Rapport combofix
Fermé
paulo48
Messages postés
5
Statut
Membre
-
DeNisCoOl Messages postés 2871 Statut Membre -
DeNisCoOl Messages postés 2871 Statut Membre -
Bonjour,jlpjlp j'espere l'avoir envoyer ou il faut merci
http://www.commentcamarche.net/forum/affich 8119130 resultat rapport combofix#2008 08 27%2022%3A41%3A33 ComboFix 08-08-26.03 - Paulo 2008-08-27 15:48:06.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2217 [GMT 2:00]
Endroit: C:\Documents and Settings\Paulo\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Paulo\Local Settings\Application Data\syuuo.dat
C:\Documents and Settings\Paulo\Local Settings\Application Data\syuuo.exe
C:\Documents and Settings\Paulo\Local Settings\Application Data\syuuo_nav.dat
C:\Documents and Settings\Paulo\Local Settings\Application Data\syuuo_navps.dat
C:\InfoSat.txt
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\10172890.exe
C:\WINDOWS\system32\drivers\downld\10199953.exe
C:\WINDOWS\system32\drivers\downld\10209234.exe
C:\WINDOWS\system32\drivers\downld\10267718.exe
C:\WINDOWS\system32\drivers\downld\171562.exe
C:\WINDOWS\system32\drivers\downld\172359.exe
C:\WINDOWS\system32\drivers\downld\181968.exe
C:\WINDOWS\system32\drivers\downld\187859.exe
C:\WINDOWS\system32\drivers\downld\190140.exe
C:\WINDOWS\system32\drivers\downld\224234.exe
C:\WINDOWS\system32\drivers\downld\246812.exe
C:\WINDOWS\system32\drivers\downld\255703.exe
C:\WINDOWS\system32\drivers\downld\32215859.exe
C:\WINDOWS\system32\drivers\downld\32217312.exe
C:\WINDOWS\system32\drivers\downld\32260140.exe
C:\WINDOWS\system32\drivers\downld\32265703.exe
C:\WINDOWS\system32\drivers\downld\32268421.exe
C:\WINDOWS\system32\drivers\downld\32304593.exe
C:\WINDOWS\system32\drivers\downld\32325359.exe
C:\WINDOWS\system32\drivers\downld\32334156.exe
C:\WINDOWS\system32\drivers\downld\526890.exe
C:\WINDOWS\system32\drivers\downld\9603796.exe
C:\WINDOWS\system32\drivers\downld\9604953.exe
C:\WINDOWS\system32\drivers\downld\9797609.exe
C:\WINDOWS\system32\drivers\downld\9819296.exe
C:\WINDOWS\system32\drivers\downld\9820203.exe
C:\WINDOWS\system32\drivers\downld\9857140.exe
C:\WINDOWS\system32\drivers\downld\9857890.exe
C:\WINDOWS\system32\netwbix32.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASC3550P
-------\Service_asc3550p
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-27 to 2008-08-27 ))))))))))))))))))))))))))))))))))))
.
2008-08-27 10:47 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-08-26 23:28 . 2008-08-26 23:28 <REP> d-------- C:\Program Files\MessengerPlus! 3
2008-08-26 21:29 . 2008-08-26 21:29 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-08-26 20:59 . 2008-08-27 12:01 <REP> d-------- C:\Program Files\Navilog1
2008-08-26 13:47 . 2008-08-27 13:46 <REP> d--h----- C:\$AVG8.VAULT$
2008-08-26 13:03 . 2008-08-26 13:03 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-26 13:03 . 2008-08-26 13:03 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-08-26 13:02 . 2008-08-27 12:56 <REP> d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-26 13:02 . 2008-08-26 20:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-08-26 13:02 . 2008-08-26 13:02 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-26 12:59 . 2008-08-26 12:59 <REP> d-------- C:\Program Files\AVG
2008-08-26 12:16 . 2008-08-26 12:16 <REP> d-------- C:\Program Files\Trend Micro
2008-08-25 11:04 . 2008-08-25 11:04 262,144 --a------ C:\WINDOWS\system32\default_user_class.dat
2008-08-25 10:56 . 2008-08-27 12:15 <REP> d-------- C:\Muestras
2008-08-25 00:57 . 2008-08-25 01:20 <REP> d-------- C:\Program Files\Bubble Shooter Premium Edition
2008-08-23 19:21 . 2008-08-24 01:12 <REP> d-------- C:\Documents and Settings\Paulo\Application Data\Azureus
2008-08-23 19:21 . 2008-08-23 19:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-08-22 18:58 . 2008-08-24 18:05 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared
2008-08-22 18:31 . 2008-08-22 18:48 <REP> d-------- C:\WINDOWS\system32\Adobe
2008-08-20 22:57 . 2008-08-20 23:00 <REP> d-------- C:\WINDOWS\UbiSoft
2008-08-20 22:57 . 2008-08-20 22:57 <REP> d-------- C:\Program Files\Ubi Soft
2008-08-20 22:47 . 2008-08-20 22:49 <REP> d-------- C:\Program Files\VGP2
2008-08-19 20:50 . 2008-08-20 03:48 230,424 --a------ C:\img2-001.raw
2008-08-17 13:14 . 2008-08-17 13:14 <REP> d-------- C:\Program Files\directx
2008-08-17 09:36 . 2008-08-17 09:36 268 --ah----- C:\sqmdata02.sqm
2008-08-17 09:36 . 2008-08-17 09:36 244 --ah----- C:\sqmnoopt02.sqm
2008-08-16 16:09 . 1999-10-04 15:19 1,167,474 --a------ C:\Program Files\CCBillard.exe
2008-08-16 16:09 . 1999-08-28 12:18 64 --a------ C:\Program Files\reset.bat
2008-08-16 15:20 . 2008-08-16 15:20 244 --ah----- C:\sqmnoopt00.sqm
2008-08-16 15:20 . 2008-08-16 15:20 232 --ah----- C:\sqmdata00.sqm
2008-08-16 15:20 . 2008-08-16 15:20 172 --ah----- C:\sqmnoopt01.sqm
2008-08-16 15:20 . 2008-08-16 15:20 172 --ah----- C:\sqmdata01.sqm
2008-08-16 10:37 . 2008-08-16 10:37 <REP> d-------- C:\capbreton 2008
2008-08-15 08:54 . 2008-04-14 04:33 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-08-14 18:33 . 2008-04-11 21:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-12 17:04 . 2008-08-12 17:04 <REP> d-------- C:\Program Files\Your Company Name
2008-08-12 09:32 . 2008-08-12 21:09 32 --a------ C:\WINDOWS\[u]0[/u]
2008-08-12 09:32 . 2008-08-12 09:32 0 --a------ C:\WINDOWS\system32\[u]0[/u]
2008-08-09 21:19 . 2008-08-09 21:19 <REP> d-------- C:\Program Files\IVT Corporation
2008-08-09 20:48 . 2008-04-13 20:54 88,192 --a------ C:\WINDOWS\system32\drivers\irda.sys
2008-08-09 20:48 . 2008-04-13 20:54 88,192 --a--c--- C:\WINDOWS\system32\dllcache\irda.sys
2008-08-09 20:48 . 2001-08-17 21:51 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys
2008-08-09 20:48 . 2001-08-17 21:51 19,584 --a--c--- C:\WINDOWS\system32\dllcache\rasirda.sys
2008-08-09 20:47 . 2001-08-17 21:49 26,624 --a------ C:\WINDOWS\system32\drivers\irstusb.sys
2008-08-09 20:47 . 2001-08-17 21:49 26,624 --a--c--- C:\WINDOWS\system32\dllcache\irstusb.sys
2008-08-09 20:24 . 2008-08-13 13:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-08-09 20:10 . 2008-04-14 04:34 153,088 --a------ C:\WINDOWS\system32\irftp.exe
2008-08-09 20:10 . 2008-04-14 04:34 153,088 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
2008-08-09 20:10 . 2008-04-14 04:33 29,184 --a------ C:\WINDOWS\system32\irmon.dll
2008-08-09 20:10 . 2008-04-14 04:33 29,184 --a--c--- C:\WINDOWS\system32\dllcache\irmon.dll
2008-08-09 20:10 . 2008-04-14 04:33 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2008-08-09 20:10 . 2008-04-14 04:33 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2008-08-09 17:20 . 2008-08-10 10:44 <REP> d-------- C:\Program Files\FaceOnBody
2008-08-04 11:55 . 2008-08-04 12:08 <REP> d-------- C:\Program Files\Free Download Manager
2008-08-02 08:19 . 2008-08-02 08:19 <REP> d-------- C:\WINDOWS\Sun
2008-08-02 08:19 . 2008-08-02 08:19 <REP> d-------- C:\Program Files\Sun
2008-08-02 08:19 . 2008-08-02 08:19 <REP> d-------- C:\Program Files\Java
2008-08-02 08:19 . 2008-08-02 08:19 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-08-02 08:19 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-02 08:05 . 2008-08-02 08:05 <REP> d-------- C:\Program Files\Skype
2008-08-02 08:05 . 2008-08-02 08:05 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-08-02 08:05 . 2008-08-27 15:52 <REP> d-------- C:\Documents and Settings\Paulo\Application Data\Skype
2008-08-01 15:46 . 2008-08-01 15:46 1,717,848 --a------ C:\WINDOWS\system32\skype4com.dll
2008-07-31 20:45 . 2008-07-31 20:45 20,616 --a------ C:\WINDOWS\system32\drivers\BtHidBus.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-27 08:05 --------- d-----w C:\Documents and Settings\Paulo\Application Data\skypePM
2008-08-26 22:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-26 21:26 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-26 17:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-25 01:29 --------- d-----w C:\Program Files\eMule
2008-08-22 19:14 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-20 20:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-20 20:01 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-08-17 18:14 --------- d-----w C:\Program Files\Absolutist.com
2008-08-17 18:13 --------- d-----w C:\Program Files\Absolutist_Games
2008-08-16 14:09 382,264 ----a-w C:\Program Files\DelCPLUS.isu
2008-08-16 14:09 --------- d-----w C:\Program Files\Textures
2008-08-16 14:09 --------- d-----w C:\Program Files\Pts_Artistique
2008-08-16 14:09 --------- d-----w C:\Program Files\Divers
2008-08-16 14:09 --------- d-----w C:\Program Files\Demos_Simulation
2008-08-16 14:09 --------- d-----w C:\Program Files\Bitmaps_Nat
2008-08-16 14:09 --------- d-----w C:\Program Files\Bitmaps_Int
2008-08-16 14:09 --------- d-----w C:\Program Files\Arcade
2008-08-12 12:41 --------- d-----w C:\Program Files\Zattoo
2008-08-11 02:17 --------- d-----w C:\Program Files\IncrediMail
2008-08-10 13:40 --------- d-----w C:\Program Files\Free Easy Burner
2008-08-10 05:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-04 14:38 --------- d-----w C:\Program Files\Google
2008-08-02 06:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-07-26 21:23 --------- d-----w C:\Documents and Settings\Paulo\Application Data\ArcSoft
2008-07-25 10:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-07-25 06:34 --------- d-----w C:\Program Files\PopCap Games
2008-07-25 06:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-07-24 21:00 --------- d-----w C:\Program Files\GoodWay202Free
2008-07-24 13:52 --------- d-----w C:\Program Files\free-downloads.net
2008-07-24 13:52 --------- d-----w C:\Program Files\Conduit
2008-07-24 13:52 --------- d-----w C:\Program Files\Alcohol Soft
2008-07-24 13:50 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-07-22 06:43 --------- d-----w C:\Program Files\Joueurs
2008-07-22 00:36 --------- d-----w C:\Program Files\Points
2008-07-22 00:36 --------- d-----w C:\Program Files\Objets3D
2008-07-21 23:20 --------- d-----w C:\Program Files\CANAL+
2008-07-21 20:30 --------- d-----w C:\Program Files\Microsoft Games
2008-07-21 06:24 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Ahead
2008-07-17 16:36 --------- d-----w C:\Program Files\Ludi
2008-07-16 20:42 --------- d-----w C:\Program Files\Eidos Interactive
2008-07-13 06:14 --------- d-----w C:\Program Files\Diskeeper Corporation
2008-07-13 06:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
2008-07-06 17:02 --------- d-----w C:\Program Files\NVIDIA Corporation
2008-07-06 15:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-07-06 15:28 --------- d-----w C:\Program Files\ma-config.com
2008-07-06 09:47 --------- d-----w C:\Documents and Settings\Paulo\Application Data\KompoZer
2008-07-02 12:58 26,248 ----a-w C:\WINDOWS\system32\drivers\IvtBtBus.sys
2008-06-29 11:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\SymplisIT
2008-06-29 11:10 --------- d-----w C:\Program Files\SymplisIT
2008-06-29 06:28 --------- d-----w C:\Program Files\inKline Global
2008-06-01 22:44 315,392 ----a-w C:\WINDOWS\HideWin.exe
1999-09-20 22:07 14,393 ----a-w C:\Program Files\LisezMoi.txt
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2008-02-14 14:54 1555480]
"{631ac2d4-57b3-42b0-a148-da33b462c1a3}"= "C:\Program Files\Absolutist_Games\tbAbso.dll" [2007-07-31 16:33 1391640]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CLASSES_ROOT\clsid\{631ac2d4-57b3-42b0-a148-da33b462c1a3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{631ac2d4-57b3-42b0-a148-da33b462c1a3}]
2007-07-31 16:33 1391640 --a------ C:\Program Files\Absolutist_Games\tbAbso.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-02-14 14:54 1555480 --a------ C:\Program Files\free-downloads.net\tbfree.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2008-02-14 14:54 1555480]
"{631ac2d4-57b3-42b0-a148-da33b462c1a3}"= "C:\Program Files\Absolutist_Games\tbAbso.dll" [2007-07-31 16:33 1391640]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CLASSES_ROOT\clsid\{631ac2d4-57b3-42b0-a148-da33b462c1a3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2008-02-14 14:54 1555480]
"{631AC2D4-57B3-42B0-A148-DA33B462C1A3}"= "C:\Program Files\Absolutist_Games\tbAbso.dll" [2007-07-31 16:33 1391640]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CLASSES_ROOT\clsid\{631ac2d4-57b3-42b0-a148-da33b462c1a3}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" [2008-03-20 18:39 216520]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-07-23 14:11 21738792]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 04:34 1695232]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 14:01 13529088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 14:01 86016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-04 16:38 29744]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-26 13:02 1177368]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-08-26 23:28 190024]
"nwiz"="nwiz.exe" [2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 04:34 110592 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:33 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\esuimgd32]
2004-08-24 22:07 13312 C:\WINDOWS\system32\esuimgd32.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^Paulo^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=C:\Documents and Settings\Paulo\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a--c--- 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-10-09 11:28 139264 C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 04:33 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
--a------ 2008-07-24 14:22 243072 C:\Program Files\IncrediMail\bin\IncMail.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a--c--- 2004-07-27 16:50 221184 C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a--c--- 2005-02-16 16:15 81920 C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
--a------ 2007-01-13 03:48 275800 C:\Program Files\Microsoft LifeCam\LifeExp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 04:34 1695232 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-16 14:01 86016 C:\WINDOWS\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
--a--c--- 2006-03-21 13:19 69632 C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a--c--- 2004-11-02 20:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-08-18 18:41 1832272 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-ra--c--- 2003-09-30 00:14 155648 C:\Program Files\Fichiers communs\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
--a------ 2006-12-06 01:38 707360 C:\WINDOWS\vVX1000.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2007-04-12 17:33 16132608 C:\WINDOWS\RTHDCPL.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Zattoo\\zattood.exe"=
"C:\\Program Files\\Zattoo\\Zattoo2.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Zattoo\\Zattoo.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1335:TCP"= 1335:TCP:messenger
"3478:TCP"= 3478:TCP:messenger
R0 BtHidBus;Bluetooth HID Bus Service;C:\WINDOWS\system32\Drivers\BtHidBus.sys [2008-07-31 20:45]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-26 13:02]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-26 13:02]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-26 13:02]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-26 13:03]
R2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-01-05 00:13]
R3 RTSTOR;USB Mass Stroage Device;C:\WINDOWS\system32\drivers\RTSTOR.SYS [2007-09-18 15:08]
R3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2006-12-06 01:39]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt []
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-04 16:38]
S3 IvtBtBUs;IVT Bluetooth Bus Service;C:\WINDOWS\system32\Drivers\IvtBtBus.sys [2008-07-02 14:58]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-06-26 09:13]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1a37a1e-5987-11dd-b398-001a9269e5d3}]
\Shell\AutoRun\command - I:\DATA\AUTORUN\AUTORUN.EXE
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
2008-08-22 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe []
2008-08-22 C:\WINDOWS\Tasks\Maintenance en 1 clic.job
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe []
2008-08-22 C:\WINDOWS\Tasks\Mantenimiento con 1 clic.job
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe []
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-swg - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKCU-Run-syuuo - c:\documents and settings\paulo\local settings\application data\syuuo.exe
MSConfigStartUp-swg - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Paulo\Application Data\Mozilla\Firefox\Profiles\82xbav3p.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.msn.com/
FF -: plugin - C:\Program Files\Google\Google Updater\2.2.1229.1533\npCIDetect11.dll
FF -: plugin - C:\Program Files\ma-config.com\nphardwaredetection.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-27 15:51:48
Windows 5.1.2600 Service Pack 3 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-27 15:55:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-27 13:55:22
Pre-Run: 192,539,824,128 octets libres
Post-Run: 192,486,465,536 octets libres
366 --- E O F --- 2008-08-25 15:00:06
http://www.commentcamarche.net/forum/affich 8119130 resultat rapport combofix#2008 08 27%2022%3A41%3A33 ComboFix 08-08-26.03 - Paulo 2008-08-27 15:48:06.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2217 [GMT 2:00]
Endroit: C:\Documents and Settings\Paulo\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Paulo\Local Settings\Application Data\syuuo.dat
C:\Documents and Settings\Paulo\Local Settings\Application Data\syuuo.exe
C:\Documents and Settings\Paulo\Local Settings\Application Data\syuuo_nav.dat
C:\Documents and Settings\Paulo\Local Settings\Application Data\syuuo_navps.dat
C:\InfoSat.txt
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\10172890.exe
C:\WINDOWS\system32\drivers\downld\10199953.exe
C:\WINDOWS\system32\drivers\downld\10209234.exe
C:\WINDOWS\system32\drivers\downld\10267718.exe
C:\WINDOWS\system32\drivers\downld\171562.exe
C:\WINDOWS\system32\drivers\downld\172359.exe
C:\WINDOWS\system32\drivers\downld\181968.exe
C:\WINDOWS\system32\drivers\downld\187859.exe
C:\WINDOWS\system32\drivers\downld\190140.exe
C:\WINDOWS\system32\drivers\downld\224234.exe
C:\WINDOWS\system32\drivers\downld\246812.exe
C:\WINDOWS\system32\drivers\downld\255703.exe
C:\WINDOWS\system32\drivers\downld\32215859.exe
C:\WINDOWS\system32\drivers\downld\32217312.exe
C:\WINDOWS\system32\drivers\downld\32260140.exe
C:\WINDOWS\system32\drivers\downld\32265703.exe
C:\WINDOWS\system32\drivers\downld\32268421.exe
C:\WINDOWS\system32\drivers\downld\32304593.exe
C:\WINDOWS\system32\drivers\downld\32325359.exe
C:\WINDOWS\system32\drivers\downld\32334156.exe
C:\WINDOWS\system32\drivers\downld\526890.exe
C:\WINDOWS\system32\drivers\downld\9603796.exe
C:\WINDOWS\system32\drivers\downld\9604953.exe
C:\WINDOWS\system32\drivers\downld\9797609.exe
C:\WINDOWS\system32\drivers\downld\9819296.exe
C:\WINDOWS\system32\drivers\downld\9820203.exe
C:\WINDOWS\system32\drivers\downld\9857140.exe
C:\WINDOWS\system32\drivers\downld\9857890.exe
C:\WINDOWS\system32\netwbix32.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASC3550P
-------\Service_asc3550p
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-27 to 2008-08-27 ))))))))))))))))))))))))))))))))))))
.
2008-08-27 10:47 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-08-26 23:28 . 2008-08-26 23:28 <REP> d-------- C:\Program Files\MessengerPlus! 3
2008-08-26 21:29 . 2008-08-26 21:29 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-08-26 20:59 . 2008-08-27 12:01 <REP> d-------- C:\Program Files\Navilog1
2008-08-26 13:47 . 2008-08-27 13:46 <REP> d--h----- C:\$AVG8.VAULT$
2008-08-26 13:03 . 2008-08-26 13:03 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-26 13:03 . 2008-08-26 13:03 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-08-26 13:02 . 2008-08-27 12:56 <REP> d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-26 13:02 . 2008-08-26 20:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-08-26 13:02 . 2008-08-26 13:02 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-26 12:59 . 2008-08-26 12:59 <REP> d-------- C:\Program Files\AVG
2008-08-26 12:16 . 2008-08-26 12:16 <REP> d-------- C:\Program Files\Trend Micro
2008-08-25 11:04 . 2008-08-25 11:04 262,144 --a------ C:\WINDOWS\system32\default_user_class.dat
2008-08-25 10:56 . 2008-08-27 12:15 <REP> d-------- C:\Muestras
2008-08-25 00:57 . 2008-08-25 01:20 <REP> d-------- C:\Program Files\Bubble Shooter Premium Edition
2008-08-23 19:21 . 2008-08-24 01:12 <REP> d-------- C:\Documents and Settings\Paulo\Application Data\Azureus
2008-08-23 19:21 . 2008-08-23 19:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-08-22 18:58 . 2008-08-24 18:05 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared
2008-08-22 18:31 . 2008-08-22 18:48 <REP> d-------- C:\WINDOWS\system32\Adobe
2008-08-20 22:57 . 2008-08-20 23:00 <REP> d-------- C:\WINDOWS\UbiSoft
2008-08-20 22:57 . 2008-08-20 22:57 <REP> d-------- C:\Program Files\Ubi Soft
2008-08-20 22:47 . 2008-08-20 22:49 <REP> d-------- C:\Program Files\VGP2
2008-08-19 20:50 . 2008-08-20 03:48 230,424 --a------ C:\img2-001.raw
2008-08-17 13:14 . 2008-08-17 13:14 <REP> d-------- C:\Program Files\directx
2008-08-17 09:36 . 2008-08-17 09:36 268 --ah----- C:\sqmdata02.sqm
2008-08-17 09:36 . 2008-08-17 09:36 244 --ah----- C:\sqmnoopt02.sqm
2008-08-16 16:09 . 1999-10-04 15:19 1,167,474 --a------ C:\Program Files\CCBillard.exe
2008-08-16 16:09 . 1999-08-28 12:18 64 --a------ C:\Program Files\reset.bat
2008-08-16 15:20 . 2008-08-16 15:20 244 --ah----- C:\sqmnoopt00.sqm
2008-08-16 15:20 . 2008-08-16 15:20 232 --ah----- C:\sqmdata00.sqm
2008-08-16 15:20 . 2008-08-16 15:20 172 --ah----- C:\sqmnoopt01.sqm
2008-08-16 15:20 . 2008-08-16 15:20 172 --ah----- C:\sqmdata01.sqm
2008-08-16 10:37 . 2008-08-16 10:37 <REP> d-------- C:\capbreton 2008
2008-08-15 08:54 . 2008-04-14 04:33 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-08-14 18:33 . 2008-04-11 21:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-12 17:04 . 2008-08-12 17:04 <REP> d-------- C:\Program Files\Your Company Name
2008-08-12 09:32 . 2008-08-12 21:09 32 --a------ C:\WINDOWS\[u]0[/u]
2008-08-12 09:32 . 2008-08-12 09:32 0 --a------ C:\WINDOWS\system32\[u]0[/u]
2008-08-09 21:19 . 2008-08-09 21:19 <REP> d-------- C:\Program Files\IVT Corporation
2008-08-09 20:48 . 2008-04-13 20:54 88,192 --a------ C:\WINDOWS\system32\drivers\irda.sys
2008-08-09 20:48 . 2008-04-13 20:54 88,192 --a--c--- C:\WINDOWS\system32\dllcache\irda.sys
2008-08-09 20:48 . 2001-08-17 21:51 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys
2008-08-09 20:48 . 2001-08-17 21:51 19,584 --a--c--- C:\WINDOWS\system32\dllcache\rasirda.sys
2008-08-09 20:47 . 2001-08-17 21:49 26,624 --a------ C:\WINDOWS\system32\drivers\irstusb.sys
2008-08-09 20:47 . 2001-08-17 21:49 26,624 --a--c--- C:\WINDOWS\system32\dllcache\irstusb.sys
2008-08-09 20:24 . 2008-08-13 13:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-08-09 20:10 . 2008-04-14 04:34 153,088 --a------ C:\WINDOWS\system32\irftp.exe
2008-08-09 20:10 . 2008-04-14 04:34 153,088 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
2008-08-09 20:10 . 2008-04-14 04:33 29,184 --a------ C:\WINDOWS\system32\irmon.dll
2008-08-09 20:10 . 2008-04-14 04:33 29,184 --a--c--- C:\WINDOWS\system32\dllcache\irmon.dll
2008-08-09 20:10 . 2008-04-14 04:33 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2008-08-09 20:10 . 2008-04-14 04:33 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2008-08-09 17:20 . 2008-08-10 10:44 <REP> d-------- C:\Program Files\FaceOnBody
2008-08-04 11:55 . 2008-08-04 12:08 <REP> d-------- C:\Program Files\Free Download Manager
2008-08-02 08:19 . 2008-08-02 08:19 <REP> d-------- C:\WINDOWS\Sun
2008-08-02 08:19 . 2008-08-02 08:19 <REP> d-------- C:\Program Files\Sun
2008-08-02 08:19 . 2008-08-02 08:19 <REP> d-------- C:\Program Files\Java
2008-08-02 08:19 . 2008-08-02 08:19 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-08-02 08:19 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-02 08:05 . 2008-08-02 08:05 <REP> d-------- C:\Program Files\Skype
2008-08-02 08:05 . 2008-08-02 08:05 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-08-02 08:05 . 2008-08-27 15:52 <REP> d-------- C:\Documents and Settings\Paulo\Application Data\Skype
2008-08-01 15:46 . 2008-08-01 15:46 1,717,848 --a------ C:\WINDOWS\system32\skype4com.dll
2008-07-31 20:45 . 2008-07-31 20:45 20,616 --a------ C:\WINDOWS\system32\drivers\BtHidBus.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-27 08:05 --------- d-----w C:\Documents and Settings\Paulo\Application Data\skypePM
2008-08-26 22:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-26 21:26 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-26 17:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-25 01:29 --------- d-----w C:\Program Files\eMule
2008-08-22 19:14 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-20 20:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-20 20:01 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-08-17 18:14 --------- d-----w C:\Program Files\Absolutist.com
2008-08-17 18:13 --------- d-----w C:\Program Files\Absolutist_Games
2008-08-16 14:09 382,264 ----a-w C:\Program Files\DelCPLUS.isu
2008-08-16 14:09 --------- d-----w C:\Program Files\Textures
2008-08-16 14:09 --------- d-----w C:\Program Files\Pts_Artistique
2008-08-16 14:09 --------- d-----w C:\Program Files\Divers
2008-08-16 14:09 --------- d-----w C:\Program Files\Demos_Simulation
2008-08-16 14:09 --------- d-----w C:\Program Files\Bitmaps_Nat
2008-08-16 14:09 --------- d-----w C:\Program Files\Bitmaps_Int
2008-08-16 14:09 --------- d-----w C:\Program Files\Arcade
2008-08-12 12:41 --------- d-----w C:\Program Files\Zattoo
2008-08-11 02:17 --------- d-----w C:\Program Files\IncrediMail
2008-08-10 13:40 --------- d-----w C:\Program Files\Free Easy Burner
2008-08-10 05:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-04 14:38 --------- d-----w C:\Program Files\Google
2008-08-02 06:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-07-26 21:23 --------- d-----w C:\Documents and Settings\Paulo\Application Data\ArcSoft
2008-07-25 10:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-07-25 06:34 --------- d-----w C:\Program Files\PopCap Games
2008-07-25 06:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-07-24 21:00 --------- d-----w C:\Program Files\GoodWay202Free
2008-07-24 13:52 --------- d-----w C:\Program Files\free-downloads.net
2008-07-24 13:52 --------- d-----w C:\Program Files\Conduit
2008-07-24 13:52 --------- d-----w C:\Program Files\Alcohol Soft
2008-07-24 13:50 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-07-22 06:43 --------- d-----w C:\Program Files\Joueurs
2008-07-22 00:36 --------- d-----w C:\Program Files\Points
2008-07-22 00:36 --------- d-----w C:\Program Files\Objets3D
2008-07-21 23:20 --------- d-----w C:\Program Files\CANAL+
2008-07-21 20:30 --------- d-----w C:\Program Files\Microsoft Games
2008-07-21 06:24 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Ahead
2008-07-17 16:36 --------- d-----w C:\Program Files\Ludi
2008-07-16 20:42 --------- d-----w C:\Program Files\Eidos Interactive
2008-07-13 06:14 --------- d-----w C:\Program Files\Diskeeper Corporation
2008-07-13 06:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
2008-07-06 17:02 --------- d-----w C:\Program Files\NVIDIA Corporation
2008-07-06 15:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-07-06 15:28 --------- d-----w C:\Program Files\ma-config.com
2008-07-06 09:47 --------- d-----w C:\Documents and Settings\Paulo\Application Data\KompoZer
2008-07-02 12:58 26,248 ----a-w C:\WINDOWS\system32\drivers\IvtBtBus.sys
2008-06-29 11:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\SymplisIT
2008-06-29 11:10 --------- d-----w C:\Program Files\SymplisIT
2008-06-29 06:28 --------- d-----w C:\Program Files\inKline Global
2008-06-01 22:44 315,392 ----a-w C:\WINDOWS\HideWin.exe
1999-09-20 22:07 14,393 ----a-w C:\Program Files\LisezMoi.txt
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2008-02-14 14:54 1555480]
"{631ac2d4-57b3-42b0-a148-da33b462c1a3}"= "C:\Program Files\Absolutist_Games\tbAbso.dll" [2007-07-31 16:33 1391640]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CLASSES_ROOT\clsid\{631ac2d4-57b3-42b0-a148-da33b462c1a3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{631ac2d4-57b3-42b0-a148-da33b462c1a3}]
2007-07-31 16:33 1391640 --a------ C:\Program Files\Absolutist_Games\tbAbso.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-02-14 14:54 1555480 --a------ C:\Program Files\free-downloads.net\tbfree.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2008-02-14 14:54 1555480]
"{631ac2d4-57b3-42b0-a148-da33b462c1a3}"= "C:\Program Files\Absolutist_Games\tbAbso.dll" [2007-07-31 16:33 1391640]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CLASSES_ROOT\clsid\{631ac2d4-57b3-42b0-a148-da33b462c1a3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2008-02-14 14:54 1555480]
"{631AC2D4-57B3-42B0-A148-DA33B462C1A3}"= "C:\Program Files\Absolutist_Games\tbAbso.dll" [2007-07-31 16:33 1391640]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CLASSES_ROOT\clsid\{631ac2d4-57b3-42b0-a148-da33b462c1a3}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" [2008-03-20 18:39 216520]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-07-23 14:11 21738792]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 04:34 1695232]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 14:01 13529088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 14:01 86016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-04 16:38 29744]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-26 13:02 1177368]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-08-26 23:28 190024]
"nwiz"="nwiz.exe" [2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 04:34 110592 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:33 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\esuimgd32]
2004-08-24 22:07 13312 C:\WINDOWS\system32\esuimgd32.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^Paulo^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=C:\Documents and Settings\Paulo\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a--c--- 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-10-09 11:28 139264 C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 04:33 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
--a------ 2008-07-24 14:22 243072 C:\Program Files\IncrediMail\bin\IncMail.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a--c--- 2004-07-27 16:50 221184 C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a--c--- 2005-02-16 16:15 81920 C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
--a------ 2007-01-13 03:48 275800 C:\Program Files\Microsoft LifeCam\LifeExp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 04:34 1695232 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-16 14:01 86016 C:\WINDOWS\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
--a--c--- 2006-03-21 13:19 69632 C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a--c--- 2004-11-02 20:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-08-18 18:41 1832272 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-ra--c--- 2003-09-30 00:14 155648 C:\Program Files\Fichiers communs\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
--a------ 2006-12-06 01:38 707360 C:\WINDOWS\vVX1000.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2007-04-12 17:33 16132608 C:\WINDOWS\RTHDCPL.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Zattoo\\zattood.exe"=
"C:\\Program Files\\Zattoo\\Zattoo2.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Zattoo\\Zattoo.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1335:TCP"= 1335:TCP:messenger
"3478:TCP"= 3478:TCP:messenger
R0 BtHidBus;Bluetooth HID Bus Service;C:\WINDOWS\system32\Drivers\BtHidBus.sys [2008-07-31 20:45]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-26 13:02]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-26 13:02]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-26 13:02]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-26 13:03]
R2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-01-05 00:13]
R3 RTSTOR;USB Mass Stroage Device;C:\WINDOWS\system32\drivers\RTSTOR.SYS [2007-09-18 15:08]
R3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2006-12-06 01:39]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt []
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-04 16:38]
S3 IvtBtBUs;IVT Bluetooth Bus Service;C:\WINDOWS\system32\Drivers\IvtBtBus.sys [2008-07-02 14:58]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-06-26 09:13]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1a37a1e-5987-11dd-b398-001a9269e5d3}]
\Shell\AutoRun\command - I:\DATA\AUTORUN\AUTORUN.EXE
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
2008-08-22 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe []
2008-08-22 C:\WINDOWS\Tasks\Maintenance en 1 clic.job
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe []
2008-08-22 C:\WINDOWS\Tasks\Mantenimiento con 1 clic.job
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe []
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-swg - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKCU-Run-syuuo - c:\documents and settings\paulo\local settings\application data\syuuo.exe
MSConfigStartUp-swg - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Paulo\Application Data\Mozilla\Firefox\Profiles\82xbav3p.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.msn.com/
FF -: plugin - C:\Program Files\Google\Google Updater\2.2.1229.1533\npCIDetect11.dll
FF -: plugin - C:\Program Files\ma-config.com\nphardwaredetection.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-27 15:51:48
Windows 5.1.2600 Service Pack 3 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-27 15:55:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-27 13:55:22
Pre-Run: 192,539,824,128 octets libres
Post-Run: 192,486,465,536 octets libres
366 --- E O F --- 2008-08-25 15:00:06
1 réponse
salut paulo,
jlpjlp t'avait déjà demandé de ne pas multiplier les post, même si le site semble avoir eu des soucis.
Pour t'aider jacques.gache a copié la réponse dans ton post ci dessous:
http://www.commentcamarche.net/forum/affich 8106968 rapport hijck
Bye bye
jlpjlp t'avait déjà demandé de ne pas multiplier les post, même si le site semble avoir eu des soucis.
Pour t'aider jacques.gache a copié la réponse dans ton post ci dessous:
http://www.commentcamarche.net/forum/affich 8106968 rapport hijck
Bye bye
