Rapport hijck
paulo48
Messages postés
5
Statut
Membre
-
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,jlpjlp j'ai bien fait les options 2 de vaviguelog il a demarré et plus rien ?je t'envois le rapport hijac il marche bien mon ordi mais il faut l'avis de l'expert voire s'il faut faire quelque chose encore bon apres-midi et merci
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:48, on 27/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\documents and settings\paulo\local settings\application data\syuuo.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\avgscanx.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tele2.fr/portail/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
R3 - URLSearchHook: Absolutist Games Toolbar - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - C:\Program Files\Absolutist_Games\tbAbso.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Absolutist Games Toolbar - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - C:\Program Files\Absolutist_Games\tbAbso.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Absolutist Games Toolbar - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - C:\Program Files\Absolutist_Games\tbAbso.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [syuuo] "c:\documents and settings\paulo\local settings\application data\syuuo.exe" syuuo
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1217658048840&h=077b091930f062ff168abf810b467012/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL,avgrsstx.dll
O20 - Winlogon Notify: esuimgd32 - C:\WINDOWS\SYSTEM32\esuimgd32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:48, on 27/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\documents and settings\paulo\local settings\application data\syuuo.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\avgscanx.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tele2.fr/portail/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
R3 - URLSearchHook: Absolutist Games Toolbar - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - C:\Program Files\Absolutist_Games\tbAbso.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Absolutist Games Toolbar - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - C:\Program Files\Absolutist_Games\tbAbso.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Absolutist Games Toolbar - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - C:\Program Files\Absolutist_Games\tbAbso.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [syuuo] "c:\documents and settings\paulo\local settings\application data\syuuo.exe" syuuo
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1217658048840&h=077b091930f062ff168abf810b467012/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL,avgrsstx.dll
O20 - Winlogon Notify: esuimgd32 - C:\WINDOWS\SYSTEM32\esuimgd32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
3 réponses
ok
reste dans ce post cette fois et ne change plus
merci
_________
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
______________
telecharge toolbar sd et colle un rapport avec l'option 1
https://www.sendspace.com/file/hs97kv
reste dans ce post cette fois et ne change plus
merci
_________
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
______________
telecharge toolbar sd et colle un rapport avec l'option 1
https://www.sendspace.com/file/hs97kv
jlpjlp bonsoir, je crois que c'est ça que tu attends je me suis permis de te le coller
il vient ICI
ComboFix 08-08-26.03 - Paulo 2008-08-27 15:48:06.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2217 [GMT 2:00]
Endroit: C:\Documents and Settings\Paulo\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Paulo\Local Settings\Application Data\syuuo.dat
C:\Documents and Settings\Paulo\Local Settings\Application Data\syuuo.exe
C:\Documents and Settings\Paulo\Local Settings\Application Data\syuuo_nav.dat
C:\Documents and Settings\Paulo\Local Settings\Application Data\syuuo_navps.dat
C:\InfoSat.txt
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\10172890.exe
C:\WINDOWS\system32\drivers\downld\10199953.exe
C:\WINDOWS\system32\drivers\downld\10209234.exe
C:\WINDOWS\system32\drivers\downld\10267718.exe
C:\WINDOWS\system32\drivers\downld\171562.exe
C:\WINDOWS\system32\drivers\downld\172359.exe
C:\WINDOWS\system32\drivers\downld\181968.exe
C:\WINDOWS\system32\drivers\downld\187859.exe
C:\WINDOWS\system32\drivers\downld\190140.exe
C:\WINDOWS\system32\drivers\downld\224234.exe
C:\WINDOWS\system32\drivers\downld\246812.exe
C:\WINDOWS\system32\drivers\downld\255703.exe
C:\WINDOWS\system32\drivers\downld\32215859.exe
C:\WINDOWS\system32\drivers\downld\32217312.exe
C:\WINDOWS\system32\drivers\downld\32260140.exe
C:\WINDOWS\system32\drivers\downld\32265703.exe
C:\WINDOWS\system32\drivers\downld\32268421.exe
C:\WINDOWS\system32\drivers\downld\32304593.exe
C:\WINDOWS\system32\drivers\downld\32325359.exe
C:\WINDOWS\system32\drivers\downld\32334156.exe
C:\WINDOWS\system32\drivers\downld\526890.exe
C:\WINDOWS\system32\drivers\downld\9603796.exe
C:\WINDOWS\system32\drivers\downld\9604953.exe
C:\WINDOWS\system32\drivers\downld\9797609.exe
C:\WINDOWS\system32\drivers\downld\9819296.exe
C:\WINDOWS\system32\drivers\downld\9820203.exe
C:\WINDOWS\system32\drivers\downld\9857140.exe
C:\WINDOWS\system32\drivers\downld\9857890.exe
C:\WINDOWS\system32\netwbix32.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASC3550P
-------\Service_asc3550p
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-27 to 2008-08-27 ))))))))))))))))))))))))))))))))))))
.
2008-08-27 10:47 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-08-26 23:28 . 2008-08-26 23:28 <REP> d-------- C:\Program Files\MessengerPlus! 3
2008-08-26 21:29 . 2008-08-26 21:29 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-08-26 20:59 . 2008-08-27 12:01 <REP> d-------- C:\Program Files\Navilog1
2008-08-26 13:47 . 2008-08-27 13:46 <REP> d--h----- C:\$AVG8.VAULT$
2008-08-26 13:03 . 2008-08-26 13:03 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-26 13:03 . 2008-08-26 13:03 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-08-26 13:02 . 2008-08-27 12:56 <REP> d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-26 13:02 . 2008-08-26 20:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-08-26 13:02 . 2008-08-26 13:02 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-26 12:59 . 2008-08-26 12:59 <REP> d-------- C:\Program Files\AVG
2008-08-26 12:16 . 2008-08-26 12:16 <REP> d-------- C:\Program Files\Trend Micro
2008-08-25 11:04 . 2008-08-25 11:04 262,144 --a------ C:\WINDOWS\system32\default_user_class.dat
2008-08-25 10:56 . 2008-08-27 12:15 <REP> d-------- C:\Muestras
2008-08-25 00:57 . 2008-08-25 01:20 <REP> d-------- C:\Program Files\Bubble Shooter Premium Edition
2008-08-23 19:21 . 2008-08-24 01:12 <REP> d-------- C:\Documents and Settings\Paulo\Application Data\Azureus
2008-08-23 19:21 . 2008-08-23 19:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-08-22 18:58 . 2008-08-24 18:05 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared
2008-08-22 18:31 . 2008-08-22 18:48 <REP> d-------- C:\WINDOWS\system32\Adobe
2008-08-20 22:57 . 2008-08-20 23:00 <REP> d-------- C:\WINDOWS\UbiSoft
2008-08-20 22:57 . 2008-08-20 22:57 <REP> d-------- C:\Program Files\Ubi Soft
2008-08-20 22:47 . 2008-08-20 22:49 <REP> d-------- C:\Program Files\VGP2
2008-08-19 20:50 . 2008-08-20 03:48 230,424 --a------ C:\img2-001.raw
2008-08-17 13:14 . 2008-08-17 13:14 <REP> d-------- C:\Program Files\directx
2008-08-17 09:36 . 2008-08-17 09:36 268 --ah----- C:\sqmdata02.sqm
2008-08-17 09:36 . 2008-08-17 09:36 244 --ah----- C:\sqmnoopt02.sqm
2008-08-16 16:09 . 1999-10-04 15:19 1,167,474 --a------ C:\Program Files\CCBillard.exe
2008-08-16 16:09 . 1999-08-28 12:18 64 --a------ C:\Program Files\reset.bat
2008-08-16 15:20 . 2008-08-16 15:20 244 --ah----- C:\sqmnoopt00.sqm
2008-08-16 15:20 . 2008-08-16 15:20 232 --ah----- C:\sqmdata00.sqm
2008-08-16 15:20 . 2008-08-16 15:20 172 --ah----- C:\sqmnoopt01.sqm
2008-08-16 15:20 . 2008-08-16 15:20 172 --ah----- C:\sqmdata01.sqm
2008-08-16 10:37 . 2008-08-16 10:37 <REP> d-------- C:\capbreton 2008
2008-08-15 08:54 . 2008-04-14 04:33 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-08-14 18:33 . 2008-04-11 21:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-12 17:04 . 2008-08-12 17:04 <REP> d-------- C:\Program Files\Your Company Name
2008-08-12 09:32 . 2008-08-12 21:09 32 --a------ C:\WINDOWS\[u]0/u
2008-08-12 09:32 . 2008-08-12 09:32 0 --a------ C:\WINDOWS\system32\[u]0/u
2008-08-09 21:19 . 2008-08-09 21:19 <REP> d-------- C:\Program Files\IVT Corporation
2008-08-09 20:48 . 2008-04-13 20:54 88,192 --a------ C:\WINDOWS\system32\drivers\irda.sys
2008-08-09 20:48 . 2008-04-13 20:54 88,192 --a--c--- C:\WINDOWS\system32\dllcache\irda.sys
2008-08-09 20:48 . 2001-08-17 21:51 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys
2008-08-09 20:48 . 2001-08-17 21:51 19,584 --a--c--- C:\WINDOWS\system32\dllcache\rasirda.sys
2008-08-09 20:47 . 2001-08-17 21:49 26,624 --a------ C:\WINDOWS\system32\drivers\irstusb.sys
2008-08-09 20:47 . 2001-08-17 21:49 26,624 --a--c--- C:\WINDOWS\system32\dllcache\irstusb.sys
2008-08-09 20:24 . 2008-08-13 13:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-08-09 20:10 . 2008-04-14 04:34 153,088 --a------ C:\WINDOWS\system32\irftp.exe
2008-08-09 20:10 . 2008-04-14 04:34 153,088 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
2008-08-09 20:10 . 2008-04-14 04:33 29,184 --a------ C:\WINDOWS\system32\irmon.dll
2008-08-09 20:10 . 2008-04-14 04:33 29,184 --a--c--- C:\WINDOWS\system32\dllcache\irmon.dll
2008-08-09 20:10 . 2008-04-14 04:33 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2008-08-09 20:10 . 2008-04-14 04:33 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2008-08-09 17:20 . 2008-08-10 10:44 <REP> d-------- C:\Program Files\FaceOnBody
2008-08-04 11:55 . 2008-08-04 12:08 <REP> d-------- C:\Program Files\Free Download Manager
2008-08-02 08:19 . 2008-08-02 08:19 <REP> d-------- C:\WINDOWS\Sun
2008-08-02 08:19 . 2008-08-02 08:19 <REP> d-------- C:\Program Files\Sun
2008-08-02 08:19 . 2008-08-02 08:19 <REP> d-------- C:\Program Files\Java
2008-08-02 08:19 . 2008-08-02 08:19 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-08-02 08:19 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-02 08:05 . 2008-08-02 08:05 <REP> d-------- C:\Program Files\Skype
2008-08-02 08:05 . 2008-08-02 08:05 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-08-02 08:05 . 2008-08-27 15:52 <REP> d-------- C:\Documents and Settings\Paulo\Application Data\Skype
2008-08-01 15:46 . 2008-08-01 15:46 1,717,848 --a------ C:\WINDOWS\system32\skype4com.dll
2008-07-31 20:45 . 2008-07-31 20:45 20,616 --a------ C:\WINDOWS\system32\drivers\BtHidBus.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-27 08:05 --------- d-----w C:\Documents and Settings\Paulo\Application Data\skypePM
2008-08-26 22:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-26 21:26 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-26 17:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-25 01:29 --------- d-----w C:\Program Files\eMule
2008-08-22 19:14 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-20 20:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-20 20:01 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-08-17 18:14 --------- d-----w C:\Program Files\Absolutist.com
2008-08-17 18:13 --------- d-----w C:\Program Files\Absolutist_Games
2008-08-16 14:09 382,264 ----a-w C:\Program Files\DelCPLUS.isu
2008-08-16 14:09 --------- d-----w C:\Program Files\Textures
2008-08-16 14:09 --------- d-----w C:\Program Files\Pts_Artistique
2008-08-16 14:09 --------- d-----w C:\Program Files\Divers
2008-08-16 14:09 --------- d-----w C:\Program Files\Demos_Simulation
2008-08-16 14:09 --------- d-----w C:\Program Files\Bitmaps_Nat
2008-08-16 14:09 --------- d-----w C:\Program Files\Bitmaps_Int
2008-08-16 14:09 --------- d-----w C:\Program Files\Arcade
2008-08-12 12:41 --------- d-----w C:\Program Files\Zattoo
2008-08-11 02:17 --------- d-----w C:\Program Files\IncrediMail
2008-08-10 13:40 --------- d-----w C:\Program Files\Free Easy Burner
2008-08-10 05:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-04 14:38 --------- d-----w C:\Program Files\Google
2008-08-02 06:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-07-26 21:23 --------- d-----w C:\Documents and Settings\Paulo\Application Data\ArcSoft
2008-07-25 10:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-07-25 06:34 --------- d-----w C:\Program Files\PopCap Games
2008-07-25 06:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-07-24 21:00 --------- d-----w C:\Program Files\GoodWay202Free
2008-07-24 13:52 --------- d-----w C:\Program Files\free-downloads.net
2008-07-24 13:52 --------- d-----w C:\Program Files\Conduit
2008-07-24 13:52 --------- d-----w C:\Program Files\Alcohol Soft
2008-07-24 13:50 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-07-22 06:43 --------- d-----w C:\Program Files\Joueurs
2008-07-22 00:36 --------- d-----w C:\Program Files\Points
2008-07-22 00:36 --------- d-----w C:\Program Files\Objets3D
2008-07-21 23:20 --------- d-----w C:\Program Files\CANAL+
2008-07-21 20:30 --------- d-----w C:\Program Files\Microsoft Games
2008-07-21 06:24 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Ahead
2008-07-17 16:36 --------- d-----w C:\Program Files\Ludi
2008-07-16 20:42 --------- d-----w C:\Program Files\Eidos Interactive
2008-07-13 06:14 --------- d-----w C:\Program Files\Diskeeper Corporation
2008-07-13 06:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
2008-07-06 17:02 --------- d-----w C:\Program Files\NVIDIA Corporation
2008-07-06 15:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-07-06 15:28 --------- d-----w C:\Program Files\ma-config.com
2008-07-06 09:47 --------- d-----w C:\Documents and Settings\Paulo\Application Data\KompoZer
2008-07-02 12:58 26,248 ----a-w C:\WINDOWS\system32\drivers\IvtBtBus.sys
2008-06-29 11:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\SymplisIT
2008-06-29 11:10 --------- d-----w C:\Program Files\SymplisIT
2008-06-29 06:28 --------- d-----w C:\Program Files\inKline Global
2008-06-01 22:44 315,392 ----a-w C:\WINDOWS\HideWin.exe
1999-09-20 22:07 14,393 ----a-w C:\Program Files\LisezMoi.txt
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2008-02-14 14:54 1555480]
"{631ac2d4-57b3-42b0-a148-da33b462c1a3}"= "C:\Program Files\Absolutist_Games\tbAbso.dll" [2007-07-31 16:33 1391640]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CLASSES_ROOT\clsid\{631ac2d4-57b3-42b0-a148-da33b462c1a3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{631ac2d4-57b3-42b0-a148-da33b462c1a3}]
2007-07-31 16:33 1391640 --a------ C:\Program Files\Absolutist_Games\tbAbso.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-02-14 14:54 1555480 --a------ C:\Program Files\free-downloads.net\tbfree.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2008-02-14 14:54 1555480]
"{631ac2d4-57b3-42b0-a148-da33b462c1a3}"= "C:\Program Files\Absolutist_Games\tbAbso.dll" [2007-07-31 16:33 1391640]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CLASSES_ROOT\clsid\{631ac2d4-57b3-42b0-a148-da33b462c1a3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2008-02-14 14:54 1555480]
"{631AC2D4-57B3-42B0-A148-DA33B462C1A3}"= "C:\Program Files\Absolutist_Games\tbAbso.dll" [2007-07-31 16:33 1391640]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CLASSES_ROOT\clsid\{631ac2d4-57b3-42b0-a148-da33b462c1a3}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" [2008-03-20 18:39 216520]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-07-23 14:11 21738792]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 04:34 1695232]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 14:01 13529088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 14:01 86016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-04 16:38 29744]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-26 13:02 1177368]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-08-26 23:28 190024]
"nwiz"="nwiz.exe" [2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 04:34 110592 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:33 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\esuimgd32]
2004-08-24 22:07 13312 C:\WINDOWS\system32\esuimgd32.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^Paulo^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=C:\Documents and Settings\Paulo\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a--c--- 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-10-09 11:28 139264 C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 04:33 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
--a------ 2008-07-24 14:22 243072 C:\Program Files\IncrediMail\bin\IncMail.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a--c--- 2004-07-27 16:50 221184 C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a--c--- 2005-02-16 16:15 81920 C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
--a------ 2007-01-13 03:48 275800 C:\Program Files\Microsoft LifeCam\LifeExp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 04:34 1695232 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-16 14:01 86016 C:\WINDOWS\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
--a--c--- 2006-03-21 13:19 69632 C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a--c--- 2004-11-02 20:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-08-18 18:41 1832272 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-ra--c--- 2003-09-30 00:14 155648 C:\Program Files\Fichiers communs\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
--a------ 2006-12-06 01:38 707360 C:\WINDOWS\vVX1000.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2007-04-12 17:33 16132608 C:\WINDOWS\RTHDCPL.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Zattoo\\zattood.exe"=
"C:\\Program Files\\Zattoo\\Zattoo2.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Zattoo\\Zattoo.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1335:TCP"= 1335:TCP:messenger
"3478:TCP"= 3478:TCP:messenger
R0 BtHidBus;Bluetooth HID Bus Service;C:\WINDOWS\system32\Drivers\BtHidBus.sys [2008-07-31 20:45]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-26 13:02]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-26 13:02]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-26 13:02]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-26 13:03]
R2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-01-05 00:13]
R3 RTSTOR;USB Mass Stroage Device;C:\WINDOWS\system32\drivers\RTSTOR.SYS [2007-09-18 15:08]
R3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2006-12-06 01:39]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt []
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-04 16:38]
S3 IvtBtBUs;IVT Bluetooth Bus Service;C:\WINDOWS\system32\Drivers\IvtBtBus.sys [2008-07-02 14:58]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-06-26 09:13]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1a37a1e-5987-11dd-b398-001a9269e5d3}]
\Shell\AutoRun\command - I:\DATA\AUTORUN\AUTORUN.EXE
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
2008-08-22 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe []
2008-08-22 C:\WINDOWS\Tasks\Maintenance en 1 clic.job
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe []
2008-08-22 C:\WINDOWS\Tasks\Mantenimiento con 1 clic.job
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe []
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-swg - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKCU-Run-syuuo - c:\documents and settings\paulo\local settings\application data\syuuo.exe
MSConfigStartUp-swg - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Paulo\Application Data\Mozilla\Firefox\Profiles\82xbav3p.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.msn.com/
FF -: plugin - C:\Program Files\Google\Google Updater\2.2.1229.1533\npCIDetect11.dll
FF -: plugin - C:\Program Files\ma-config.com\nphardwaredetection.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-27 15:51:48
Windows 5.1.2600 Service Pack 3 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-27 15:55:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-27 13:55:22
Pre-Run: 192,539,824,128 octets libres
Post-Run: 192,486,465,536 octets libres
366 --- E O F --- 2008-08-25 15:00:06Configuration: Windows XP
Internet Explorer 7.0
il vient ICI
ComboFix 08-08-26.03 - Paulo 2008-08-27 15:48:06.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2217 [GMT 2:00]
Endroit: C:\Documents and Settings\Paulo\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Paulo\Local Settings\Application Data\syuuo.dat
C:\Documents and Settings\Paulo\Local Settings\Application Data\syuuo.exe
C:\Documents and Settings\Paulo\Local Settings\Application Data\syuuo_nav.dat
C:\Documents and Settings\Paulo\Local Settings\Application Data\syuuo_navps.dat
C:\InfoSat.txt
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\10172890.exe
C:\WINDOWS\system32\drivers\downld\10199953.exe
C:\WINDOWS\system32\drivers\downld\10209234.exe
C:\WINDOWS\system32\drivers\downld\10267718.exe
C:\WINDOWS\system32\drivers\downld\171562.exe
C:\WINDOWS\system32\drivers\downld\172359.exe
C:\WINDOWS\system32\drivers\downld\181968.exe
C:\WINDOWS\system32\drivers\downld\187859.exe
C:\WINDOWS\system32\drivers\downld\190140.exe
C:\WINDOWS\system32\drivers\downld\224234.exe
C:\WINDOWS\system32\drivers\downld\246812.exe
C:\WINDOWS\system32\drivers\downld\255703.exe
C:\WINDOWS\system32\drivers\downld\32215859.exe
C:\WINDOWS\system32\drivers\downld\32217312.exe
C:\WINDOWS\system32\drivers\downld\32260140.exe
C:\WINDOWS\system32\drivers\downld\32265703.exe
C:\WINDOWS\system32\drivers\downld\32268421.exe
C:\WINDOWS\system32\drivers\downld\32304593.exe
C:\WINDOWS\system32\drivers\downld\32325359.exe
C:\WINDOWS\system32\drivers\downld\32334156.exe
C:\WINDOWS\system32\drivers\downld\526890.exe
C:\WINDOWS\system32\drivers\downld\9603796.exe
C:\WINDOWS\system32\drivers\downld\9604953.exe
C:\WINDOWS\system32\drivers\downld\9797609.exe
C:\WINDOWS\system32\drivers\downld\9819296.exe
C:\WINDOWS\system32\drivers\downld\9820203.exe
C:\WINDOWS\system32\drivers\downld\9857140.exe
C:\WINDOWS\system32\drivers\downld\9857890.exe
C:\WINDOWS\system32\netwbix32.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASC3550P
-------\Service_asc3550p
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-27 to 2008-08-27 ))))))))))))))))))))))))))))))))))))
.
2008-08-27 10:47 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-08-26 23:28 . 2008-08-26 23:28 <REP> d-------- C:\Program Files\MessengerPlus! 3
2008-08-26 21:29 . 2008-08-26 21:29 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-08-26 20:59 . 2008-08-27 12:01 <REP> d-------- C:\Program Files\Navilog1
2008-08-26 13:47 . 2008-08-27 13:46 <REP> d--h----- C:\$AVG8.VAULT$
2008-08-26 13:03 . 2008-08-26 13:03 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-26 13:03 . 2008-08-26 13:03 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-08-26 13:02 . 2008-08-27 12:56 <REP> d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-26 13:02 . 2008-08-26 20:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-08-26 13:02 . 2008-08-26 13:02 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-26 12:59 . 2008-08-26 12:59 <REP> d-------- C:\Program Files\AVG
2008-08-26 12:16 . 2008-08-26 12:16 <REP> d-------- C:\Program Files\Trend Micro
2008-08-25 11:04 . 2008-08-25 11:04 262,144 --a------ C:\WINDOWS\system32\default_user_class.dat
2008-08-25 10:56 . 2008-08-27 12:15 <REP> d-------- C:\Muestras
2008-08-25 00:57 . 2008-08-25 01:20 <REP> d-------- C:\Program Files\Bubble Shooter Premium Edition
2008-08-23 19:21 . 2008-08-24 01:12 <REP> d-------- C:\Documents and Settings\Paulo\Application Data\Azureus
2008-08-23 19:21 . 2008-08-23 19:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-08-22 18:58 . 2008-08-24 18:05 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared
2008-08-22 18:31 . 2008-08-22 18:48 <REP> d-------- C:\WINDOWS\system32\Adobe
2008-08-20 22:57 . 2008-08-20 23:00 <REP> d-------- C:\WINDOWS\UbiSoft
2008-08-20 22:57 . 2008-08-20 22:57 <REP> d-------- C:\Program Files\Ubi Soft
2008-08-20 22:47 . 2008-08-20 22:49 <REP> d-------- C:\Program Files\VGP2
2008-08-19 20:50 . 2008-08-20 03:48 230,424 --a------ C:\img2-001.raw
2008-08-17 13:14 . 2008-08-17 13:14 <REP> d-------- C:\Program Files\directx
2008-08-17 09:36 . 2008-08-17 09:36 268 --ah----- C:\sqmdata02.sqm
2008-08-17 09:36 . 2008-08-17 09:36 244 --ah----- C:\sqmnoopt02.sqm
2008-08-16 16:09 . 1999-10-04 15:19 1,167,474 --a------ C:\Program Files\CCBillard.exe
2008-08-16 16:09 . 1999-08-28 12:18 64 --a------ C:\Program Files\reset.bat
2008-08-16 15:20 . 2008-08-16 15:20 244 --ah----- C:\sqmnoopt00.sqm
2008-08-16 15:20 . 2008-08-16 15:20 232 --ah----- C:\sqmdata00.sqm
2008-08-16 15:20 . 2008-08-16 15:20 172 --ah----- C:\sqmnoopt01.sqm
2008-08-16 15:20 . 2008-08-16 15:20 172 --ah----- C:\sqmdata01.sqm
2008-08-16 10:37 . 2008-08-16 10:37 <REP> d-------- C:\capbreton 2008
2008-08-15 08:54 . 2008-04-14 04:33 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-08-14 18:33 . 2008-04-11 21:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-12 17:04 . 2008-08-12 17:04 <REP> d-------- C:\Program Files\Your Company Name
2008-08-12 09:32 . 2008-08-12 21:09 32 --a------ C:\WINDOWS\[u]0/u
2008-08-12 09:32 . 2008-08-12 09:32 0 --a------ C:\WINDOWS\system32\[u]0/u
2008-08-09 21:19 . 2008-08-09 21:19 <REP> d-------- C:\Program Files\IVT Corporation
2008-08-09 20:48 . 2008-04-13 20:54 88,192 --a------ C:\WINDOWS\system32\drivers\irda.sys
2008-08-09 20:48 . 2008-04-13 20:54 88,192 --a--c--- C:\WINDOWS\system32\dllcache\irda.sys
2008-08-09 20:48 . 2001-08-17 21:51 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys
2008-08-09 20:48 . 2001-08-17 21:51 19,584 --a--c--- C:\WINDOWS\system32\dllcache\rasirda.sys
2008-08-09 20:47 . 2001-08-17 21:49 26,624 --a------ C:\WINDOWS\system32\drivers\irstusb.sys
2008-08-09 20:47 . 2001-08-17 21:49 26,624 --a--c--- C:\WINDOWS\system32\dllcache\irstusb.sys
2008-08-09 20:24 . 2008-08-13 13:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-08-09 20:10 . 2008-04-14 04:34 153,088 --a------ C:\WINDOWS\system32\irftp.exe
2008-08-09 20:10 . 2008-04-14 04:34 153,088 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
2008-08-09 20:10 . 2008-04-14 04:33 29,184 --a------ C:\WINDOWS\system32\irmon.dll
2008-08-09 20:10 . 2008-04-14 04:33 29,184 --a--c--- C:\WINDOWS\system32\dllcache\irmon.dll
2008-08-09 20:10 . 2008-04-14 04:33 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2008-08-09 20:10 . 2008-04-14 04:33 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2008-08-09 17:20 . 2008-08-10 10:44 <REP> d-------- C:\Program Files\FaceOnBody
2008-08-04 11:55 . 2008-08-04 12:08 <REP> d-------- C:\Program Files\Free Download Manager
2008-08-02 08:19 . 2008-08-02 08:19 <REP> d-------- C:\WINDOWS\Sun
2008-08-02 08:19 . 2008-08-02 08:19 <REP> d-------- C:\Program Files\Sun
2008-08-02 08:19 . 2008-08-02 08:19 <REP> d-------- C:\Program Files\Java
2008-08-02 08:19 . 2008-08-02 08:19 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-08-02 08:19 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-02 08:05 . 2008-08-02 08:05 <REP> d-------- C:\Program Files\Skype
2008-08-02 08:05 . 2008-08-02 08:05 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-08-02 08:05 . 2008-08-27 15:52 <REP> d-------- C:\Documents and Settings\Paulo\Application Data\Skype
2008-08-01 15:46 . 2008-08-01 15:46 1,717,848 --a------ C:\WINDOWS\system32\skype4com.dll
2008-07-31 20:45 . 2008-07-31 20:45 20,616 --a------ C:\WINDOWS\system32\drivers\BtHidBus.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-27 08:05 --------- d-----w C:\Documents and Settings\Paulo\Application Data\skypePM
2008-08-26 22:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-26 21:26 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-26 17:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-25 01:29 --------- d-----w C:\Program Files\eMule
2008-08-22 19:14 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-20 20:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-20 20:01 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-08-17 18:14 --------- d-----w C:\Program Files\Absolutist.com
2008-08-17 18:13 --------- d-----w C:\Program Files\Absolutist_Games
2008-08-16 14:09 382,264 ----a-w C:\Program Files\DelCPLUS.isu
2008-08-16 14:09 --------- d-----w C:\Program Files\Textures
2008-08-16 14:09 --------- d-----w C:\Program Files\Pts_Artistique
2008-08-16 14:09 --------- d-----w C:\Program Files\Divers
2008-08-16 14:09 --------- d-----w C:\Program Files\Demos_Simulation
2008-08-16 14:09 --------- d-----w C:\Program Files\Bitmaps_Nat
2008-08-16 14:09 --------- d-----w C:\Program Files\Bitmaps_Int
2008-08-16 14:09 --------- d-----w C:\Program Files\Arcade
2008-08-12 12:41 --------- d-----w C:\Program Files\Zattoo
2008-08-11 02:17 --------- d-----w C:\Program Files\IncrediMail
2008-08-10 13:40 --------- d-----w C:\Program Files\Free Easy Burner
2008-08-10 05:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-04 14:38 --------- d-----w C:\Program Files\Google
2008-08-02 06:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-07-26 21:23 --------- d-----w C:\Documents and Settings\Paulo\Application Data\ArcSoft
2008-07-25 10:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-07-25 06:34 --------- d-----w C:\Program Files\PopCap Games
2008-07-25 06:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-07-24 21:00 --------- d-----w C:\Program Files\GoodWay202Free
2008-07-24 13:52 --------- d-----w C:\Program Files\free-downloads.net
2008-07-24 13:52 --------- d-----w C:\Program Files\Conduit
2008-07-24 13:52 --------- d-----w C:\Program Files\Alcohol Soft
2008-07-24 13:50 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-07-22 06:43 --------- d-----w C:\Program Files\Joueurs
2008-07-22 00:36 --------- d-----w C:\Program Files\Points
2008-07-22 00:36 --------- d-----w C:\Program Files\Objets3D
2008-07-21 23:20 --------- d-----w C:\Program Files\CANAL+
2008-07-21 20:30 --------- d-----w C:\Program Files\Microsoft Games
2008-07-21 06:24 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Ahead
2008-07-17 16:36 --------- d-----w C:\Program Files\Ludi
2008-07-16 20:42 --------- d-----w C:\Program Files\Eidos Interactive
2008-07-13 06:14 --------- d-----w C:\Program Files\Diskeeper Corporation
2008-07-13 06:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
2008-07-06 17:02 --------- d-----w C:\Program Files\NVIDIA Corporation
2008-07-06 15:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-07-06 15:28 --------- d-----w C:\Program Files\ma-config.com
2008-07-06 09:47 --------- d-----w C:\Documents and Settings\Paulo\Application Data\KompoZer
2008-07-02 12:58 26,248 ----a-w C:\WINDOWS\system32\drivers\IvtBtBus.sys
2008-06-29 11:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\SymplisIT
2008-06-29 11:10 --------- d-----w C:\Program Files\SymplisIT
2008-06-29 06:28 --------- d-----w C:\Program Files\inKline Global
2008-06-01 22:44 315,392 ----a-w C:\WINDOWS\HideWin.exe
1999-09-20 22:07 14,393 ----a-w C:\Program Files\LisezMoi.txt
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2008-02-14 14:54 1555480]
"{631ac2d4-57b3-42b0-a148-da33b462c1a3}"= "C:\Program Files\Absolutist_Games\tbAbso.dll" [2007-07-31 16:33 1391640]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CLASSES_ROOT\clsid\{631ac2d4-57b3-42b0-a148-da33b462c1a3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{631ac2d4-57b3-42b0-a148-da33b462c1a3}]
2007-07-31 16:33 1391640 --a------ C:\Program Files\Absolutist_Games\tbAbso.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-02-14 14:54 1555480 --a------ C:\Program Files\free-downloads.net\tbfree.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2008-02-14 14:54 1555480]
"{631ac2d4-57b3-42b0-a148-da33b462c1a3}"= "C:\Program Files\Absolutist_Games\tbAbso.dll" [2007-07-31 16:33 1391640]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CLASSES_ROOT\clsid\{631ac2d4-57b3-42b0-a148-da33b462c1a3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2008-02-14 14:54 1555480]
"{631AC2D4-57B3-42B0-A148-DA33B462C1A3}"= "C:\Program Files\Absolutist_Games\tbAbso.dll" [2007-07-31 16:33 1391640]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CLASSES_ROOT\clsid\{631ac2d4-57b3-42b0-a148-da33b462c1a3}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" [2008-03-20 18:39 216520]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-07-23 14:11 21738792]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 04:34 1695232]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 14:01 13529088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 14:01 86016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-04 16:38 29744]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-26 13:02 1177368]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-08-26 23:28 190024]
"nwiz"="nwiz.exe" [2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 04:34 110592 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:33 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\esuimgd32]
2004-08-24 22:07 13312 C:\WINDOWS\system32\esuimgd32.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^Paulo^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=C:\Documents and Settings\Paulo\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a--c--- 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-10-09 11:28 139264 C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 04:33 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
--a------ 2008-07-24 14:22 243072 C:\Program Files\IncrediMail\bin\IncMail.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a--c--- 2004-07-27 16:50 221184 C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a--c--- 2005-02-16 16:15 81920 C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
--a------ 2007-01-13 03:48 275800 C:\Program Files\Microsoft LifeCam\LifeExp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 04:34 1695232 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-16 14:01 86016 C:\WINDOWS\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
--a--c--- 2006-03-21 13:19 69632 C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a--c--- 2004-11-02 20:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-08-18 18:41 1832272 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-ra--c--- 2003-09-30 00:14 155648 C:\Program Files\Fichiers communs\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
--a------ 2006-12-06 01:38 707360 C:\WINDOWS\vVX1000.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2007-04-12 17:33 16132608 C:\WINDOWS\RTHDCPL.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Zattoo\\zattood.exe"=
"C:\\Program Files\\Zattoo\\Zattoo2.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Zattoo\\Zattoo.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1335:TCP"= 1335:TCP:messenger
"3478:TCP"= 3478:TCP:messenger
R0 BtHidBus;Bluetooth HID Bus Service;C:\WINDOWS\system32\Drivers\BtHidBus.sys [2008-07-31 20:45]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-26 13:02]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-26 13:02]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-26 13:02]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-26 13:03]
R2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-01-05 00:13]
R3 RTSTOR;USB Mass Stroage Device;C:\WINDOWS\system32\drivers\RTSTOR.SYS [2007-09-18 15:08]
R3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2006-12-06 01:39]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt []
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-04 16:38]
S3 IvtBtBUs;IVT Bluetooth Bus Service;C:\WINDOWS\system32\Drivers\IvtBtBus.sys [2008-07-02 14:58]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-06-26 09:13]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1a37a1e-5987-11dd-b398-001a9269e5d3}]
\Shell\AutoRun\command - I:\DATA\AUTORUN\AUTORUN.EXE
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
2008-08-22 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe []
2008-08-22 C:\WINDOWS\Tasks\Maintenance en 1 clic.job
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe []
2008-08-22 C:\WINDOWS\Tasks\Mantenimiento con 1 clic.job
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe []
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-swg - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKCU-Run-syuuo - c:\documents and settings\paulo\local settings\application data\syuuo.exe
MSConfigStartUp-swg - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Paulo\Application Data\Mozilla\Firefox\Profiles\82xbav3p.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.msn.com/
FF -: plugin - C:\Program Files\Google\Google Updater\2.2.1229.1533\npCIDetect11.dll
FF -: plugin - C:\Program Files\ma-config.com\nphardwaredetection.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-27 15:51:48
Windows 5.1.2600 Service Pack 3 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-27 15:55:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-27 13:55:22
Pre-Run: 192,539,824,128 octets libres
Post-Run: 192,486,465,536 octets libres
366 --- E O F --- 2008-08-25 15:00:06Configuration: Windows XP
Internet Explorer 7.0
ok merci
* Téléchargez ELIBAGLA en bas de cette page http://www.zonavirus.com/datos/descargas/95/elibagla.asp
* Clique sur le bouton Descargar Elibagla cela va télécharger le fichier, placez le sur votre bureau.
* Double-cliquez dessus pour l'ouvrir
* Assurez-vous que dans le menu déroulant Unidad, vous avez bien C:\
* Vérifiquez aussi que l'option en bas de la fenêtre Eliminar Ficheros Automaticamente est bien cochée
* Cliquez sur le bouton Explorar pour lancer l'analyse
_______________
telecharge toolbar sd et colle un rapport avec l'option 1
https://www.sendspace.com/file/hs97kv
* Téléchargez ELIBAGLA en bas de cette page http://www.zonavirus.com/datos/descargas/95/elibagla.asp
* Clique sur le bouton Descargar Elibagla cela va télécharger le fichier, placez le sur votre bureau.
* Double-cliquez dessus pour l'ouvrir
* Assurez-vous que dans le menu déroulant Unidad, vous avez bien C:\
* Vérifiquez aussi que l'option en bas de la fenêtre Eliminar Ficheros Automaticamente est bien cochée
* Cliquez sur le bouton Explorar pour lancer l'analyse
_______________
telecharge toolbar sd et colle un rapport avec l'option 1
https://www.sendspace.com/file/hs97kv
