170}\RP766\A0311633.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8B26E68C-EAC6-4030-A534-10211A3E8170}\RP766\A0311634.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8B26E68C-EAC6-4030-A534-10211A3E8170}\RP766\A0311635.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8B26E68C-EAC6-4030-A534-10211A3E8170}\RP766\A0311636.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Acces-Sex.ico (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Center\Acces-Sex.lnk (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Center\sexe69.lnk (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Center\sexe69.upd (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Center\tray1.ico (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Center\Icons\sexe69.lnk (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\DesktopIcons\Acces-Sex.lnk (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\DesktopIcons\sexe69.lnk (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\589403806\es6-external-api.dlv4.com\js\0d5a07f8f714187329300d1e3582eac7 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\589403806\es6-scripts.dlv4.com\Common\9a139172888eb350b46e1f52016875cc.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\589403806\es6-scripts.dlv4.com\custom\1\dialer.ico (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\589403806\es6-scripts.dlv4.com\custom\4102\FR\button1.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\589403806\es6-scripts.dlv4.com\custom\4102\FR\button2.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\589403806\es6-scripts.dlv4.com\custom\4102\FR\button3.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\589403806\es6-scripts.dlv4.com\custom\4102\FR\button4.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\589403806\www.rapid-pass.net\8a7d78d1e1e513ca5c4658a6d088b8bc (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\es6-external-api.dlv4.com\js\989143010427cbf3954b1d39c4334d7d (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\es6-scripts.dlv4.com\Common\cf41b3cb6f53310682d339367c808fcf.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\es6-scripts.dlv4.com\custom\1\dialer.ico (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\es6-scripts.dlv4.com\custom\4102\FR\button1.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\es6-scripts.dlv4.com\custom\4102\FR\button2.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\es6-scripts.dlv4.com\custom\4102\FR\button3.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\es6-scripts.dlv4.com\custom\4102\FR\button4.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\www.f5biz.com\dial\htm\e4d645669e44dc918c510566d92866a2.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\www.f5biz.com\dial\htm\img\pix.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\www.f5biz.com\dial\htm\photos\beurettes\4.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\www.rapid-pass.net\6dccd65610936763bdb232a470290fac_ (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060514230534\dialerexe.ini (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060514230534\Common\module.php (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060514230534\js\js_api_dialer.php (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060514230534\medias\3804_dialer.ico (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060514230534\medias\button1.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060514230534\medias\button2.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060514230534\medias\button3.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060514230534\medias\button4.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060528230558\dialerexe.ini (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060528230558\Common\module.php (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060528230558\js\js_api_dialer.php (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060528230558\medias\button1.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060528230558\medias\button2.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060528230558\medias\button3.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060528230558\medias\button4.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060528230558\medias\dialer.ico (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\rhct84j0e785\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhct84j0e785\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhct84j0e785\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhct84j0e785\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhct84j0e785\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhct84j0e785\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhct84j0e785\rhct84j0e785.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhct84j0e785\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Bureau\Antivirus XP 2008.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphcp84j0e785.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcp84j0e785.jpg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\tmlpcert2007 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pqqrbmphi_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wajpmywsi_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yawtesgq_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yoczeskmeb_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yyspqrg_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zkaojmftao_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pqqrbmphi_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wajpmywsi_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yawtesgq_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yoczeskmeb_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yyspqrg_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zkaojmftao_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\camille\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Local Settings\Temp\.tt15.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\frédérique\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\frédérique\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\frédérique\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\frédérique\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\frédérique\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\frédérique\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\frédérique\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
Celui par ComboFix :
ComboFix 08-08-06.02 - camille 2008-08-07 11:27:31.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.583 [GMT 2:00]
Endroit: C:\Documents and Settings\camille\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\rico\Application Data\inst.exe
C:\Program Files\Altnet
C:\Program Files\Need2Find
C:\Program Files\Need2Find\bar\1.bin\N2FFXTBR.JAR
C:\Program Files\Need2Find\bar\1.bin\N2NTSTBR.JAR
C:\Program Files\Need2Find\bar\1.bin\PARTNER.DAT
C:\Program Files\Need2Find\bar\Cache\[u]0/u0091E3A
C:\Program Files\Need2Find\bar\Cache\files.ini
C:\Program Files\Need2Find\bar\History\search
C:\Program Files\Need2Find\bar\Settings\prevcfg.htm
C:\WINDOWS\smdat32a.sys
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\system32\6.tmp
C:\WINDOWS\system32\7.tmp
C:\WINDOWS\system32\8.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\P2P Networking
C:\WINDOWS\system32\P2P Networking\Cache\Database\file-1001-597.sig
C:\WINDOWS\system32\P2P Networking\Cache\Database\index256.dbb
C:\WINDOWS\system32\P2P Networking\P2P Networking.eng
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\zkaojmftao.dat
C:\WINDOWS\system32\zkaojmftao_navtmp.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_FOPN
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-07 to 2008-08-07 ))))))))))))))))))))))))))))))))))))
.
2008-08-04 21:30 . 2008-08-04 21:46 6,048 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-04 19:15 . 2008-08-04 19:15 <REP> d-------- C:\Documents and Settings\camille\Application Data\TuneUp Software
2008-08-04 19:15 . 2008-08-04 19:15 355,584 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-08-04 19:15 . 2008-05-29 09:28 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-08-04 19:14 . 2008-08-04 19:15 <REP> d-------- C:\Program Files\TuneUp Utilities 2008
2008-08-04 19:14 . 2008-08-04 19:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-08-04 13:00 . 2008-08-04 13:00 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-04 13:00 . 2008-08-04 13:00 <REP> d-------- C:\Documents and Settings\camille\Application Data\SUPERAntiSpyware.com
2008-08-04 13:00 . 2008-08-04 13:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-04 12:50 . 2008-08-04 12:51 <REP> d-------- C:\Program Files\Navilog1
2008-08-04 12:46 . 2008-08-04 12:46 <REP> d-------- C:\Lop SD
2008-08-04 12:43 . 2008-08-04 12:43 <REP> d-------- C:\Program Files\CCleaner
2008-08-04 11:58 . 2008-08-04 11:58 <REP> d-------- C:\Documents and Settings\camille\Application Data\Malwarebytes
2008-08-04 11:58 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-04 11:58 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-04 11:57 . 2008-08-07 00:25 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-04 11:57 . 2008-08-04 11:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-04 11:40 . 2008-08-04 11:40 <REP> d-------- C:\Program Files\Trend Micro
2008-08-04 11:17 . 2008-08-04 11:29 <REP> d-------- C:\Program Files\RogueRemover FREE
2008-08-01 17:10 . 2008-08-01 17:10 0 --a------ C:\WINDOWS\system32\D.tmp
2008-07-31 18:40 . 2008-07-31 18:40 <REP> d-------- C:\Documents and Settings\camille\Application Data\Avira
2008-07-31 18:35 . 2008-08-04 20:32 <REP> d-------- C:\Program Files\Avira
2008-07-31 18:35 . 2008-08-04 20:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-30 13:30 . 2008-07-30 13:30 268 --ah----- C:\sqmdata19.sqm
2008-07-30 13:30 . 2008-07-30 13:30 244 --ah----- C:\sqmnoopt19.sqm
2008-07-30 13:18 . 2008-07-30 13:34 32 --a-s---- C:\WINDOWS\system32\272536097.dat
2008-07-29 21:09 . 2008-07-29 21:09 268 --ah----- C:\sqmdata18.sqm
2008-07-29 21:09 . 2008-07-29 21:09 244 --ah----- C:\sqmnoopt18.sqm
2008-07-28 17:54 . 2008-07-28 17:54 <REP> d-------- C:\Program Files\VSO
2008-07-28 17:54 . 2008-07-28 18:03 <REP> d-------- C:\Documents and Settings\rico\Application Data\Vso
2008-07-28 17:54 . 2008-07-28 17:54 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-07-28 17:54 . 2008-07-28 17:54 47,360 --a------ C:\Documents and Settings\rico\Application Data\pcouffin.sys
2008-07-25 17:34 . 2008-07-25 17:34 268 --ah----- C:\sqmdata17.sqm
2008-07-25 17:34 . 2008-07-25 17:34 244 --ah----- C:\sqmnoopt17.sqm
2008-07-25 14:40 . 2008-07-25 14:40 <REP> d-------- C:\Documents and Settings\rico\Application Data\ItsLabel
2008-07-24 22:01 . 2008-07-24 22:01 268 --ah----- C:\sqmdata16.sqm
2008-07-24 22:01 . 2008-07-24 22:01 244 --ah----- C:\sqmnoopt16.sqm
2008-07-24 18:05 . 2008-07-24 18:05 <REP> d-------- C:\Documents and Settings\camille\Application Data\ItsLabel
2008-07-24 18:05 . 2008-08-06 11:17 <REP> d-------- C:\Documents and Settings\camille\Application Data\EoRezo
2008-07-24 17:40 . 2008-07-24 17:40 <REP> d-------- C:\Program Files\Rocket Division Software
2008-07-23 20:23 . 2008-08-06 11:17 <REP> d-------- C:\Program Files\EoRezo
2008-07-23 20:23 . 2008-08-06 06:48 <REP> d-------- C:\Documents and Settings\rico\Application Data\EoRezo
2008-07-22 22:39 . 2008-07-22 22:39 172 --ah----- C:\sqmnoopt15.sqm
2008-07-22 22:39 . 2008-07-22 22:39 172 --ah----- C:\sqmdata15.sqm
2008-07-22 15:52 . 2008-07-22 15:52 268 --ah----- C:\sqmdata14.sqm
2008-07-22 15:52 . 2008-07-22 15:52 244 --ah----- C:\sqmnoopt14.sqm
2008-07-18 20:39 . 2008-07-18 20:39 587,264 --a------ C:\WINDOWS\WLXPGSS.SCR
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-07 09:41 --------- d-----w C:\Documents and Settings\camille\Application Data\OpenOffice.org2
2008-08-07 09:40 --------- d-----w C:\Program Files\eMule
2008-08-07 09:25 --------- d-----w C:\Documents and Settings\camille\Application Data\vmntoolbar
2008-08-06 22:23 --------- d-----w C:\Documents and Settings\rico\Application Data\VMNTOOLBAR
2008-08-06 15:46 --------- d-----w C:\Documents and Settings\rico\Application Data\OpenOffice.org2
2008-08-06 15:46 --------- d-----w C:\Documents and Settings\rico\Application Data\AdobeUM
2008-08-06 09:30 --------- d-----w C:\Documents and Settings\camille\Application Data\LimeWire
2008-08-06 09:16 --------- d-----w C:\Program Files\InterActual
2008-08-04 17:13 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-08-03 09:58 1,796 ----a-w C:\Documents and Settings\rico\Application Data\wklnhst.dat
2008-08-02 16:19 --------- d-----w C:\Program Files\FinePixViewer
2008-07-28 15:58 --------- d-----w C:\Documents and Settings\rico\Application Data\Ahead
2008-07-25 13:46 --------- d-----w C:\Documents and Settings\rico\Application Data\LimeWire
2008-07-12 16:53 12,830 ----a-w C:\Documents and Settings\camille\Application Data\wklnhst.dat
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-24 03:51 7 ----a-w C:\Documents and Settings\rico\license.bin
2007-10-16 22:04 4,823,189 ----a-w C:\Documents and Settings\rico\pPokerSetup.exe
2007-03-08 17:33 10,823 ---ha-w C:\Program Files\GIFAnimator.GID
2006-10-10 17:41 578 ----a-w C:\Documents and Settings\marie\Application Data\wklnhst.dat
2006-08-30 21:26 536,064 ----a-w C:\Program Files\GIFAnimator.exe
2006-08-30 21:26 248 ----a-w C:\Program Files\GIFAnimator.cnt
2006-08-30 21:26 17,642 ----a-w C:\Program Files\GIFAnimator.hlp
2006-08-30 21:26 10,752 ----a-w C:\Program Files\README.WRI
2006-01-26 15:13 28,672 ----a-w C:\Documents and Settings\rico\LicenceWM.exe
2007-01-02 16:13 8 --sh--r C:\WINDOWS\system32\4D491A983E.sys
2007-01-02 16:14 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
------- Sigcheck -------
2006-01-13 19:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 12:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2005-05-25 21:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2006-01-13 04:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 13:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2008-06-20 12:45 360320 1cc09561e21a48a7f649a40f18235860 C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 12:45 360320 1cc09561e21a48a7f649a40f18235860 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-01-01 19:57 40960]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 10:06 700416]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2005-07-26 15:12 4771840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-11 16:29 5562368]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winaf48.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winaf50.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wincg51.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windh15.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windh26.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windi26.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windi72.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windj41.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windj63.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winej04.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfk40.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfk61.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfk62.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfl73.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wingm37.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winhm03.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winin15.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winin38.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winin72.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winjn83.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winkp26.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winlp04.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winlq50.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winlq72.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winmr04.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winmr15.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winmr61.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winmr72.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winns50.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winnv06.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winos61.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winot83.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winpu04.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winpu37.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winqv15.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winqv83.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winqw48.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winrw37.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winrw40.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winrx63.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winsa30.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winsx52.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winsx72.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winty48.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winty61.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winua48.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winvb26.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winvb48.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winvb61.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwd15.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winxc83.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winxd04.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winye72.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2008-01-03 20:24]
R0 RITCPT;RITCPT;C:\WINDOWS\system32\drivers\RITCPT.sys [2004-09-21 17:39]
R0 VVBackd5;VVBackd5;C:\WINDOWS\system32\drivers\VVBackd5.sys [2004-09-21 17:39]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 14:00]
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2003-09-19 13:24]
R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2003-09-19 13:24]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S2 FBAPI;FBAPI;C:\WINDOWS\system32\drivers\FBAPI.sys []
S3 PsShutdownSvc;PsShutdown;C:\WINDOWS\System32\PSSDNSVC.EXE [2005-07-11 18:23]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-08-04 19:15]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
S3 Winaf48;Winaf48;C:\WINDOWS\System32\drivers\Winaf48.sys []
S3 Winaf50;Winaf50;C:\WINDOWS\System32\drivers\Winaf50.sys []
S3 Windh15;Windh15;C:\WINDOWS\System32\drivers\Windh15.sys []
S3 Windh26;Windh26;C:\WINDOWS\System32\drivers\Windh26.sys []
S3 Windi26;Windi26;C:\WINDOWS\System32\drivers\Windi26.sys []
S3 Windj41;Windj41;C:\WINDOWS\System32\drivers\Windj41.sys []
S3 Winfk40;Winfk40;C:\WINDOWS\System32\drivers\Winfk40.sys []
S3 Wingm37;Wingm37;C:\WINDOWS\System32\drivers\Wingm37.sys []
S3 Winin72;Winin72;C:\WINDOWS\System32\drivers\Winin72.sys []
S3 Winlp04;Winlp04;C:\WINDOWS\System32\drivers\Winlp04.sys []
S3 Winmr61;Winmr61;C:\WINDOWS\System32\drivers\Winmr61.sys []
S3 Winnv06;Winnv06;C:\WINDOWS\System32\drivers\Winnv06.sys []
S3 Winos61;Winos61;C:\WINDOWS\System32\drivers\Winos61.sys []
S3 Winpu04;Winpu04;C:\WINDOWS\System32\drivers\Winpu04.sys []
S3 Winpu37;Winpu37;C:\WINDOWS\System32\drivers\Winpu37.sys []
S3 Winqv83;Winqv83;C:\WINDOWS\System32\drivers\Winqv83.sys []
S3 Winqw48;Winqw48;C:\WINDOWS\System32\drivers\Winqw48.sys []
S3 Winrw37;Winrw37;C:\WINDOWS\System32\drivers\Winrw37.sys []
S3 Winsx72;Winsx72;C:\WINDOWS\System32\drivers\Winsx72.sys []
S3 Winty61;Winty61;C:\WINDOWS\System32\drivers\Winty61.sys []
S3 Winua48;Winua48;C:\WINDOWS\System32\drivers\Winua48.sys []
S3 Winxc83;Winxc83;C:\WINDOWS\System32\drivers\Winxc83.sys []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2ea233f-f2d9-11d9-8563-806d6172696f}]
\shell\PlayWithPowerDVD\Command - "C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l"
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
2008-08-07 C:\WINDOWS\Tasks\AEDFB92F9184295B.job
- c:\docume~1\frdriq~1\applic~1\flawcomp\Dash media kind.exe []
2008-08-05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 18:13]
2008-08-07 C:\WINDOWS\Tasks\B43C41809147ED5C.job
- c:\docume~1\ric~1\applic~1\flawcomp\Dash media kind.exe []
2008-08-07 C:\WINDOWS\Tasks\Maintenance en 1 clic.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:23]
2008-08-06 C:\WINDOWS\Tasks\User_Feed_Synchronization-{7952CC5F-C165-4ECC-9F53-79CB0E6C8B77}.job
- C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 12:58]
.
- - - - ORPHANS REMOVED - - - -
BHO-{23CC34FB-8CB2-0BB4-88B5-C5CD509AC1A4} - C:\DOCUME~1\RIC~1\APPLIC~1\LESSMO~1\DebugThe.exe
HKLM-Run-EoEngine - (no file)
HKU-Default-Run-ALUAlert - C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://google.fr/
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://fr.yahoo.com/
O8 -: &Traduire à partir de l'anglais - C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Envoyer au périphérique &Bluetooth... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O8 -: Pages liées - C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 -: Pages similaires - C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 -: Recherche &Google - C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 -: Version de la page actuelle disponible dans le cache Google - C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O16 -: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} - hxxp://www.tele2mail.com/static/apps/utils/AccountHelper.cab
C:\WINDOWS\Downloaded Program Files\Account.inf
C:\WINDOWS\Downloaded Program Files\Account.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-07 11:38:44
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\avast!Browser]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\avast!wscsvc]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\BITSlanmanworkstation]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\btwdinslanmanserver]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ClipSrvSysmonLog]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\CreativeRDSessMgr]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\DcomLaunchNtmsSvc]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\dmadminEventlog]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\dmservernavapsvcCryptSvc]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EventlogSwPrvSamSs]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EventSystemClipSrvSysmonLog]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\lanmanserverdmadminEventlog]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\LmHostswuauserv]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MessengerEventlog]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MessengerEventlogSSDPSRV]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mnmsrvc Antivirus]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mnmsrvcImapiService]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mnmsrvcImapiServiceProtectedStorage]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MSIServerWudfSvcWebClient]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\navapsvcCryptSvc]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PolicyAgentSAVScan]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PsShutdownSvcSpooler]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SAVScanPsShutdownSvc]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SAVScanPsShutdownSvcSSDPSRV]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SBServiceRasAuto]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SBServiceSSDPSRVavast!Browser]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SENSSamSs]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccessTrkWks]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\srserviceTrkWksWebClientxmlprov]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SSDPSRVavast!Browser]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SwPrvSamSs]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TrkWksTapiSrv]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TrkWksWebClientxmlprov]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WebClient Antivirus]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WebClientxmlprov]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WmdmPmSNccPwdSvc]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WmiApSrvaspnet_state]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WmiApSrvaspnet_stateRpcLocator]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WMPNetworkSvc Antivirus]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WudfSvcWebClient]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.bin
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-07 11:50:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-07 09:50:34
Pre-Run: 109,079,846,912 octets libres
Post-Run: 110,543,421,440 octets libres
458 --- E O F --- 2008-08-07 01:02:58
Voilà par contre le rapport dans C:\Combofix.txt c'est exactement le même que celui là je n'en ai pas d'autre. Merci de passer autant de temps à m'aider !
IronVI
Messages postés
72
Date d'inscription
lundi 28 juillet 2008
Statut
Membre
Dernière intervention
7 août 2008
7
7 août 2008 à 16:27
7 août 2008 à 16:27
Oulaaaa le nombre d'infections
refait un hijackthis
refait un hijackthis
Camille30
Messages postés
7
Date d'inscription
lundi 4 août 2008
Statut
Membre
Dernière intervention
8 septembre 2008
7 août 2008 à 16:33
7 août 2008 à 16:33
Heu lol tant que ça ?
Voilà le rapport Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:32:52, on 07/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: MediaChecker.lnk = C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office2K\Office\OSA9.EXE
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://www.tele2mail.com/static/apps/utils/AccountHelper.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3ACD4A0-0863-4A57-8D09-444A4D38BB25}: NameServer = 86.64.145.143 84.103.237.143
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! Web Scanner avast!Browser (avast!Browser) - Unknown owner - C:\WINDOWS\
O23 - Service: avast! Mail Scanner avast!wscsvc (avast!wscsvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Service de transfert intelligent en arrière-plan BITSlanmanworkstation (BITSlanmanworkstation) - Unknown owner - C:\WINDOWS\
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Bluetooth Service btwdinslanmanserver (btwdinslanmanserver) - Unknown owner - C:\WINDOWS\
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Gestionnaire de l'Album ClipSrvSysmonLog (ClipSrvSysmonLog) - Unknown owner - C:\WINDOWS\
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Creative Service for CDROM Access CreativeRDSessMgr (CreativeRDSessMgr) - Unknown owner - C:\WINDOWS\
O23 - Service: Lanceur de processus serveur DCOM DcomLaunchNtmsSvc (DcomLaunchNtmsSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Service d'administration du Gestionnaire de disque logique dmadminEventlog (dmadminEventlog) - Unknown owner - C:\WINDOWS\
O23 - Service: Gestionnaire de disque logique dmservernavapsvcCryptSvc (dmservernavapsvcCryptSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Journal des événements EventlogSwPrvSamSs (EventlogSwPrvSamSs) - Unknown owner - C:\WINDOWS\
O23 - Service: Système d'événements de COM+ EventSystemClipSrvSysmonLog (EventSystemClipSrvSysmonLog) - Unknown owner - C:\WINDOWS\
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Serveur lanmanserverdmadminEventlog (lanmanserverdmadminEventlog) - Unknown owner - C:\WINDOWS\
O23 - Service: Assistance TCP/IP NetBIOS LmHostswuauserv (LmHostswuauserv) - Unknown owner - C:\WINDOWS\
O23 - Service: Affichage des messages MessengerEventlog (MessengerEventlog) - Unknown owner - C:\WINDOWS\
O23 - Service: Affichage des messages MessengerEventlog MessengerEventlogSSDPSRV (MessengerEventlogSSDPSRV) - Unknown owner - C:\WINDOWS\
O23 - Service: Partage de Bureau à distance NetMeeting mnmsrvc Antivirus (mnmsrvc Antivirus) - Unknown owner - C:\WINDOWS\
O23 - Service: Partage de Bureau à distance NetMeeting mnmsrvcImapiService (mnmsrvcImapiService) - Unknown owner - C:\WINDOWS\
O23 - Service: Partage de Bureau à distance NetMeeting mnmsrvcImapiService mnmsrvcImapiServiceProtectedStorage (mnmsrvcImapiServiceProtectedStorage) - Unknown owner - C:\WINDOWS\
O23 - Service: Windows Installer MSIServerWudfSvcWebClient (MSIServerWudfSvcWebClient) - Unknown owner - C:\WINDOWS\
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Service Norton AntiVirus Auto-Protect navapsvcCryptSvc (navapsvcCryptSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Services IPSEC PolicyAgentSAVScan (PolicyAgentSAVScan) - Unknown owner - C:\WINDOWS\
O23 - Service: PsShutdown (PsShutdownSvc) - Systems Internals - C:\WINDOWS\System32\PSSDNSVC.EXE
O23 - Service: PsShutdown PsShutdownSvcSpooler (PsShutdownSvcSpooler) - Unknown owner - C:\WINDOWS\
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: SAVScan SAVScanPsShutdownSvc (SAVScanPsShutdownSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: SAVScan SAVScanPsShutdownSvc SAVScanPsShutdownSvcSSDPSRV (SAVScanPsShutdownSvcSSDPSRV) - Unknown owner - C:\WINDOWS\
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: ScriptBlocking Service SBServiceRasAuto (SBServiceRasAuto) - Unknown owner - C:\WINDOWS\
O23 - Service: ScriptBlocking Service SBServiceSSDPSRVavast!Browser (SBServiceSSDPSRVavast!Browser) - Unknown owner - C:\WINDOWS\
O23 - Service: Notification d'événement système SENSSamSs (SENSSamSs) - Unknown owner - C:\WINDOWS\
O23 - Service: Pare-feu Windows / Partage de connexion Internet SharedAccessTrkWks (SharedAccessTrkWks) - Unknown owner - C:\WINDOWS\
O23 - Service: Service de restauration système srserviceTrkWksWebClientxmlprov (srserviceTrkWksWebClientxmlprov) - Unknown owner - C:\WINDOWS\
O23 - Service: Service de découvertes SSDP SSDPSRVavast!Browser (SSDPSRVavast!Browser) - Unknown owner - C:\WINDOWS\
O23 - Service: MS Software Shadow Copy Provider SwPrvSamSs (SwPrvSamSs) - Unknown owner - C:\WINDOWS\
O23 - Service: Client de suivi de lien distribué TrkWksTapiSrv (TrkWksTapiSrv) - Unknown owner - C:\WINDOWS\
O23 - Service: Client de suivi de lien distribué TrkWksWebClientxmlprov (TrkWksWebClientxmlprov) - Unknown owner - C:\WINDOWS\
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: WebClient WebClient Antivirus (WebClient Antivirus) - Unknown owner - C:\WINDOWS\
O23 - Service: WebClient WebClientxmlprov (WebClientxmlprov) - Unknown owner - C:\WINDOWS\
O23 - Service: Service de numéro de série du lecteur multimédia portable WmdmPmSNccPwdSvc (WmdmPmSNccPwdSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Carte de performance WMI WmiApSrvaspnet_state (WmiApSrvaspnet_state) - Unknown owner - C:\WINDOWS\
O23 - Service: Carte de performance WMI WmiApSrvaspnet_state WmiApSrvaspnet_stateRpcLocator (WmiApSrvaspnet_stateRpcLocator) - Unknown owner - C:\WINDOWS\
O23 - Service: Service Partage réseau du Lecteur Windows Media WMPNetworkSvc Antivirus (WMPNetworkSvc Antivirus) - Unknown owner - C:\WINDOWS\
O23 - Service: Windows Driver Foundation - User-mode Driver Framework WudfSvcWebClient (WudfSvcWebClient) - Unknown owner - C:\WINDOWS\
Voilà le rapport Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:32:52, on 07/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: MediaChecker.lnk = C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office2K\Office\OSA9.EXE
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://www.tele2mail.com/static/apps/utils/AccountHelper.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3ACD4A0-0863-4A57-8D09-444A4D38BB25}: NameServer = 86.64.145.143 84.103.237.143
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! Web Scanner avast!Browser (avast!Browser) - Unknown owner - C:\WINDOWS\
O23 - Service: avast! Mail Scanner avast!wscsvc (avast!wscsvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Service de transfert intelligent en arrière-plan BITSlanmanworkstation (BITSlanmanworkstation) - Unknown owner - C:\WINDOWS\
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Bluetooth Service btwdinslanmanserver (btwdinslanmanserver) - Unknown owner - C:\WINDOWS\
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Gestionnaire de l'Album ClipSrvSysmonLog (ClipSrvSysmonLog) - Unknown owner - C:\WINDOWS\
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Creative Service for CDROM Access CreativeRDSessMgr (CreativeRDSessMgr) - Unknown owner - C:\WINDOWS\
O23 - Service: Lanceur de processus serveur DCOM DcomLaunchNtmsSvc (DcomLaunchNtmsSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Service d'administration du Gestionnaire de disque logique dmadminEventlog (dmadminEventlog) - Unknown owner - C:\WINDOWS\
O23 - Service: Gestionnaire de disque logique dmservernavapsvcCryptSvc (dmservernavapsvcCryptSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Journal des événements EventlogSwPrvSamSs (EventlogSwPrvSamSs) - Unknown owner - C:\WINDOWS\
O23 - Service: Système d'événements de COM+ EventSystemClipSrvSysmonLog (EventSystemClipSrvSysmonLog) - Unknown owner - C:\WINDOWS\
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Serveur lanmanserverdmadminEventlog (lanmanserverdmadminEventlog) - Unknown owner - C:\WINDOWS\
O23 - Service: Assistance TCP/IP NetBIOS LmHostswuauserv (LmHostswuauserv) - Unknown owner - C:\WINDOWS\
O23 - Service: Affichage des messages MessengerEventlog (MessengerEventlog) - Unknown owner - C:\WINDOWS\
O23 - Service: Affichage des messages MessengerEventlog MessengerEventlogSSDPSRV (MessengerEventlogSSDPSRV) - Unknown owner - C:\WINDOWS\
O23 - Service: Partage de Bureau à distance NetMeeting mnmsrvc Antivirus (mnmsrvc Antivirus) - Unknown owner - C:\WINDOWS\
O23 - Service: Partage de Bureau à distance NetMeeting mnmsrvcImapiService (mnmsrvcImapiService) - Unknown owner - C:\WINDOWS\
O23 - Service: Partage de Bureau à distance NetMeeting mnmsrvcImapiService mnmsrvcImapiServiceProtectedStorage (mnmsrvcImapiServiceProtectedStorage) - Unknown owner - C:\WINDOWS\
O23 - Service: Windows Installer MSIServerWudfSvcWebClient (MSIServerWudfSvcWebClient) - Unknown owner - C:\WINDOWS\
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Service Norton AntiVirus Auto-Protect navapsvcCryptSvc (navapsvcCryptSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Services IPSEC PolicyAgentSAVScan (PolicyAgentSAVScan) - Unknown owner - C:\WINDOWS\
O23 - Service: PsShutdown (PsShutdownSvc) - Systems Internals - C:\WINDOWS\System32\PSSDNSVC.EXE
O23 - Service: PsShutdown PsShutdownSvcSpooler (PsShutdownSvcSpooler) - Unknown owner - C:\WINDOWS\
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: SAVScan SAVScanPsShutdownSvc (SAVScanPsShutdownSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: SAVScan SAVScanPsShutdownSvc SAVScanPsShutdownSvcSSDPSRV (SAVScanPsShutdownSvcSSDPSRV) - Unknown owner - C:\WINDOWS\
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: ScriptBlocking Service SBServiceRasAuto (SBServiceRasAuto) - Unknown owner - C:\WINDOWS\
O23 - Service: ScriptBlocking Service SBServiceSSDPSRVavast!Browser (SBServiceSSDPSRVavast!Browser) - Unknown owner - C:\WINDOWS\
O23 - Service: Notification d'événement système SENSSamSs (SENSSamSs) - Unknown owner - C:\WINDOWS\
O23 - Service: Pare-feu Windows / Partage de connexion Internet SharedAccessTrkWks (SharedAccessTrkWks) - Unknown owner - C:\WINDOWS\
O23 - Service: Service de restauration système srserviceTrkWksWebClientxmlprov (srserviceTrkWksWebClientxmlprov) - Unknown owner - C:\WINDOWS\
O23 - Service: Service de découvertes SSDP SSDPSRVavast!Browser (SSDPSRVavast!Browser) - Unknown owner - C:\WINDOWS\
O23 - Service: MS Software Shadow Copy Provider SwPrvSamSs (SwPrvSamSs) - Unknown owner - C:\WINDOWS\
O23 - Service: Client de suivi de lien distribué TrkWksTapiSrv (TrkWksTapiSrv) - Unknown owner - C:\WINDOWS\
O23 - Service: Client de suivi de lien distribué TrkWksWebClientxmlprov (TrkWksWebClientxmlprov) - Unknown owner - C:\WINDOWS\
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: WebClient WebClient Antivirus (WebClient Antivirus) - Unknown owner - C:\WINDOWS\
O23 - Service: WebClient WebClientxmlprov (WebClientxmlprov) - Unknown owner - C:\WINDOWS\
O23 - Service: Service de numéro de série du lecteur multimédia portable WmdmPmSNccPwdSvc (WmdmPmSNccPwdSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Carte de performance WMI WmiApSrvaspnet_state (WmiApSrvaspnet_state) - Unknown owner - C:\WINDOWS\
O23 - Service: Carte de performance WMI WmiApSrvaspnet_state WmiApSrvaspnet_stateRpcLocator (WmiApSrvaspnet_stateRpcLocator) - Unknown owner - C:\WINDOWS\
O23 - Service: Service Partage réseau du Lecteur Windows Media WMPNetworkSvc Antivirus (WMPNetworkSvc Antivirus) - Unknown owner - C:\WINDOWS\
O23 - Service: Windows Driver Foundation - User-mode Driver Framework WudfSvcWebClient (WudfSvcWebClient) - Unknown owner - C:\WINDOWS\
IronVI
Messages postés
72
Date d'inscription
lundi 28 juillet 2008
Statut
Membre
Dernière intervention
7 août 2008
7
7 août 2008 à 20:33
7 août 2008 à 20:33
Y'a rien, toujours des problèmes ?
Camille30
Messages postés
7
Date d'inscription
lundi 4 août 2008
Statut
Membre
Dernière intervention
8 septembre 2008
7 août 2008 à 21:56
7 août 2008 à 21:56
Ben non apparement mon ordinateur remarche je n'ai plus rien qui déconne, mais tu m'as dis que j'avais beaucoup d'infection ?
En tout cas merci beaucoup de ton aide :D
En tout cas merci beaucoup de ton aide :D