Antispycheck alert
Résolu
vertpomme
Messages postés
10
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour, j'ai un peu le même problème qie "neuneu", depuis ce matin je reçois des messages d'alertes de "AntiSpyCheck Alert" et je n'arrive pas à le virer. J'ai aussi des alertes de "Ultimate antivirus 2008". J'arrive à aller normalement sur la Toile & mes fichiers sont intacts malgré ces alertes à la con, mais mon ordi rame énormément avec tous les fichiers d'alerte qui s'ouvrent tous les 2 min >_<'.
Merci de vos réponses !!!
Merci de vos réponses !!!
A voir également:
- Antispycheck alert
- Alert system battery voltage is low ✓ - Forum Matériel & Système
- Alert php - Forum PHP
- Mcafee fake virus alert - Accueil - Piratage
- Msg alert PHP mais code avec JS ! ✓ - Forum PHP
- Alert rear fan failure ✓ - Forum Windows
12 réponses
Salut,
Télécharge HijackThis ici :
-> Fais un clic droit sur un des liens et choisi enregistrer la cible sous .... le bureau
-> http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
-> ftp://ftp.commentcamarche.com/download/HJTInstall.exe
-> Fais un double-clic sur HJTInstall.exe afin de lancer l'installation
-> Clique sur Install ensuite sur I Accept
-> Clique sur Do a scan system and save log file
-> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse
Télécharge HijackThis ici :
-> Fais un clic droit sur un des liens et choisi enregistrer la cible sous .... le bureau
-> http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
-> ftp://ftp.commentcamarche.com/download/HJTInstall.exe
-> Fais un double-clic sur HJTInstall.exe afin de lancer l'installation
-> Clique sur Install ensuite sur I Accept
-> Clique sur Do a scan system and save log file
-> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse
D'abord merci ! =) et pardon de répondre aussi tardivement !
Alors voila je viens de faire le scan de hijackthis, que voici:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58:45, on 16/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\UAV\uav.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ubpr01.exe
C:\Program Files\ASpyC\ASpyC.exe
C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://internetsearchservice.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://internetsearchservice.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://internetsearchservice.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://internetsearchservice.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://internetsearchservice.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://internetsearchservice.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: 604262 helper - {4F006697-FB04-4B67-86BB-0DCA9C0514B4} - C:\WINDOWS\system32\604262\604262.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SpyWarningBHO Class - {F58FF278-2198-403b-9170-C95022A194C6} - C:\Program Files\ASpyC\SpyWarning.dll (file missing)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Internet Service - {254B87BB-510D-41FA-A887-52C5FA9BE585} - C:\Program Files\Applications\iebr.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\UAV\uav.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [wblogon] C:\WINDOWS\system32\ubpr01.exe
O4 - HKCU\..\Run: [ASpyC] "C:\Program Files\ASpyC\ASpyC.exe"
O4 - HKCU\..\Run: [Antivirus] C:\Program Files\UAV\uav.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Nikon Monitor.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {0427F569-3D57-4F10-B9FB-8D71A6A7BE24} (FormelEditor Control) - file://C:\Documents and Settings\MARION\Local Settings\Temp\0TFFKRG\frmeditor.ocx
O22 - SharedTaskScheduler: bebization - {97d2dfac-9acb-4d6f-ac2b-ab6ee090f649} - C:\WINDOWS\system32\ouhzw.dll
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
Alors voila je viens de faire le scan de hijackthis, que voici:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58:45, on 16/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\UAV\uav.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ubpr01.exe
C:\Program Files\ASpyC\ASpyC.exe
C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://internetsearchservice.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://internetsearchservice.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://internetsearchservice.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://internetsearchservice.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://internetsearchservice.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://internetsearchservice.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: 604262 helper - {4F006697-FB04-4B67-86BB-0DCA9C0514B4} - C:\WINDOWS\system32\604262\604262.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SpyWarningBHO Class - {F58FF278-2198-403b-9170-C95022A194C6} - C:\Program Files\ASpyC\SpyWarning.dll (file missing)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Internet Service - {254B87BB-510D-41FA-A887-52C5FA9BE585} - C:\Program Files\Applications\iebr.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\UAV\uav.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [wblogon] C:\WINDOWS\system32\ubpr01.exe
O4 - HKCU\..\Run: [ASpyC] "C:\Program Files\ASpyC\ASpyC.exe"
O4 - HKCU\..\Run: [Antivirus] C:\Program Files\UAV\uav.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Nikon Monitor.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {0427F569-3D57-4F10-B9FB-8D71A6A7BE24} (FormelEditor Control) - file://C:\Documents and Settings\MARION\Local Settings\Temp\0TFFKRG\frmeditor.ocx
O22 - SharedTaskScheduler: bebization - {97d2dfac-9acb-4d6f-ac2b-ab6ee090f649} - C:\WINDOWS\system32\ouhzw.dll
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique sur combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
-> Double clique sur combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
voila le scan de combofix:
ComboFix 08-08-14.05 - MARION 2008-08-16 11:44:49.1 - NTFSx86
Endroit: C:\Documents and Settings\MARION\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\MARION\Bureau\Ultimate Antivirus 2008.lnk
C:\Documents and Settings\MARION\Cookies\marion@ad.yieldmanager[1].txt
C:\Documents and Settings\MARION\Cookies\marion@advertising[1].txt
C:\Documents and Settings\MARION\Cookies\marion@advertstream[2].txt
C:\Documents and Settings\MARION\Cookies\marion@allposters[2].txt
C:\Documents and Settings\MARION\Cookies\marion@bluestreak[1].txt
C:\Documents and Settings\MARION\Cookies\marion@clickintext[2].txt
C:\Documents and Settings\MARION\Cookies\marion@clubdasgatas-videos.blogspot[1].txt
C:\Documents and Settings\MARION\Cookies\marion@edt02[2].txt
C:\Documents and Settings\MARION\Cookies\marion@ehg-dig.hitbox[2].txt
C:\Documents and Settings\MARION\Cookies\marion@fnac[1].txt
C:\Documents and Settings\MARION\Cookies\marion@fr.msn[2].txt
C:\Documents and Settings\MARION\Cookies\marion@geocompteur[1].txt
C:\Documents and Settings\MARION\Cookies\marion@hotbar[2].txt
C:\Documents and Settings\MARION\Cookies\marion@live[2].txt
C:\Documents and Settings\MARION\Cookies\marion@news.fr.msn[1].txt
C:\Documents and Settings\MARION\Cookies\marion@orange[1].txt
C:\Documents and Settings\MARION\Cookies\marion@pages[1].txt
C:\Documents and Settings\MARION\Cookies\marion@regie.espace-plus[1].txt
C:\Documents and Settings\MARION\Cookies\marion@serving-sys[2].txt
C:\Documents and Settings\MARION\Cookies\marion@skyregie[1].txt
C:\Documents and Settings\MARION\Cookies\marion@specificclick[2].txt
C:\Documents and Settings\MARION\Cookies\marion@sweetim[2].txt
C:\Documents and Settings\MARION\Cookies\marion@trafiz[2].txt
C:\Documents and Settings\MARION\Cookies\marion@www.cdiscount[1].txt
C:\Documents and Settings\MARION\Cookies\marion@www.clubic[1].txt
C:\Documents and Settings\MARION\Cookies\marion@youtube[1].txt
C:\Documents and Settings\MARION\Mes documents\My Documents.url
C:\Program Files\ASpyC
C:\Program Files\ASpyC\ASpyC.exe
C:\Program Files\UAV
C:\Program Files\UAV\uav.cpl
C:\Program Files\UAV\uav.exe
C:\Program Files\UAV\uav1.dat
C:\WINDOWS\system32\604262
C:\WINDOWS\system32\604262\604262.dll
C:\WINDOWS\system32\MabryObj.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\ouhzw.dll
.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-16 to 2008-08-16 ))))))))))))))))))))))))))))))))))))
.
2008-08-16 10:44 . 2008-08-16 10:44 <REP> d-------- C:\Program Files\Trend Micro
2008-08-15 12:54 . 2008-08-08 10:45 166,912 --a------ C:\WINDOWS\system32\uav.cpl
2008-08-14 17:31 . 2008-08-16 10:53 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-14 17:29 . 2008-08-14 17:29 <REP> d-------- C:\Program Files\Applications
2008-08-14 17:29 . 2008-08-14 17:29 30,208 --a------ C:\WINDOWS\system32\ubpr01.exe
2008-08-13 17:14 . 2008-05-01 16:31 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-07-18 20:39 . 2008-07-18 20:39 587,264 --a------ C:\WINDOWS\WLXPGSS.SCR
2008-07-17 19:55 . 2008-07-17 19:55 <REP> d-------- C:\Program Files\MSXML 4.0
2008-07-16 19:07 . 2008-07-17 18:40 <REP> d-------- C:\Documents and Settings\MARION\Application Data\ArcSoft
2008-07-16 19:01 . 2008-07-16 19:01 <REP> d-------- C:\Documents and Settings\MARION\Application Data\Apple Computer
2008-07-16 19:00 . 2008-07-16 19:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-16 19:00 . 2008-07-16 19:00 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-16 18:59 . 2008-07-16 18:59 <REP> d-------- C:\Documents and Settings\MARION\Application Data\Nikon
2008-07-16 18:58 . 2008-07-16 19:11 0 ---h----- C:\Documents and Settings\All Users\Application Data\PKP_DLer.DAT
2008-07-16 18:56 . 2008-07-16 18:56 <REP> d-------- C:\Program Files\Fichiers communs\muvee Technologies
2008-07-16 18:56 . 2008-07-16 18:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nikon
2008-07-16 18:55 . 2008-07-16 18:58 <REP> d-------- C:\Program Files\Nikon
2008-07-16 18:55 . 2008-07-16 18:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ultima_T15
2008-07-16 18:55 . 2008-07-16 18:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\EnterNHelp
2008-07-16 18:55 . 2008-07-16 18:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Effects
2008-07-16 18:55 . 2008-07-22 19:01 20 ---h----- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
2008-07-16 18:49 . 2008-07-16 19:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-16 18:48 . 2008-07-16 18:48 <REP> d-------- C:\Program Files\ArcSoft
2008-07-16 18:47 . 2008-07-16 18:56 <REP> d-------- C:\Program Files\Fichiers communs\Nikon
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-16 09:41 --------- d-----w C:\Program Files\Wanadoo
2008-08-11 13:09 --------- d-----w C:\Program Files\Lexmark X1100 Series
2008-07-16 16:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-16 07:12 --------- d-----w C:\Documents and Settings\MARION\Application Data\AdobeUM
2008-07-15 16:19 --------- d-----w C:\Documents and Settings\MARION\Application Data\VTC Preferences Folder
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
.
------- Sigcheck -------
2002-08-30 13:00 12800 333a4db8410d8e24db06d6aebecdc7c2 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2004-08-19 17:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2004-08-20 01:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\svchost.exe
2004-08-19 17:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\system32\svchost.exe
2005-03-02 20:10 578048 0df75fb73f705b011630159a43d7c354 C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\user32.dll
2005-03-02 20:20 578048 c34920eb988ce98910bd6b0417f334eb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 17:50 579072 4d88aaf39adabfe45958ea1384e2c4ff C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2005-03-02 20:21 562176 6eef91ad23c3474c934174d11c6da321 C:\WINDOWS\$NtServicePackUninstall$\user32.dll
2004-08-19 17:09 578048 61c8c283ad063bb697ae61a155c64a5a C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2003-09-25 18:57 561152 78524a7af390ea5071b400936c73e4ff C:\WINDOWS\$NtUninstallKB890859_0$\user32.dll
2005-03-02 20:10 578048 0df75fb73f705b011630159a43d7c354 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2004-08-19 17:09 578048 61c8c283ad063bb697ae61a155c64a5a C:\WINDOWS\ServicePackFiles\i386\user32.dll
2004-08-20 01:09 578048 61c8c283ad063bb697ae61a155c64a5a C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\user32.dll
2005-03-02 20:21 562176 6eef91ad23c3474c934174d11c6da321 C:\WINDOWS\SoftwareDistribution\Download\cbdc1787b6b277961f5fc0d18aa5c3d2\sp1qfe\user32.dll
2007-03-08 17:37 578560 753354f594809a9b96f73999b435a533 C:\WINDOWS\system32\user32.dll
2007-03-08 17:37 578560 753354f594809a9b96f73999b435a533 C:\WINDOWS\system32\dllcache\user32.dll
2006-08-16 14:16 70656 7279695b154a49550f675a985265b00a C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
2002-08-30 13:00 75264 20c6d9f9522dda0f9a8e4b8641ca9245 C:\WINDOWS\$NtUninstallKB914388_0$\ws2_32.dll
2006-05-19 14:14 70656 93307e5f8389a7474511dc51165694e5 C:\WINDOWS\$NtUninstallKB922819_0$\ws2_32.dll
2004-08-19 17:09 82944 eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2004-08-20 01:09 82944 eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ws2_32.dll
2004-08-19 17:09 82944 eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\system32\ws2_32.dll
2002-08-30 13:00 520704 71820bc9ee6653c8748922459dfc384d C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2004-08-19 17:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-08-20 01:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\winlogon.exe
2004-08-19 17:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\system32\winlogon.exe
2002-08-30 13:00 167552 3b350e5a2a5e951453f3993275a4523a C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
2004-08-04 00:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2004-08-04 08:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ndis.sys
2004-08-04 00:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
2004-08-04 00:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2004-08-04 08:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ip6fw.sys
2004-08-04 00:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
2005-03-02 20:07 2058880 73fa9c95d235844a36968c7852c7dbdd C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\ntkrnlpa.exe
2005-03-02 20:13 2059008 5311776074b6c13f983dc75baeac9c0c C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 18:08 2061440 7a56a64eb50399613587e90292dd2aab C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2005-03-02 20:17 1959424 d0a4b5f428873b73a75178605b6db10d C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
2004-08-19 17:04 2058880 f252fae094c54572ece38a039f2103c4 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2003-09-19 21:41 1956736 f1cfcbe13662bad0be4a1b148b278b75 C:\WINDOWS\$NtUninstallKB890859_0$\ntkrnlpa.exe
2005-03-02 20:07 2058880 73fa9c95d235844a36968c7852c7dbdd C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2002-08-30 13:00 1951488 4560381fa3425b16f5df1a0de4814de7 C:\WINDOWS\$NtUninstallq330512$\ntkrnlpa.exe
2002-12-12 13:23 1951872 27b4ee48cb189d2505d3ffd6226b770f C:\WINDOWS\$NtUninstallQ330909$\ntkrnlpa.exe
2003-02-05 11:28 1951872 c43bd608a00e80d499a660ae103f0fe3 C:\WINDOWS\$NtUninstallQ814545$\ntkrnlpa.exe
2007-02-28 18:02 2059648 a1d5231403329478ae4fe2778c55c77f C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2004-08-19 17:04 2058880 f252fae094c54572ece38a039f2103c4 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2004-08-20 01:04 2058880 f252fae094c54572ece38a039f2103c4 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ntkrnlpa.exe
2007-02-28 18:02 2059648 a1d5231403329478ae4fe2778c55c77f C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 18:02 2059648 a1d5231403329478ae4fe2778c55c77f C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2005-03-02 20:08 2181376 63729dd0f2aae36cc52b89c05505146c C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\ntoskrnl.exe
2005-03-02 20:13 2181632 3e2a0a4a0c0b19fc113618a9562a3b2a C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 18:08 2184192 8e244108562e0e452eb68dff64cb08a9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2005-03-02 20:17 2044416 131b4b0968e429b4221a7f0d8f0a26c7 C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
2004-08-19 17:04 2183040 7d38ce4398e6aa6339b4644feadcc0d8 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2003-09-19 21:41 2053120 c32f8d7489f3ba8d41301b7c37fc6c5c C:\WINDOWS\$NtUninstallKB890859_0$\ntoskrnl.exe
2005-03-02 20:08 2181376 63729dd0f2aae36cc52b89c05505146c C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2002-08-30 13:00 2045824 f58b3ce36566d6061a496dc595a8aaa3 C:\WINDOWS\$NtUninstallq330512$\ntoskrnl.exe
2002-12-12 13:23 1928064 5a110215ad06d3a112937d60b4a95629 C:\WINDOWS\$NtUninstallQ330909$\ntoskrnl.exe
2003-02-05 11:28 1928064 43c9cb1c8a927912b0a70b3db67f0552 C:\WINDOWS\$NtUninstallQ814545$\ntoskrnl.exe
2007-02-28 18:02 2182400 7d6d19aac51a4325f6039f083c22303c C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2004-08-19 17:04 2183040 7d38ce4398e6aa6339b4644feadcc0d8 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2004-08-20 01:04 2183040 7d38ce4398e6aa6339b4644feadcc0d8 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ntoskrnl.exe
2007-02-28 18:02 2182400 7d6d19aac51a4325f6039f083c22303c C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 18:02 2182400 7d6d19aac51a4325f6039f083c22303c C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2002-08-30 13:00 1008128 82fe0d400cb1ac937234467b927b867a C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-19 17:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2004-08-19 17:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2004-08-20 01:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\explorer.exe
2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\system32\dllcache\explorer.exe
2002-08-30 13:00 101888 fc0691097471ee374907e1024edcbd43 C:\WINDOWS\$NtServicePackUninstall$\services.exe
2004-08-19 17:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\ServicePackFiles\i386\services.exe
2004-08-20 01:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\services.exe
2004-08-19 17:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\system32\services.exe
2002-08-30 13:00 11776 b7b1c150aff59455db4df082815f88f5 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
2004-08-19 17:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2004-08-20 01:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\lsass.exe
2004-08-19 17:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\system32\lsass.exe
2002-08-30 13:00 13312 2c856908ee61424238772508e9fbcbc8 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2004-08-19 17:09 15360 64e41e8fee655b03e3f19ded21ba5118 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2004-08-20 01:09 15360 64e41e8fee655b03e3f19ded21ba5118 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ctfmon.exe
2004-08-19 17:09 15360 64e41e8fee655b03e3f19ded21ba5118 C:\WINDOWS\system32\ctfmon.exe
2005-06-11 01:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\$hf_mig$\KB896423\SP2GDR\spoolsv.exe
2005-06-11 02:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2005-06-11 01:55 53248 6b4bf97957a0b8795811975d4bf1acfe C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
2004-08-19 17:10 57856 df9fc62ad51cb082b0ae371919a232cb C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2002-08-30 13:00 51200 b1ce5287f096895d9be26eb86f4d5faf C:\WINDOWS\$NtUninstallKB896423_0$\spoolsv.exe
2004-08-19 17:10 57856 df9fc62ad51cb082b0ae371919a232cb C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
2004-08-20 01:10 57856 df9fc62ad51cb082b0ae371919a232cb C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\spoolsv.exe
2005-06-11 01:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\system32\spoolsv.exe
2002-08-30 13:00 22528 f4127a2a00825c69a870035da1264ae0 C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
2004-08-19 17:10 25088 84717891f0734c611721f56c60b5fbc3 C:\WINDOWS\ServicePackFiles\i386\userinit.exe
2004-08-20 01:10 25088 84717891f0734c611721f56c60b5fbc3 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\userinit.exe
2004-08-19 17:10 25088 84717891f0734c611721f56c60b5fbc3 C:\WINDOWS\system32\userinit.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55 32768]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09 15360]
"wblogon"="C:\WINDOWS\system32\ubpr01.exe" [2008-08-14 17:29 30208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 16:48 57344]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-08-04 11:44 151597]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 15:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55 32768]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-06-24 18:38 368640]
"VTTimer"="VTTimer.exe" [2003-05-07 16:32 36864 C:\WINDOWS\system32\VTTimer.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 16:53 65024 C:\WINDOWS\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 17:09 15360]
C:\Documents and Settings\MARION\Menu D‚marrer\Programmes\D‚marrage\
Nikon Monitor.lnk - C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2007-05-15 18:13:10 479232]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 23:05:56 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
2008-08-16 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-ASpyC - C:\Program Files\ASpyC\ASpyC.exe
HKCU-Run-Antivirus - C:\Program Files\UAV\uav.exe
HKLM-Run-Antivirus - C:\Program Files\UAV\uav.exe
SharedTaskScheduler-{97d2dfac-9acb-4d6f-ac2b-ab6ee090f649} - C:\WINDOWS\system32\ouhzw.dll
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Search Page = hxxp://internetsearchservice.com
R0 -: HKCU-Main,Start Page = hxxp://www.01net.com/telecharger/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
R0 -: HKCU-Main,Default_Search_URL = hxxp://internetsearchservice.com
R0 -: HKLM-Main,Default_Page_URL = hxxp://www.01net.com/telecharger/
R0 -: HKLM-Main,Default_Search_URL = hxxp://internetsearchservice.com
R0 -: HKLM-Main,Search Page = hxxp://internetsearchservice.com
R0 -: HKLM-Main,Start Page = hxxp://www.01net.com/telecharger/
R0 -: HKLM-Main,Search Bar = hxxp://internetsearchservice.com/ie6.html
R0 -: HKLM-Main,SearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
R1 -: HKLM-Internet Explorer,SearchURL = hxxp://internetsearchservice.com
R0 -: HKLM-Search,SearchAssistant = hxxp://internetsearchservice.com
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
O16 -: {0427F569-3D57-4F10-B9FB-8D71A6A7BE24} - file://C:\Documents and Settings\MARION\Local Settings\Temp\[u]0/uTFFKRG\frmeditor.ocx
C:\WINDOWS\Downloaded Program Files\frmeditor.ocx
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-16 11:54:07
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
Temps d'accomplissement: 2008-08-16 12:03:20
ComboFix-quarantined-files.txt 2008-08-16 10:02:20
Pre-Run: 57,286,500,352 octets libres
Post-Run: 58,960,429,056 octets libres
266 --- E O F --- 2008-08-13 17:50:52
Ces saletés ont l'air d'avoir disparues... =)
ComboFix 08-08-14.05 - MARION 2008-08-16 11:44:49.1 - NTFSx86
Endroit: C:\Documents and Settings\MARION\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\MARION\Bureau\Ultimate Antivirus 2008.lnk
C:\Documents and Settings\MARION\Cookies\marion@ad.yieldmanager[1].txt
C:\Documents and Settings\MARION\Cookies\marion@advertising[1].txt
C:\Documents and Settings\MARION\Cookies\marion@advertstream[2].txt
C:\Documents and Settings\MARION\Cookies\marion@allposters[2].txt
C:\Documents and Settings\MARION\Cookies\marion@bluestreak[1].txt
C:\Documents and Settings\MARION\Cookies\marion@clickintext[2].txt
C:\Documents and Settings\MARION\Cookies\marion@clubdasgatas-videos.blogspot[1].txt
C:\Documents and Settings\MARION\Cookies\marion@edt02[2].txt
C:\Documents and Settings\MARION\Cookies\marion@ehg-dig.hitbox[2].txt
C:\Documents and Settings\MARION\Cookies\marion@fnac[1].txt
C:\Documents and Settings\MARION\Cookies\marion@fr.msn[2].txt
C:\Documents and Settings\MARION\Cookies\marion@geocompteur[1].txt
C:\Documents and Settings\MARION\Cookies\marion@hotbar[2].txt
C:\Documents and Settings\MARION\Cookies\marion@live[2].txt
C:\Documents and Settings\MARION\Cookies\marion@news.fr.msn[1].txt
C:\Documents and Settings\MARION\Cookies\marion@orange[1].txt
C:\Documents and Settings\MARION\Cookies\marion@pages[1].txt
C:\Documents and Settings\MARION\Cookies\marion@regie.espace-plus[1].txt
C:\Documents and Settings\MARION\Cookies\marion@serving-sys[2].txt
C:\Documents and Settings\MARION\Cookies\marion@skyregie[1].txt
C:\Documents and Settings\MARION\Cookies\marion@specificclick[2].txt
C:\Documents and Settings\MARION\Cookies\marion@sweetim[2].txt
C:\Documents and Settings\MARION\Cookies\marion@trafiz[2].txt
C:\Documents and Settings\MARION\Cookies\marion@www.cdiscount[1].txt
C:\Documents and Settings\MARION\Cookies\marion@www.clubic[1].txt
C:\Documents and Settings\MARION\Cookies\marion@youtube[1].txt
C:\Documents and Settings\MARION\Mes documents\My Documents.url
C:\Program Files\ASpyC
C:\Program Files\ASpyC\ASpyC.exe
C:\Program Files\UAV
C:\Program Files\UAV\uav.cpl
C:\Program Files\UAV\uav.exe
C:\Program Files\UAV\uav1.dat
C:\WINDOWS\system32\604262
C:\WINDOWS\system32\604262\604262.dll
C:\WINDOWS\system32\MabryObj.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\ouhzw.dll
.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-16 to 2008-08-16 ))))))))))))))))))))))))))))))))))))
.
2008-08-16 10:44 . 2008-08-16 10:44 <REP> d-------- C:\Program Files\Trend Micro
2008-08-15 12:54 . 2008-08-08 10:45 166,912 --a------ C:\WINDOWS\system32\uav.cpl
2008-08-14 17:31 . 2008-08-16 10:53 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-14 17:29 . 2008-08-14 17:29 <REP> d-------- C:\Program Files\Applications
2008-08-14 17:29 . 2008-08-14 17:29 30,208 --a------ C:\WINDOWS\system32\ubpr01.exe
2008-08-13 17:14 . 2008-05-01 16:31 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-07-18 20:39 . 2008-07-18 20:39 587,264 --a------ C:\WINDOWS\WLXPGSS.SCR
2008-07-17 19:55 . 2008-07-17 19:55 <REP> d-------- C:\Program Files\MSXML 4.0
2008-07-16 19:07 . 2008-07-17 18:40 <REP> d-------- C:\Documents and Settings\MARION\Application Data\ArcSoft
2008-07-16 19:01 . 2008-07-16 19:01 <REP> d-------- C:\Documents and Settings\MARION\Application Data\Apple Computer
2008-07-16 19:00 . 2008-07-16 19:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-16 19:00 . 2008-07-16 19:00 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-16 18:59 . 2008-07-16 18:59 <REP> d-------- C:\Documents and Settings\MARION\Application Data\Nikon
2008-07-16 18:58 . 2008-07-16 19:11 0 ---h----- C:\Documents and Settings\All Users\Application Data\PKP_DLer.DAT
2008-07-16 18:56 . 2008-07-16 18:56 <REP> d-------- C:\Program Files\Fichiers communs\muvee Technologies
2008-07-16 18:56 . 2008-07-16 18:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nikon
2008-07-16 18:55 . 2008-07-16 18:58 <REP> d-------- C:\Program Files\Nikon
2008-07-16 18:55 . 2008-07-16 18:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ultima_T15
2008-07-16 18:55 . 2008-07-16 18:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\EnterNHelp
2008-07-16 18:55 . 2008-07-16 18:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Effects
2008-07-16 18:55 . 2008-07-22 19:01 20 ---h----- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
2008-07-16 18:49 . 2008-07-16 19:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-16 18:48 . 2008-07-16 18:48 <REP> d-------- C:\Program Files\ArcSoft
2008-07-16 18:47 . 2008-07-16 18:56 <REP> d-------- C:\Program Files\Fichiers communs\Nikon
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-16 09:41 --------- d-----w C:\Program Files\Wanadoo
2008-08-11 13:09 --------- d-----w C:\Program Files\Lexmark X1100 Series
2008-07-16 16:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-16 07:12 --------- d-----w C:\Documents and Settings\MARION\Application Data\AdobeUM
2008-07-15 16:19 --------- d-----w C:\Documents and Settings\MARION\Application Data\VTC Preferences Folder
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
.
------- Sigcheck -------
2002-08-30 13:00 12800 333a4db8410d8e24db06d6aebecdc7c2 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2004-08-19 17:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2004-08-20 01:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\svchost.exe
2004-08-19 17:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\system32\svchost.exe
2005-03-02 20:10 578048 0df75fb73f705b011630159a43d7c354 C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\user32.dll
2005-03-02 20:20 578048 c34920eb988ce98910bd6b0417f334eb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 17:50 579072 4d88aaf39adabfe45958ea1384e2c4ff C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2005-03-02 20:21 562176 6eef91ad23c3474c934174d11c6da321 C:\WINDOWS\$NtServicePackUninstall$\user32.dll
2004-08-19 17:09 578048 61c8c283ad063bb697ae61a155c64a5a C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2003-09-25 18:57 561152 78524a7af390ea5071b400936c73e4ff C:\WINDOWS\$NtUninstallKB890859_0$\user32.dll
2005-03-02 20:10 578048 0df75fb73f705b011630159a43d7c354 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2004-08-19 17:09 578048 61c8c283ad063bb697ae61a155c64a5a C:\WINDOWS\ServicePackFiles\i386\user32.dll
2004-08-20 01:09 578048 61c8c283ad063bb697ae61a155c64a5a C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\user32.dll
2005-03-02 20:21 562176 6eef91ad23c3474c934174d11c6da321 C:\WINDOWS\SoftwareDistribution\Download\cbdc1787b6b277961f5fc0d18aa5c3d2\sp1qfe\user32.dll
2007-03-08 17:37 578560 753354f594809a9b96f73999b435a533 C:\WINDOWS\system32\user32.dll
2007-03-08 17:37 578560 753354f594809a9b96f73999b435a533 C:\WINDOWS\system32\dllcache\user32.dll
2006-08-16 14:16 70656 7279695b154a49550f675a985265b00a C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
2002-08-30 13:00 75264 20c6d9f9522dda0f9a8e4b8641ca9245 C:\WINDOWS\$NtUninstallKB914388_0$\ws2_32.dll
2006-05-19 14:14 70656 93307e5f8389a7474511dc51165694e5 C:\WINDOWS\$NtUninstallKB922819_0$\ws2_32.dll
2004-08-19 17:09 82944 eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2004-08-20 01:09 82944 eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ws2_32.dll
2004-08-19 17:09 82944 eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\system32\ws2_32.dll
2002-08-30 13:00 520704 71820bc9ee6653c8748922459dfc384d C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2004-08-19 17:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-08-20 01:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\winlogon.exe
2004-08-19 17:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\system32\winlogon.exe
2002-08-30 13:00 167552 3b350e5a2a5e951453f3993275a4523a C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
2004-08-04 00:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2004-08-04 08:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ndis.sys
2004-08-04 00:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
2004-08-04 00:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2004-08-04 08:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ip6fw.sys
2004-08-04 00:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
2005-03-02 20:07 2058880 73fa9c95d235844a36968c7852c7dbdd C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\ntkrnlpa.exe
2005-03-02 20:13 2059008 5311776074b6c13f983dc75baeac9c0c C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 18:08 2061440 7a56a64eb50399613587e90292dd2aab C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2005-03-02 20:17 1959424 d0a4b5f428873b73a75178605b6db10d C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
2004-08-19 17:04 2058880 f252fae094c54572ece38a039f2103c4 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2003-09-19 21:41 1956736 f1cfcbe13662bad0be4a1b148b278b75 C:\WINDOWS\$NtUninstallKB890859_0$\ntkrnlpa.exe
2005-03-02 20:07 2058880 73fa9c95d235844a36968c7852c7dbdd C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2002-08-30 13:00 1951488 4560381fa3425b16f5df1a0de4814de7 C:\WINDOWS\$NtUninstallq330512$\ntkrnlpa.exe
2002-12-12 13:23 1951872 27b4ee48cb189d2505d3ffd6226b770f C:\WINDOWS\$NtUninstallQ330909$\ntkrnlpa.exe
2003-02-05 11:28 1951872 c43bd608a00e80d499a660ae103f0fe3 C:\WINDOWS\$NtUninstallQ814545$\ntkrnlpa.exe
2007-02-28 18:02 2059648 a1d5231403329478ae4fe2778c55c77f C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2004-08-19 17:04 2058880 f252fae094c54572ece38a039f2103c4 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2004-08-20 01:04 2058880 f252fae094c54572ece38a039f2103c4 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ntkrnlpa.exe
2007-02-28 18:02 2059648 a1d5231403329478ae4fe2778c55c77f C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 18:02 2059648 a1d5231403329478ae4fe2778c55c77f C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2005-03-02 20:08 2181376 63729dd0f2aae36cc52b89c05505146c C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\ntoskrnl.exe
2005-03-02 20:13 2181632 3e2a0a4a0c0b19fc113618a9562a3b2a C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 18:08 2184192 8e244108562e0e452eb68dff64cb08a9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2005-03-02 20:17 2044416 131b4b0968e429b4221a7f0d8f0a26c7 C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
2004-08-19 17:04 2183040 7d38ce4398e6aa6339b4644feadcc0d8 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2003-09-19 21:41 2053120 c32f8d7489f3ba8d41301b7c37fc6c5c C:\WINDOWS\$NtUninstallKB890859_0$\ntoskrnl.exe
2005-03-02 20:08 2181376 63729dd0f2aae36cc52b89c05505146c C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2002-08-30 13:00 2045824 f58b3ce36566d6061a496dc595a8aaa3 C:\WINDOWS\$NtUninstallq330512$\ntoskrnl.exe
2002-12-12 13:23 1928064 5a110215ad06d3a112937d60b4a95629 C:\WINDOWS\$NtUninstallQ330909$\ntoskrnl.exe
2003-02-05 11:28 1928064 43c9cb1c8a927912b0a70b3db67f0552 C:\WINDOWS\$NtUninstallQ814545$\ntoskrnl.exe
2007-02-28 18:02 2182400 7d6d19aac51a4325f6039f083c22303c C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2004-08-19 17:04 2183040 7d38ce4398e6aa6339b4644feadcc0d8 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2004-08-20 01:04 2183040 7d38ce4398e6aa6339b4644feadcc0d8 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ntoskrnl.exe
2007-02-28 18:02 2182400 7d6d19aac51a4325f6039f083c22303c C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 18:02 2182400 7d6d19aac51a4325f6039f083c22303c C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2002-08-30 13:00 1008128 82fe0d400cb1ac937234467b927b867a C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-19 17:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2004-08-19 17:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2004-08-20 01:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\explorer.exe
2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\system32\dllcache\explorer.exe
2002-08-30 13:00 101888 fc0691097471ee374907e1024edcbd43 C:\WINDOWS\$NtServicePackUninstall$\services.exe
2004-08-19 17:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\ServicePackFiles\i386\services.exe
2004-08-20 01:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\services.exe
2004-08-19 17:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\system32\services.exe
2002-08-30 13:00 11776 b7b1c150aff59455db4df082815f88f5 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
2004-08-19 17:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2004-08-20 01:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\lsass.exe
2004-08-19 17:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\system32\lsass.exe
2002-08-30 13:00 13312 2c856908ee61424238772508e9fbcbc8 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2004-08-19 17:09 15360 64e41e8fee655b03e3f19ded21ba5118 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2004-08-20 01:09 15360 64e41e8fee655b03e3f19ded21ba5118 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ctfmon.exe
2004-08-19 17:09 15360 64e41e8fee655b03e3f19ded21ba5118 C:\WINDOWS\system32\ctfmon.exe
2005-06-11 01:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\$hf_mig$\KB896423\SP2GDR\spoolsv.exe
2005-06-11 02:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2005-06-11 01:55 53248 6b4bf97957a0b8795811975d4bf1acfe C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
2004-08-19 17:10 57856 df9fc62ad51cb082b0ae371919a232cb C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2002-08-30 13:00 51200 b1ce5287f096895d9be26eb86f4d5faf C:\WINDOWS\$NtUninstallKB896423_0$\spoolsv.exe
2004-08-19 17:10 57856 df9fc62ad51cb082b0ae371919a232cb C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
2004-08-20 01:10 57856 df9fc62ad51cb082b0ae371919a232cb C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\spoolsv.exe
2005-06-11 01:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\system32\spoolsv.exe
2002-08-30 13:00 22528 f4127a2a00825c69a870035da1264ae0 C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
2004-08-19 17:10 25088 84717891f0734c611721f56c60b5fbc3 C:\WINDOWS\ServicePackFiles\i386\userinit.exe
2004-08-20 01:10 25088 84717891f0734c611721f56c60b5fbc3 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\userinit.exe
2004-08-19 17:10 25088 84717891f0734c611721f56c60b5fbc3 C:\WINDOWS\system32\userinit.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55 32768]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09 15360]
"wblogon"="C:\WINDOWS\system32\ubpr01.exe" [2008-08-14 17:29 30208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 16:48 57344]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-08-04 11:44 151597]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 15:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55 32768]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-06-24 18:38 368640]
"VTTimer"="VTTimer.exe" [2003-05-07 16:32 36864 C:\WINDOWS\system32\VTTimer.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 16:53 65024 C:\WINDOWS\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 17:09 15360]
C:\Documents and Settings\MARION\Menu D‚marrer\Programmes\D‚marrage\
Nikon Monitor.lnk - C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2007-05-15 18:13:10 479232]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 23:05:56 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
2008-08-16 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-ASpyC - C:\Program Files\ASpyC\ASpyC.exe
HKCU-Run-Antivirus - C:\Program Files\UAV\uav.exe
HKLM-Run-Antivirus - C:\Program Files\UAV\uav.exe
SharedTaskScheduler-{97d2dfac-9acb-4d6f-ac2b-ab6ee090f649} - C:\WINDOWS\system32\ouhzw.dll
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Search Page = hxxp://internetsearchservice.com
R0 -: HKCU-Main,Start Page = hxxp://www.01net.com/telecharger/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
R0 -: HKCU-Main,Default_Search_URL = hxxp://internetsearchservice.com
R0 -: HKLM-Main,Default_Page_URL = hxxp://www.01net.com/telecharger/
R0 -: HKLM-Main,Default_Search_URL = hxxp://internetsearchservice.com
R0 -: HKLM-Main,Search Page = hxxp://internetsearchservice.com
R0 -: HKLM-Main,Start Page = hxxp://www.01net.com/telecharger/
R0 -: HKLM-Main,Search Bar = hxxp://internetsearchservice.com/ie6.html
R0 -: HKLM-Main,SearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
R1 -: HKLM-Internet Explorer,SearchURL = hxxp://internetsearchservice.com
R0 -: HKLM-Search,SearchAssistant = hxxp://internetsearchservice.com
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
O16 -: {0427F569-3D57-4F10-B9FB-8D71A6A7BE24} - file://C:\Documents and Settings\MARION\Local Settings\Temp\[u]0/uTFFKRG\frmeditor.ocx
C:\WINDOWS\Downloaded Program Files\frmeditor.ocx
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-16 11:54:07
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
Temps d'accomplissement: 2008-08-16 12:03:20
ComboFix-quarantined-files.txt 2008-08-16 10:02:20
Pre-Run: 57,286,500,352 octets libres
Post-Run: 58,960,429,056 octets libres
266 --- E O F --- 2008-08-13 17:50:52
Ces saletés ont l'air d'avoir disparues... =)
Copie le texte ci-dessous :
File::
C:\WINDOWS\system32\ubpr01.exe
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"wblogon"=-
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
File::
C:\WINDOWS\system32\ubpr01.exe
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"wblogon"=-
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
Rapport Combofix:
ComboFix 08-08-14.05 - MARION 2008-08-16 14:09:19.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.28 [GMT 2:00]
Endroit: C:\Documents and Settings\MARION\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\MARION\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
* Resident AV is active
FILE ::
C:\WINDOWS\system32\ubpr01.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\MARION\Cookies\marion@orange[1].txt
C:\Documents and Settings\MARION\Cookies\marion@tradedoubler[1].txt
.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-16 to 2008-08-16 ))))))))))))))))))))))))))))))))))))
.
2008-08-16 10:44 . 2008-08-16 10:44 <REP> d-------- C:\Program Files\Trend Micro
2008-08-15 12:54 . 2008-08-08 10:45 166,912 --a------ C:\WINDOWS\system32\uav.cpl
2008-08-14 17:31 . 2008-08-16 10:53 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-14 17:29 . 2008-08-14 17:29 <REP> d-------- C:\Program Files\Applications
2008-08-13 17:14 . 2008-05-01 16:31 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-07-18 20:39 . 2008-07-18 20:39 587,264 --a------ C:\WINDOWS\WLXPGSS.SCR
2008-07-17 19:55 . 2008-07-17 19:55 <REP> d-------- C:\Program Files\MSXML 4.0
2008-07-16 19:07 . 2008-07-17 18:40 <REP> d-------- C:\Documents and Settings\MARION\Application Data\ArcSoft
2008-07-16 19:01 . 2008-07-16 19:01 <REP> d-------- C:\Documents and Settings\MARION\Application Data\Apple Computer
2008-07-16 19:00 . 2008-07-16 19:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-16 19:00 . 2008-07-16 19:00 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-16 18:59 . 2008-07-16 18:59 <REP> d-------- C:\Documents and Settings\MARION\Application Data\Nikon
2008-07-16 18:58 . 2008-07-16 19:11 0 ---h----- C:\Documents and Settings\All Users\Application Data\PKP_DLer.DAT
2008-07-16 18:56 . 2008-07-16 18:56 <REP> d-------- C:\Program Files\Fichiers communs\muvee Technologies
2008-07-16 18:56 . 2008-07-16 18:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nikon
2008-07-16 18:55 . 2008-07-16 18:58 <REP> d-------- C:\Program Files\Nikon
2008-07-16 18:55 . 2008-07-16 18:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ultima_T15
2008-07-16 18:55 . 2008-07-16 18:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\EnterNHelp
2008-07-16 18:55 . 2008-07-16 18:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Effects
2008-07-16 18:55 . 2008-07-22 19:01 20 ---h----- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
2008-07-16 18:49 . 2008-07-16 19:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-16 18:48 . 2008-07-16 18:48 <REP> d-------- C:\Program Files\ArcSoft
2008-07-16 18:47 . 2008-07-16 18:56 <REP> d-------- C:\Program Files\Fichiers communs\Nikon
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-16 12:20 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-08-16 12:05 --------- d-----w C:\Program Files\Wanadoo
2008-08-11 13:09 --------- d-----w C:\Program Files\Lexmark X1100 Series
2008-07-16 16:54 106,496 ----a-w C:\WINDOWS\system32\ATL71.DLL
2008-07-16 16:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-16 07:12 --------- d-----w C:\Documents and Settings\MARION\Application Data\AdobeUM
2008-07-15 16:19 --------- d-----w C:\Documents and Settings\MARION\Application Data\VTC Preferences Folder
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:31 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 08:28 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 09:21 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:21 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
.
------- Sigcheck -------
2002-08-30 13:00 12800 333a4db8410d8e24db06d6aebecdc7c2 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2004-08-19 17:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2004-08-20 01:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\svchost.exe
2004-08-19 17:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\system32\svchost.exe
2005-03-02 20:10 578048 0df75fb73f705b011630159a43d7c354 C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\user32.dll
2005-03-02 20:20 578048 c34920eb988ce98910bd6b0417f334eb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 17:50 579072 4d88aaf39adabfe45958ea1384e2c4ff C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2005-03-02 20:21 562176 6eef91ad23c3474c934174d11c6da321 C:\WINDOWS\$NtServicePackUninstall$\user32.dll
2004-08-19 17:09 578048 61c8c283ad063bb697ae61a155c64a5a C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2003-09-25 18:57 561152 78524a7af390ea5071b400936c73e4ff C:\WINDOWS\$NtUninstallKB890859_0$\user32.dll
2005-03-02 20:10 578048 0df75fb73f705b011630159a43d7c354 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2004-08-19 17:09 578048 61c8c283ad063bb697ae61a155c64a5a C:\WINDOWS\ServicePackFiles\i386\user32.dll
2004-08-20 01:09 578048 61c8c283ad063bb697ae61a155c64a5a C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\user32.dll
2005-03-02 20:21 562176 6eef91ad23c3474c934174d11c6da321 C:\WINDOWS\SoftwareDistribution\Download\cbdc1787b6b277961f5fc0d18aa5c3d2\sp1qfe\user32.dll
2007-03-08 17:37 578560 753354f594809a9b96f73999b435a533 C:\WINDOWS\system32\user32.dll
2007-03-08 17:37 578560 753354f594809a9b96f73999b435a533 C:\WINDOWS\system32\dllcache\user32.dll
2006-08-16 14:16 70656 7279695b154a49550f675a985265b00a C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
2002-08-30 13:00 75264 20c6d9f9522dda0f9a8e4b8641ca9245 C:\WINDOWS\$NtUninstallKB914388_0$\ws2_32.dll
2006-05-19 14:14 70656 93307e5f8389a7474511dc51165694e5 C:\WINDOWS\$NtUninstallKB922819_0$\ws2_32.dll
2004-08-19 17:09 82944 eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2004-08-20 01:09 82944 eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ws2_32.dll
2004-08-19 17:09 82944 eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\system32\ws2_32.dll
2002-08-30 13:00 520704 71820bc9ee6653c8748922459dfc384d C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2004-08-19 17:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-08-20 01:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\winlogon.exe
2004-08-19 17:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\system32\winlogon.exe
2002-08-30 13:00 167552 3b350e5a2a5e951453f3993275a4523a C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
2004-08-04 00:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2004-08-04 08:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ndis.sys
2004-08-04 00:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
2004-08-04 00:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2004-08-04 08:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ip6fw.sys
2004-08-04 00:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
2005-03-02 20:07 2058880 73fa9c95d235844a36968c7852c7dbdd C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\ntkrnlpa.exe
2005-03-02 20:13 2059008 5311776074b6c13f983dc75baeac9c0c C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 18:08 2061440 7a56a64eb50399613587e90292dd2aab C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2005-03-02 20:17 1959424 d0a4b5f428873b73a75178605b6db10d C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
2004-08-19 17:04 2058880 f252fae094c54572ece38a039f2103c4 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2003-09-19 21:41 1956736 f1cfcbe13662bad0be4a1b148b278b75 C:\WINDOWS\$NtUninstallKB890859_0$\ntkrnlpa.exe
2005-03-02 20:07 2058880 73fa9c95d235844a36968c7852c7dbdd C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2002-08-30 13:00 1951488 4560381fa3425b16f5df1a0de4814de7 C:\WINDOWS\$NtUninstallq330512$\ntkrnlpa.exe
2002-12-12 13:23 1951872 27b4ee48cb189d2505d3ffd6226b770f C:\WINDOWS\$NtUninstallQ330909$\ntkrnlpa.exe
2003-02-05 11:28 1951872 c43bd608a00e80d499a660ae103f0fe3 C:\WINDOWS\$NtUninstallQ814545$\ntkrnlpa.exe
2007-02-28 18:02 2059648 a1d5231403329478ae4fe2778c55c77f C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2004-08-19 17:04 2058880 f252fae094c54572ece38a039f2103c4 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2004-08-20 01:04 2058880 f252fae094c54572ece38a039f2103c4 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ntkrnlpa.exe
2007-02-28 18:02 2059648 a1d5231403329478ae4fe2778c55c77f C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 18:02 2059648 a1d5231403329478ae4fe2778c55c77f C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2005-03-02 20:08 2181376 63729dd0f2aae36cc52b89c05505146c C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\ntoskrnl.exe
2005-03-02 20:13 2181632 3e2a0a4a0c0b19fc113618a9562a3b2a C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 18:08 2184192 8e244108562e0e452eb68dff64cb08a9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2005-03-02 20:17 2044416 131b4b0968e429b4221a7f0d8f0a26c7 C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
2004-08-19 17:04 2183040 7d38ce4398e6aa6339b4644feadcc0d8 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2003-09-19 21:41 2053120 c32f8d7489f3ba8d41301b7c37fc6c5c C:\WINDOWS\$NtUninstallKB890859_0$\ntoskrnl.exe
2005-03-02 20:08 2181376 63729dd0f2aae36cc52b89c05505146c C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2002-08-30 13:00 2045824 f58b3ce36566d6061a496dc595a8aaa3 C:\WINDOWS\$NtUninstallq330512$\ntoskrnl.exe
2002-12-12 13:23 1928064 5a110215ad06d3a112937d60b4a95629 C:\WINDOWS\$NtUninstallQ330909$\ntoskrnl.exe
2003-02-05 11:28 1928064 43c9cb1c8a927912b0a70b3db67f0552 C:\WINDOWS\$NtUninstallQ814545$\ntoskrnl.exe
2007-02-28 18:02 2182400 7d6d19aac51a4325f6039f083c22303c C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2004-08-19 17:04 2183040 7d38ce4398e6aa6339b4644feadcc0d8 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2004-08-20 01:04 2183040 7d38ce4398e6aa6339b4644feadcc0d8 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ntoskrnl.exe
2007-02-28 18:02 2182400 7d6d19aac51a4325f6039f083c22303c C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 18:02 2182400 7d6d19aac51a4325f6039f083c22303c C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2002-08-30 13:00 1008128 82fe0d400cb1ac937234467b927b867a C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-19 17:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2004-08-19 17:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2004-08-20 01:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\explorer.exe
2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\system32\dllcache\explorer.exe
2002-08-30 13:00 101888 fc0691097471ee374907e1024edcbd43 C:\WINDOWS\$NtServicePackUninstall$\services.exe
2004-08-19 17:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\ServicePackFiles\i386\services.exe
2004-08-20 01:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\services.exe
2004-08-19 17:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\system32\services.exe
2002-08-30 13:00 11776 b7b1c150aff59455db4df082815f88f5 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
2004-08-19 17:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2004-08-20 01:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\lsass.exe
2004-08-19 17:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\system32\lsass.exe
2002-08-30 13:00 13312 2c856908ee61424238772508e9fbcbc8 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2004-08-19 17:09 15360 64e41e8fee655b03e3f19ded21ba5118 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2004-08-20 01:09 15360 64e41e8fee655b03e3f19ded21ba5118 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ctfmon.exe
2004-08-19 17:09 15360 64e41e8fee655b03e3f19ded21ba5118 C:\WINDOWS\system32\ctfmon.exe
2005-06-11 01:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\$hf_mig$\KB896423\SP2GDR\spoolsv.exe
2005-06-11 02:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2005-06-11 01:55 53248 6b4bf97957a0b8795811975d4bf1acfe C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
2004-08-19 17:10 57856 df9fc62ad51cb082b0ae371919a232cb C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2002-08-30 13:00 51200 b1ce5287f096895d9be26eb86f4d5faf C:\WINDOWS\$NtUninstallKB896423_0$\spoolsv.exe
2004-08-19 17:10 57856 df9fc62ad51cb082b0ae371919a232cb C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
2004-08-20 01:10 57856 df9fc62ad51cb082b0ae371919a232cb C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\spoolsv.exe
2005-06-11 01:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\system32\spoolsv.exe
2002-08-30 13:00 22528 f4127a2a00825c69a870035da1264ae0 C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
2004-08-19 17:10 25088 84717891f0734c611721f56c60b5fbc3 C:\WINDOWS\ServicePackFiles\i386\userinit.exe
2004-08-20 01:10 25088 84717891f0734c611721f56c60b5fbc3 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\userinit.exe
2004-08-19 17:10 25088 84717891f0734c611721f56c60b5fbc3 C:\WINDOWS\system32\userinit.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55 32768]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 16:48 57344]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-08-04 11:44 151597]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 15:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55 32768]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-06-24 18:38 368640]
"VTTimer"="VTTimer.exe" [2003-05-07 16:32 36864 C:\WINDOWS\system32\VTTimer.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 16:53 65024 C:\WINDOWS\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 17:09 15360]
C:\Documents and Settings\MARION\Menu D‚marrer\Programmes\D‚marrage\
Nikon Monitor.lnk - C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2007-05-15 18:13:10 479232]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 23:05:56 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-08-06 09:48]
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-05-04 19:50]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-03-02 20:25]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-16 14:19:07
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
Temps d'accomplissement: 2008-08-16 14:29:38
ComboFix-quarantined-files.txt 2008-08-16 12:29:28
ComboFix2.txt 2008-08-16 11:17:37
ComboFix3.txt 2008-08-16 10:03:22
Pre-Run: 58,943,684,608 octets libres
Post-Run: 58,931,580,928 octets libres
225 --- E O F --- 2008-08-13 17:50:52
Rapport hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:33:52, on 16/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://internetsearchservice.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Nikon Monitor.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {0427F569-3D57-4F10-B9FB-8D71A6A7BE24} (FormelEditor Control) - file://C:\Documents and Settings\MARION\Local Settings\Temp\0TFFKRG\frmeditor.ocx
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
ComboFix 08-08-14.05 - MARION 2008-08-16 14:09:19.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.28 [GMT 2:00]
Endroit: C:\Documents and Settings\MARION\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\MARION\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
* Resident AV is active
FILE ::
C:\WINDOWS\system32\ubpr01.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\MARION\Cookies\marion@orange[1].txt
C:\Documents and Settings\MARION\Cookies\marion@tradedoubler[1].txt
.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-16 to 2008-08-16 ))))))))))))))))))))))))))))))))))))
.
2008-08-16 10:44 . 2008-08-16 10:44 <REP> d-------- C:\Program Files\Trend Micro
2008-08-15 12:54 . 2008-08-08 10:45 166,912 --a------ C:\WINDOWS\system32\uav.cpl
2008-08-14 17:31 . 2008-08-16 10:53 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-14 17:29 . 2008-08-14 17:29 <REP> d-------- C:\Program Files\Applications
2008-08-13 17:14 . 2008-05-01 16:31 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-07-18 20:39 . 2008-07-18 20:39 587,264 --a------ C:\WINDOWS\WLXPGSS.SCR
2008-07-17 19:55 . 2008-07-17 19:55 <REP> d-------- C:\Program Files\MSXML 4.0
2008-07-16 19:07 . 2008-07-17 18:40 <REP> d-------- C:\Documents and Settings\MARION\Application Data\ArcSoft
2008-07-16 19:01 . 2008-07-16 19:01 <REP> d-------- C:\Documents and Settings\MARION\Application Data\Apple Computer
2008-07-16 19:00 . 2008-07-16 19:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-16 19:00 . 2008-07-16 19:00 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-16 18:59 . 2008-07-16 18:59 <REP> d-------- C:\Documents and Settings\MARION\Application Data\Nikon
2008-07-16 18:58 . 2008-07-16 19:11 0 ---h----- C:\Documents and Settings\All Users\Application Data\PKP_DLer.DAT
2008-07-16 18:56 . 2008-07-16 18:56 <REP> d-------- C:\Program Files\Fichiers communs\muvee Technologies
2008-07-16 18:56 . 2008-07-16 18:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nikon
2008-07-16 18:55 . 2008-07-16 18:58 <REP> d-------- C:\Program Files\Nikon
2008-07-16 18:55 . 2008-07-16 18:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ultima_T15
2008-07-16 18:55 . 2008-07-16 18:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\EnterNHelp
2008-07-16 18:55 . 2008-07-16 18:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Effects
2008-07-16 18:55 . 2008-07-22 19:01 20 ---h----- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
2008-07-16 18:49 . 2008-07-16 19:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-16 18:48 . 2008-07-16 18:48 <REP> d-------- C:\Program Files\ArcSoft
2008-07-16 18:47 . 2008-07-16 18:56 <REP> d-------- C:\Program Files\Fichiers communs\Nikon
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-16 12:20 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-08-16 12:05 --------- d-----w C:\Program Files\Wanadoo
2008-08-11 13:09 --------- d-----w C:\Program Files\Lexmark X1100 Series
2008-07-16 16:54 106,496 ----a-w C:\WINDOWS\system32\ATL71.DLL
2008-07-16 16:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-16 07:12 --------- d-----w C:\Documents and Settings\MARION\Application Data\AdobeUM
2008-07-15 16:19 --------- d-----w C:\Documents and Settings\MARION\Application Data\VTC Preferences Folder
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:31 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 08:28 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 09:21 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:21 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
.
------- Sigcheck -------
2002-08-30 13:00 12800 333a4db8410d8e24db06d6aebecdc7c2 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2004-08-19 17:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2004-08-20 01:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\svchost.exe
2004-08-19 17:10 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\system32\svchost.exe
2005-03-02 20:10 578048 0df75fb73f705b011630159a43d7c354 C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\user32.dll
2005-03-02 20:20 578048 c34920eb988ce98910bd6b0417f334eb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 17:50 579072 4d88aaf39adabfe45958ea1384e2c4ff C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2005-03-02 20:21 562176 6eef91ad23c3474c934174d11c6da321 C:\WINDOWS\$NtServicePackUninstall$\user32.dll
2004-08-19 17:09 578048 61c8c283ad063bb697ae61a155c64a5a C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2003-09-25 18:57 561152 78524a7af390ea5071b400936c73e4ff C:\WINDOWS\$NtUninstallKB890859_0$\user32.dll
2005-03-02 20:10 578048 0df75fb73f705b011630159a43d7c354 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2004-08-19 17:09 578048 61c8c283ad063bb697ae61a155c64a5a C:\WINDOWS\ServicePackFiles\i386\user32.dll
2004-08-20 01:09 578048 61c8c283ad063bb697ae61a155c64a5a C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\user32.dll
2005-03-02 20:21 562176 6eef91ad23c3474c934174d11c6da321 C:\WINDOWS\SoftwareDistribution\Download\cbdc1787b6b277961f5fc0d18aa5c3d2\sp1qfe\user32.dll
2007-03-08 17:37 578560 753354f594809a9b96f73999b435a533 C:\WINDOWS\system32\user32.dll
2007-03-08 17:37 578560 753354f594809a9b96f73999b435a533 C:\WINDOWS\system32\dllcache\user32.dll
2006-08-16 14:16 70656 7279695b154a49550f675a985265b00a C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
2002-08-30 13:00 75264 20c6d9f9522dda0f9a8e4b8641ca9245 C:\WINDOWS\$NtUninstallKB914388_0$\ws2_32.dll
2006-05-19 14:14 70656 93307e5f8389a7474511dc51165694e5 C:\WINDOWS\$NtUninstallKB922819_0$\ws2_32.dll
2004-08-19 17:09 82944 eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2004-08-20 01:09 82944 eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ws2_32.dll
2004-08-19 17:09 82944 eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\system32\ws2_32.dll
2002-08-30 13:00 520704 71820bc9ee6653c8748922459dfc384d C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2004-08-19 17:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-08-20 01:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\winlogon.exe
2004-08-19 17:10 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\system32\winlogon.exe
2002-08-30 13:00 167552 3b350e5a2a5e951453f3993275a4523a C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
2004-08-04 00:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2004-08-04 08:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ndis.sys
2004-08-04 00:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
2004-08-04 00:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2004-08-04 08:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ip6fw.sys
2004-08-04 00:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
2005-03-02 20:07 2058880 73fa9c95d235844a36968c7852c7dbdd C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\ntkrnlpa.exe
2005-03-02 20:13 2059008 5311776074b6c13f983dc75baeac9c0c C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 18:08 2061440 7a56a64eb50399613587e90292dd2aab C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2005-03-02 20:17 1959424 d0a4b5f428873b73a75178605b6db10d C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
2004-08-19 17:04 2058880 f252fae094c54572ece38a039f2103c4 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2003-09-19 21:41 1956736 f1cfcbe13662bad0be4a1b148b278b75 C:\WINDOWS\$NtUninstallKB890859_0$\ntkrnlpa.exe
2005-03-02 20:07 2058880 73fa9c95d235844a36968c7852c7dbdd C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2002-08-30 13:00 1951488 4560381fa3425b16f5df1a0de4814de7 C:\WINDOWS\$NtUninstallq330512$\ntkrnlpa.exe
2002-12-12 13:23 1951872 27b4ee48cb189d2505d3ffd6226b770f C:\WINDOWS\$NtUninstallQ330909$\ntkrnlpa.exe
2003-02-05 11:28 1951872 c43bd608a00e80d499a660ae103f0fe3 C:\WINDOWS\$NtUninstallQ814545$\ntkrnlpa.exe
2007-02-28 18:02 2059648 a1d5231403329478ae4fe2778c55c77f C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2004-08-19 17:04 2058880 f252fae094c54572ece38a039f2103c4 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2004-08-20 01:04 2058880 f252fae094c54572ece38a039f2103c4 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ntkrnlpa.exe
2007-02-28 18:02 2059648 a1d5231403329478ae4fe2778c55c77f C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 18:02 2059648 a1d5231403329478ae4fe2778c55c77f C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2005-03-02 20:08 2181376 63729dd0f2aae36cc52b89c05505146c C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\ntoskrnl.exe
2005-03-02 20:13 2181632 3e2a0a4a0c0b19fc113618a9562a3b2a C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 18:08 2184192 8e244108562e0e452eb68dff64cb08a9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2005-03-02 20:17 2044416 131b4b0968e429b4221a7f0d8f0a26c7 C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
2004-08-19 17:04 2183040 7d38ce4398e6aa6339b4644feadcc0d8 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2003-09-19 21:41 2053120 c32f8d7489f3ba8d41301b7c37fc6c5c C:\WINDOWS\$NtUninstallKB890859_0$\ntoskrnl.exe
2005-03-02 20:08 2181376 63729dd0f2aae36cc52b89c05505146c C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2002-08-30 13:00 2045824 f58b3ce36566d6061a496dc595a8aaa3 C:\WINDOWS\$NtUninstallq330512$\ntoskrnl.exe
2002-12-12 13:23 1928064 5a110215ad06d3a112937d60b4a95629 C:\WINDOWS\$NtUninstallQ330909$\ntoskrnl.exe
2003-02-05 11:28 1928064 43c9cb1c8a927912b0a70b3db67f0552 C:\WINDOWS\$NtUninstallQ814545$\ntoskrnl.exe
2007-02-28 18:02 2182400 7d6d19aac51a4325f6039f083c22303c C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2004-08-19 17:04 2183040 7d38ce4398e6aa6339b4644feadcc0d8 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2004-08-20 01:04 2183040 7d38ce4398e6aa6339b4644feadcc0d8 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ntoskrnl.exe
2007-02-28 18:02 2182400 7d6d19aac51a4325f6039f083c22303c C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 18:02 2182400 7d6d19aac51a4325f6039f083c22303c C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2002-08-30 13:00 1008128 82fe0d400cb1ac937234467b927b867a C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-19 17:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2004-08-19 17:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2004-08-20 01:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\explorer.exe
2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\system32\dllcache\explorer.exe
2002-08-30 13:00 101888 fc0691097471ee374907e1024edcbd43 C:\WINDOWS\$NtServicePackUninstall$\services.exe
2004-08-19 17:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\ServicePackFiles\i386\services.exe
2004-08-20 01:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\services.exe
2004-08-19 17:10 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\system32\services.exe
2002-08-30 13:00 11776 b7b1c150aff59455db4df082815f88f5 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
2004-08-19 17:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2004-08-20 01:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\lsass.exe
2004-08-19 17:09 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\system32\lsass.exe
2002-08-30 13:00 13312 2c856908ee61424238772508e9fbcbc8 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2004-08-19 17:09 15360 64e41e8fee655b03e3f19ded21ba5118 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2004-08-20 01:09 15360 64e41e8fee655b03e3f19ded21ba5118 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ctfmon.exe
2004-08-19 17:09 15360 64e41e8fee655b03e3f19ded21ba5118 C:\WINDOWS\system32\ctfmon.exe
2005-06-11 01:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\$hf_mig$\KB896423\SP2GDR\spoolsv.exe
2005-06-11 02:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2005-06-11 01:55 53248 6b4bf97957a0b8795811975d4bf1acfe C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
2004-08-19 17:10 57856 df9fc62ad51cb082b0ae371919a232cb C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2002-08-30 13:00 51200 b1ce5287f096895d9be26eb86f4d5faf C:\WINDOWS\$NtUninstallKB896423_0$\spoolsv.exe
2004-08-19 17:10 57856 df9fc62ad51cb082b0ae371919a232cb C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
2004-08-20 01:10 57856 df9fc62ad51cb082b0ae371919a232cb C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\spoolsv.exe
2005-06-11 01:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\system32\spoolsv.exe
2002-08-30 13:00 22528 f4127a2a00825c69a870035da1264ae0 C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
2004-08-19 17:10 25088 84717891f0734c611721f56c60b5fbc3 C:\WINDOWS\ServicePackFiles\i386\userinit.exe
2004-08-20 01:10 25088 84717891f0734c611721f56c60b5fbc3 C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\userinit.exe
2004-08-19 17:10 25088 84717891f0734c611721f56c60b5fbc3 C:\WINDOWS\system32\userinit.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55 32768]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 16:48 57344]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-08-04 11:44 151597]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 15:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55 32768]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-06-24 18:38 368640]
"VTTimer"="VTTimer.exe" [2003-05-07 16:32 36864 C:\WINDOWS\system32\VTTimer.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 16:53 65024 C:\WINDOWS\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 17:09 15360]
C:\Documents and Settings\MARION\Menu D‚marrer\Programmes\D‚marrage\
Nikon Monitor.lnk - C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2007-05-15 18:13:10 479232]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 23:05:56 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-08-06 09:48]
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-05-04 19:50]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-03-02 20:25]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-16 14:19:07
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
Temps d'accomplissement: 2008-08-16 14:29:38
ComboFix-quarantined-files.txt 2008-08-16 12:29:28
ComboFix2.txt 2008-08-16 11:17:37
ComboFix3.txt 2008-08-16 10:03:22
Pre-Run: 58,943,684,608 octets libres
Post-Run: 58,931,580,928 octets libres
225 --- E O F --- 2008-08-13 17:50:52
Rapport hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:33:52, on 16/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = https://internetsearchservice.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://internetsearchservice.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Nikon Monitor.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {0427F569-3D57-4F10-B9FB-8D71A6A7BE24} (FormelEditor Control) - file://C:\Documents and Settings\MARION\Local Settings\Temp\0TFFKRG\frmeditor.ocx
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
réouvre hijackthis
fais scan only
coches ces lignes :
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
tu les coches et tu clic sur fix chekced
ensuite :
-> Télécharge Ccleaner (n'installe pas la barre d'outil Yahoo):
http://download.piriform.com/ccsetup210.exe
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
-> Tuto : https://www.malekal.com/tutoriel-ccleaner/
ensuite :
* pour supprimer les outils/fix utilisés :
Télécharge ToolsCleaner sur ton bureau.
-->
ftp://ftp.commentcamarche.com/download/ToolsCleaner2.exe
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
http://pc-system.fr/
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
et fais ceci :
Désactive et réactive ta restauration system
Tuto xp : http://service1.symantec.com/support/inter/tsgeninfointl.Nsf/fr_docid/20020830101856924
fais scan only
coches ces lignes :
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
tu les coches et tu clic sur fix chekced
ensuite :
-> Télécharge Ccleaner (n'installe pas la barre d'outil Yahoo):
http://download.piriform.com/ccsetup210.exe
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
-> Tuto : https://www.malekal.com/tutoriel-ccleaner/
ensuite :
* pour supprimer les outils/fix utilisés :
Télécharge ToolsCleaner sur ton bureau.
-->
ftp://ftp.commentcamarche.com/download/ToolsCleaner2.exe
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
http://pc-system.fr/
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
et fais ceci :
Désactive et réactive ta restauration system
Tuto xp : http://service1.symantec.com/support/inter/tsgeninfointl.Nsf/fr_docid/20020830101856924
Pardon pour le retard !
Voici le rapport:
-->- Recherche:
C:\Qoobox: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\MARION\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\MARION\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\MARION\Bureau\HJTInstall.exe: trouvé !
C:\Documents and Settings\MARION\Recent\HijackThis.lnk: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
---------------------------------
-->- Suppression:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\MARION\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\MARION\Bureau\ComboFix.exe: Erreur de suppression !
C:\Documents and Settings\MARION\Bureau\HJTInstall.exe: supprimé !
C:\Documents and Settings\MARION\Recent\HijackThis.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
Voici le rapport:
-->- Recherche:
C:\Qoobox: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\MARION\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\MARION\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\MARION\Bureau\HJTInstall.exe: trouvé !
C:\Documents and Settings\MARION\Recent\HijackThis.lnk: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
---------------------------------
-->- Suppression:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\MARION\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\MARION\Bureau\ComboFix.exe: Erreur de suppression !
C:\Documents and Settings\MARION\Bureau\HJTInstall.exe: supprimé !
C:\Documents and Settings\MARION\Recent\HijackThis.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
si tu n as pas d autres soucis change le statut du sujet en resolu stp
http://www.commentcamarche.net/faq/sujet 11365 marquer un fil de discussion comme etant resolu
http://www.commentcamarche.net/faq/sujet 11365 marquer un fil de discussion comme etant resolu
