Win32:Agent-ABLQ [Trj]
Fermé
Soufcool
-
14 sept. 2008 à 21:52
hooligan63780 Messages postés 835 Date d'inscription lundi 25 août 2008 Statut Membre Dernière intervention 29 novembre 2008 - 14 sept. 2008 à 23:27
hooligan63780 Messages postés 835 Date d'inscription lundi 25 août 2008 Statut Membre Dernière intervention 29 novembre 2008 - 14 sept. 2008 à 23:27
A voir également:
- Win32:Agent-ABLQ [Trj]
- Puadimanager win32 ✓ - Forum Virus
- Trojan win32 - Forum Virus
- Win32:miscx-gen ✓ - Forum Linux / Unix
- Hacktool win32 autokms ✓ - Forum Virus
- Puadimanager win32/installcore ✓ - Forum Virus
5 réponses
hooligan63780
Messages postés
835
Date d'inscription
lundi 25 août 2008
Statut
Membre
Dernière intervention
29 novembre 2008
5
14 sept. 2008 à 21:55
14 sept. 2008 à 21:55
salut télécharge combofix (par sUBs) à cette adresse :
(c est le numéro 5 en bas de la page) : https://www.androidworld.fr/
et enregistre le sur le Bureau.
désactive tes protections et ferme toutes tes applications(antivirus, parefeu, garde en temps réel de l'antispyware)
Voici un tuto pour bien l'installer et savoir l utiliser : https://www.androidworld.fr/
ensuite envois le rapport et refais un nouveau rapport hijackthis stp
(c est le numéro 5 en bas de la page) : https://www.androidworld.fr/
et enregistre le sur le Bureau.
désactive tes protections et ferme toutes tes applications(antivirus, parefeu, garde en temps réel de l'antispyware)
Voici un tuto pour bien l'installer et savoir l utiliser : https://www.androidworld.fr/
ensuite envois le rapport et refais un nouveau rapport hijackthis stp
anthony5151
Messages postés
10573
Date d'inscription
vendredi 27 juin 2008
Statut
Contributeur sécurité
Dernière intervention
2 mars 2015
790
14 sept. 2008 à 21:59
14 sept. 2008 à 21:59
Bonjour,
** Pour suivre **
** Pour suivre **
Pour info, le lien que tu donnes pour le tutorial n'est plus valide (la page n'existe plus).
Voici le rapport généré par ComboFix :
ComboFix 08-09-14.01 - Soufcool 2008-09-14 22:58:18.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1740 [GMT 2:00]
Lancé depuis: C:\Users\Soufcool\Desktop\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
H:\autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-14 au 2008-09-14 ))))))))))))))))))))))))))))))))))))
.
2008-09-14 22:36 . 2008-09-14 22:36 <REP> d-------- C:\Program Files\Musicmatch
2008-09-14 20:16 . 2008-09-14 20:16 <REP> d-------- C:\Users\Sebcool\AppData\Roaming\Intel
2008-09-14 20:15 . 2008-09-14 20:15 <REP> dr------- C:\Users\Sebcool\Searches
2008-09-14 20:15 . 2008-09-14 20:15 <REP> dr------- C:\Users\Sebcool\Contacts
2008-09-14 20:15 . 2008-09-14 20:15 <REP> d-------- C:\Users\Sebcool\AppData\Roaming\Dell
2008-09-14 20:14 . 2008-09-14 20:15 <REP> dr------- C:\Users\Sebcool\Videos
2008-09-14 20:14 . 2008-09-14 20:15 <REP> dr------- C:\Users\Sebcool\Saved Games
2008-09-14 20:14 . 2008-08-16 19:12 <REP> d-------- C:\Users\Sebcool\Roaming
2008-09-14 20:14 . 2008-09-14 20:15 <REP> dr------- C:\Users\Sebcool\Pictures
2008-09-14 20:14 . 2008-09-14 20:15 <REP> dr------- C:\Users\Sebcool\Music
2008-09-14 20:14 . 2008-09-14 20:15 <REP> dr------- C:\Users\Sebcool\Links
2008-09-14 20:14 . 2008-09-14 20:15 <REP> dr------- C:\Users\Sebcool\Downloads
2008-09-14 20:14 . 2008-09-14 20:15 <REP> dr------- C:\Users\Sebcool\Documents
2008-09-14 20:14 . 2006-11-02 14:37 <REP> d-------- C:\Users\Sebcool\AppData\Roaming\Media Center Programs
2008-09-14 20:14 . 2008-09-14 20:15 <REP> d--h----- C:\Users\Sebcool\AppData
2008-09-14 20:14 . 2008-09-14 20:15 <REP> d-------- C:\Users\Sebcool
2008-09-09 22:29 . 2008-07-31 03:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-09 22:29 . 2008-08-02 03:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-09 22:29 . 2008-06-26 05:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-09 22:29 . 2008-06-26 05:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-09 22:29 . 2008-05-08 21:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-09 22:29 . 2008-05-20 04:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-09 22:29 . 2008-06-26 05:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-09 22:29 . 2008-08-02 05:26 36,864 --a------ C:\Windows\System32\cdd.dll
2008-09-09 22:29 . 2008-07-31 05:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-02 00:06 . 2008-09-02 00:07 <REP> d-------- C:\Program Files\OpenOfficePortable
2008-08-30 17:07 . 2008-08-30 17:07 233 --a------ C:\Windows\System32\'
2008-08-30 17:02 . 2004-06-26 13:22 6,016 --a------ C:\Windows\System32\drivers\vnccom.SYS
2008-08-30 17:01 . 2005-06-10 22:02 12,800 --a------ C:\Windows\System32\vncdrv.dll
2008-08-30 17:01 . 2004-06-26 13:21 5,760 --a------ C:\Windows\System32\vnchelp.dll
2008-08-30 17:01 . 2004-06-26 13:22 4,736 --a------ C:\Windows\System32\drivers\vncdrv.sys
2008-08-30 16:14 . 2008-08-30 16:14 <REP> d-------- C:\Program Files\Age of Conan Quick Start
2008-08-28 22:58 . 2008-08-28 22:58 107,888 --a------ C:\Windows\System32\CmdLineExt.dll
2008-08-28 22:50 . 2008-08-28 22:50 56 --ah----- C:\Windows\System32\ezsidmv.dat
2008-08-26 19:51 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-08-26 19:51 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-08-26 19:51 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-08-26 19:51 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-08-26 19:51 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-08-26 19:51 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-08-26 19:51 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-08-26 19:51 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-08-26 19:51 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-08-24 23:13 . 2008-08-24 23:13 <REP> d-------- C:\Users\Soufcool\AppData\Roaming\CyberLink
2008-08-24 20:50 . 2008-08-24 20:50 <REP> dr------- C:\Windows\System32\config\systemprofile\Videos
2008-08-24 20:50 . 2008-08-24 20:50 <REP> dr------- C:\Windows\System32\config\systemprofile\Searches
2008-08-24 20:50 . 2008-08-24 20:50 <REP> dr------- C:\Windows\System32\config\systemprofile\Saved Games
2008-08-24 20:50 . 2008-08-24 20:50 <REP> dr------- C:\Windows\System32\config\systemprofile\Pictures
2008-08-24 20:50 . 2008-08-24 20:50 <REP> dr------- C:\Windows\System32\config\systemprofile\Music
2008-08-24 20:50 . 2008-08-24 20:50 <REP> dr------- C:\Windows\System32\config\systemprofile\Links
2008-08-24 20:50 . 2008-08-24 20:50 <REP> dr------- C:\Windows\System32\config\systemprofile\Downloads
2008-08-24 20:50 . 2008-08-24 20:50 <REP> dr------- C:\Windows\System32\config\systemprofile\Documents
2008-08-24 11:34 . 2008-08-24 11:34 <REP> d-------- C:\Users\Soufcool\AppData\Roaming\teamspeak2
2008-08-24 11:34 . 2008-08-24 11:34 <REP> d-------- C:\Program Files\Teamspeak2_RC2
2008-08-24 11:34 . 2008-08-24 11:34 34,064 --a------ C:\Windows\System32\lhacm.acm
2008-08-23 18:58 . 2008-08-23 18:58 <REP> dr-h----- C:\Users\Soufcool\AppData\Roaming\SecuROM
2008-08-23 14:54 . 2004-12-20 20:37 20,016 --------- C:\Windows\System32\drivers\pxhelp20.sys
2008-08-23 14:53 . 2008-08-23 14:56 <REP> d-------- C:\Program Files\Winamp
2008-08-23 14:53 . 2008-08-23 15:11 155 --a------ C:\Windows\winamp.ini
2008-08-23 14:01 . 2008-08-23 14:01 <REP> d-------- C:\temp
2008-08-23 13:46 . 2008-08-23 13:46 <REP> d-------- C:\Users\Soufcool\AppData\Roaming\InstallShield
2008-08-23 12:55 . 2008-08-23 12:55 <REP> d-------- C:\Program Files\DAEMON Tools Toolbar
2008-08-23 12:54 . 2008-08-23 12:55 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-08-23 12:26 . 2008-08-23 12:26 <REP> d-------- C:\Users\Soufcool\AppData\Roaming\DAEMON Tools
2008-08-23 12:26 . 2008-08-23 12:26 717,296 --a------ C:\Windows\System32\drivers\sptd.sys
2008-08-23 10:56 . 2008-09-14 20:59 <REP> d-------- C:\INSTALL
2008-08-22 21:24 . 2008-09-14 16:01 <REP> d-------- C:\Users\Soufcool\AppData\Roaming\skypePM
2008-08-22 21:12 . 2008-09-14 22:54 <REP> d-------- C:\Users\Soufcool\AppData\Roaming\Skype
2008-08-22 21:02 . 2008-08-22 21:02 <REP> d-------- C:\Users\All Users\Skype
2008-08-22 21:02 . 2008-08-22 21:02 <REP> d-------- C:\ProgramData\Skype
2008-08-22 21:02 . 2008-08-22 21:02 <REP> d-------- C:\Program Files\Skype
2008-08-22 21:02 . 2008-08-22 21:02 <REP> d-------- C:\Program Files\Common Files\Skype
2008-08-22 18:53 . 2008-08-22 18:53 <REP> d-------- C:\Users\Soufcool\AppData\Roaming\vlc
2008-08-22 18:44 . 2008-08-22 18:44 <REP> d-------- C:\Program Files\VideoLAN
2008-08-22 12:35 . 2008-08-22 12:35 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-08-22 10:49 . 2008-09-14 20:16 78,396 --a------ C:\Users\All Users\nvModes.dat
2008-08-22 10:49 . 2008-09-14 20:16 78,396 --a------ C:\ProgramData\nvModes.dat
2008-08-22 10:44 . 2008-08-22 10:44 <REP> d-------- C:\Windows\nvtmpinst
2008-08-22 10:42 . 2008-08-22 10:42 <REP> d-------- C:\NVIDIA
2008-08-22 10:32 . 2008-08-22 10:34 28,124 --a------ C:\Users\Soufcool\AppData\Roaming\nvModes.dat
2008-08-22 10:20 . 2008-08-22 10:20 <REP> d-------- C:\Users\Soufcool\AppData\Roaming\Creative
2008-08-22 01:48 . 2008-09-05 21:51 137,656 --a------ C:\Windows\System32\drivers\PnkBstrK.sys
2008-08-22 01:48 . 2008-09-09 23:00 103,736 --a------ C:\Windows\System32\PnkBstrB.exe
2008-08-22 01:48 . 2008-08-22 12:49 66,872 --a------ C:\Windows\System32\PnkBstrA.exe
2008-08-22 01:48 . 2008-08-22 01:48 22,328 --a------ C:\Users\Soufcool\AppData\Roaming\PnkBstrK.sys
2008-08-22 01:48 . 2008-08-22 01:48 299 --a------ C:\Windows\game.ini
2008-08-22 01:24 . 2008-08-22 01:24 <REP> d-------- C:\Users\Soufcool\AppData\Roaming\SystemRequirementsLab
2008-08-22 01:24 . 2008-08-22 01:24 <REP> d-------- C:\Program Files\SystemRequirementsLab
2008-08-21 19:31 . 2008-08-23 14:01 <REP> d-------- C:\Users\All Users\media center programs
2008-08-21 19:31 . 2008-08-23 14:01 <REP> d-------- C:\ProgramData\media center programs
2008-08-21 18:42 . 2008-08-21 18:42 <REP> d-------- C:\Users\All Users\Funcom
2008-08-21 18:42 . 2008-08-21 18:42 <REP> d-------- C:\ProgramData\Funcom
2008-08-21 18:30 . 2008-08-21 18:30 <REP> d-------- C:\Program Files\Alwil Software
2008-08-21 18:30 . 2008-07-19 16:36 51,280 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-08-21 18:19 . 2008-08-21 18:19 <REP> d-------- C:\Users\Soufcool\AppData\Roaming\Intel
2008-08-21 18:15 . 2008-08-21 18:21 <REP> d-------- C:\DOWNLOADS
2008-08-21 18:00 . 2008-09-07 11:25 <REP> d-------- C:\JEUX
2008-08-21 17:40 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-21 17:33 . 2008-06-26 03:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-08-21 17:32 . 2008-06-27 03:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-21 17:32 . 2008-06-27 06:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-21 16:38 . 2008-08-21 16:38 <REP> dr------- C:\Users\Soufcool\Searches
2008-08-21 16:38 . 2008-08-21 16:38 <REP> dr------- C:\Users\Soufcool\Contacts
2008-08-21 16:38 . 2008-08-21 16:38 <REP> d-------- C:\Users\Soufcool\Bluetooth Software
2008-08-21 16:37 . 2008-08-21 16:38 <REP> dr------- C:\Users\Soufcool\Videos
2008-08-21 16:37 . 2008-09-02 00:25 <REP> dr------- C:\Users\Soufcool\Saved Games
2008-08-21 16:37 . 2008-08-16 19:12 <REP> d-------- C:\Users\Soufcool\Roaming
2008-08-21 16:37 . 2008-09-14 12:20 <REP> dr------- C:\Users\Soufcool\Pictures
2008-08-21 16:37 . 2008-08-21 16:38 <REP> dr------- C:\Users\Soufcool\Music
2008-08-21 16:37 . 2008-08-21 16:38 <REP> dr------- C:\Users\Soufcool\Links
2008-08-21 16:37 . 2008-08-21 16:38 <REP> dr------- C:\Users\Soufcool\Downloads
2008-08-21 16:37 . 2008-09-14 13:57 <REP> dr------- C:\Users\Soufcool\Documents
2008-08-21 16:37 . 2006-11-02 14:37 <REP> d-------- C:\Users\Soufcool\AppData\Roaming\Media Center Programs
2008-08-21 16:37 . 2008-08-21 16:37 <REP> d-------- C:\Users\Soufcool\AppData\Roaming\Dell
2008-08-21 16:37 . 2008-08-21 16:37 <REP> d--h----- C:\Users\Soufcool\AppData
2008-08-21 16:37 . 2008-09-05 21:13 <REP> d-------- C:\Users\Soufcool
2008-08-21 16:37 . 2008-08-21 16:37 720,896 --a------ C:\Windows\IMAPIShellExt.dll
2008-08-21 16:37 . 2008-08-21 16:37 81,920 --a------ C:\Windows\BurnImage.exe
2008-08-21 16:34 . 2008-08-21 16:34 <REP> dr------- C:\Windows\System32\config\systemprofile\Contacts
2008-08-17 03:55 . 2008-08-17 03:55 <REP> d-------- C:\Program Files\Synaptics
2008-08-17 03:54 . 2008-08-17 03:54 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-08-17 03:54 . 2008-08-17 03:54 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-08-17 03:54 . 2008-08-17 03:54 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-08-17 03:54 . 2008-08-17 03:54 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-08-17 03:53 . 2008-08-17 03:53 2,032,128 --a------ C:\Windows\System32\win32k.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-21 15:50 --------- d-----w C:\Program Files\Windows Mail
2008-08-21 14:34 --------- d-sh--w C:\ProgramData\Modèles
2008-08-21 14:34 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-08-21 14:34 --------- d-sh--w C:\ProgramData\Favoris
2008-08-21 14:34 --------- d-sh--w C:\ProgramData\Documents
2008-08-21 14:34 --------- d-sh--w C:\ProgramData\Bureau
2008-08-21 14:34 --------- d-sh--w C:\ProgramData\Application Data
2008-08-21 14:34 --------- d-sh--w C:\Program Files\Fichiers communs
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-19 03:31 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-16 68856]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-08-12 21741864]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 125952]
"Google Update"="C:\Users\Soufcool\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1029416]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-12-03 36864]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"Launch LCDMon"="C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe" [2007-07-18 775952]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-07-02 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-07-02 92704]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2008-07-02 92704]
C:\Users\Soufcool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe [2008-05-13 1058088]
C:\Users\Sebcool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe [2008-05-13 1058088]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 703280]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-08-16 50688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-08-16 19:27 10536 C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ageofconan.exe]
"Debugger"="C:\Program Files\Age of Conan Quick Start\aoclaunch.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{09BA8EB3-AF62-41C6-AA68-AF1AAD9888CB}"= C:\Program Files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{5988D471-DC0E-47EB-80AF-92FE1BCDE4B9}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{A6B934A0-82E3-4944-BB3D-55D9E0F4C710}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{3E57AF78-D278-4107-9B5B-F42F4FB66C23}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{99105F93-B664-4062-BCC6-8230FA00262F}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{671DC034-C9A8-42DE-A58F-EFC24FE68E03}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{2143CB58-4D09-4944-872A-33296E6A0F1F}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{CEEE033B-9680-494F-86C4-C1B40B969AD8}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{8DE662E6-5469-43EB-90E5-0F67BB33D226}"= UDP:C:\JEUX\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{BB307440-3E3C-4CB2-A30A-D211A64E4B98}"= TCP:C:\JEUX\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{7801CF11-E74C-4EE8-B7C6-67C12367AC86}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{29AAA1CF-96C9-4405-B8DF-9120979B6049}"= UDP:C:\JEUX\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:Supreme Commander - Forged Alliance
"{811C07F1-C0F1-47BA-9603-8508C76462FA}"= TCP:C:\JEUX\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:Supreme Commander - Forged Alliance
"{E164334F-1AB2-4AAC-A868-DC7CDF1BCF4F}"= UDP:C:\JEUX\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance
"{F4CE319C-0BB1-4E98-A0AA-0CFBAE652584}"= TCP:C:\JEUX\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance
"TCP Query User{7581FF24-4EE7-4BC9-8631-66E38D63C13E}C:\\program files\\ultravnc\\winvnc.exe"= UDP:C:\program files\ultravnc\winvnc.exe:VNC server for Win32
"UDP Query User{EC8022FD-DD44-4B5A-8026-F5CF8056A06F}C:\\program files\\ultravnc\\winvnc.exe"= TCP:C:\program files\ultravnc\winvnc.exe:VNC server for Win32
"TCP Query User{EF43351F-2C43-4CDE-900D-5E697479D1B2}C:\\users\\soufcool\\desktop\\war europe downloader.exe"= UDP:C:\users\soufcool\desktop\war europe downloader.exe:war europe downloader.exe
"UDP Query User{EF5E3A78-5FD4-45A8-A71B-37FE8B54DB3A}C:\\users\\soufcool\\desktop\\war europe downloader.exe"= TCP:C:\users\soufcool\desktop\war europe downloader.exe:war europe downloader.exe
"TCP Query User{FD2D6A06-1B24-4F5B-A65C-C29FAEA3AAF5}C:\\jeux\\magic the gathering - battlegrounds\\system\\mtgbattlegrounds.exe"= UDP:C:\jeux\magic the gathering - battlegrounds\system\mtgbattlegrounds.exe:MTGBattlegrounds
"UDP Query User{C33A67EA-EF9E-4196-9961-501809319756}C:\\jeux\\magic the gathering - battlegrounds\\system\\mtgbattlegrounds.exe"= TCP:C:\jeux\magic the gathering - battlegrounds\system\mtgbattlegrounds.exe:MTGBattlegrounds
"TCP Query User{0C1DB6F8-68A8-49DC-845E-556C30D4BC25}G:\\sauve d shuttle\\emule\\emule.exe"= UDP:G:\sauve d shuttle\emule\emule.exe:eMule
"UDP Query User{D7A8D122-9E33-40F1-BB42-9BD21EC5F09A}G:\\sauve d shuttle\\emule\\emule.exe"= TCP:G:\sauve d shuttle\emule\emule.exe:eMule
"{3961AA33-843C-4E69-A03E-5C0D1F46645C}"= UDP:16010:Forged Alliance
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2008-01-02 73728]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-04-28 161048]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-07-18 179712]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-12-03 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-12-03 7424]
R3 physX32;physX32;C:\Windows\system32\DRIVERS\physX32.sys [2007-06-26 117888]
S3 btwaudio;Périphérique audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2006-11-07 78128]
S3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2006-11-07 80176]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-07 16560]
S3 GoToAssist;GoToAssist;C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe Start=service [ ]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b082fef-70fe-11dd-a579-001fe2da21d5}]
\shell\AutoRun\command - E:\autorun.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Users\Soufcool\AppData\Roaming\Mozilla\Firefox\Profiles\4gkch86d.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/ig?hl=fr&source=iglk
FF -: plugin - C:\Users\Soufcool\AppData\Local\Google\Update\1.2.131.11\npGoogleOneClick5.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-14 23:00:31
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-09-14 23:01:30
ComboFix-quarantined-files.txt 2008-09-14 21:01:27
Avant-CF: 236,739,461,120 octets libres
AprŠs-CF: 237,211,262,976 octets libres
267 --- E O F --- 2008-09-10 00:26:30
-------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------
Et voici le rapport généré par HiJackThis après le passage de ComboFix :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:08:11, on 14/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Soufcool\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\INSTALL\UTILS\Jack.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Soufcool\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - S-1-5-21-3072910097-2753795572-4256524432-1001 Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Sebcool')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Dell Internal Network Card Power Management (nicconfigsvc) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
Voici le rapport généré par ComboFix :
ComboFix 08-09-14.01 - Soufcool 2008-09-14 22:58:18.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1740 [GMT 2:00]
Lancé depuis: C:\Users\Soufcool\Desktop\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
H:\autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-14 au 2008-09-14 ))))))))))))))))))))))))))))))))))))
.
2008-09-14 22:36 . 2008-09-14 22:36 <REP> d-------- C:\Program Files\Musicmatch
2008-09-14 20:16 . 2008-09-14 20:16 <REP> d-------- C:\Users\Sebcool\AppData\Roaming\Intel
2008-09-14 20:15 . 2008-09-14 20:15 <REP> dr------- C:\Users\Sebcool\Searches
2008-09-14 20:15 . 2008-09-14 20:15 <REP> dr------- C:\Users\Sebcool\Contacts
2008-09-14 20:15 . 2008-09-14 20:15 <REP> d-------- C:\Users\Sebcool\AppData\Roaming\Dell
2008-09-14 20:14 . 2008-09-14 20:15 <REP> dr------- C:\Users\Sebcool\Videos
2008-09-14 20:14 . 2008-09-14 20:15 <REP> dr------- C:\Users\Sebcool\Saved Games
2008-09-14 20:14 . 2008-08-16 19:12 <REP> d-------- C:\Users\Sebcool\Roaming
2008-09-14 20:14 . 2008-09-14 20:15 <REP> dr------- C:\Users\Sebcool\Pictures
2008-09-14 20:14 . 2008-09-14 20:15 <REP> dr------- C:\Users\Sebcool\Music
2008-09-14 20:14 . 2008-09-14 20:15 <REP> dr------- C:\Users\Sebcool\Links
2008-09-14 20:14 . 2008-09-14 20:15 <REP> dr------- C:\Users\Sebcool\Downloads
2008-09-14 20:14 . 2008-09-14 20:15 <REP> dr------- C:\Users\Sebcool\Documents
2008-09-14 20:14 . 2006-11-02 14:37 <REP> d-------- C:\Users\Sebcool\AppData\Roaming\Media Center Programs
2008-09-14 20:14 . 2008-09-14 20:15 <REP> d--h----- C:\Users\Sebcool\AppData
2008-09-14 20:14 . 2008-09-14 20:15 <REP> d-------- C:\Users\Sebcool
2008-09-09 22:29 . 2008-07-31 03:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-09 22:29 . 2008-08-02 03:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-09 22:29 . 2008-06-26 05:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-09 22:29 . 2008-06-26 05:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-09 22:29 . 2008-05-08 21:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-09 22:29 . 2008-05-20 04:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-09 22:29 . 2008-06-26 05:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-09 22:29 . 2008-08-02 05:26 36,864 --a------ C:\Windows\System32\cdd.dll
2008-09-09 22:29 . 2008-07-31 05:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-02 00:06 . 2008-09-02 00:07 <REP> d-------- C:\Program Files\OpenOfficePortable
2008-08-30 17:07 . 2008-08-30 17:07 233 --a------ C:\Windows\System32\'
2008-08-30 17:02 . 2004-06-26 13:22 6,016 --a------ C:\Windows\System32\drivers\vnccom.SYS
2008-08-30 17:01 . 2005-06-10 22:02 12,800 --a------ C:\Windows\System32\vncdrv.dll
2008-08-30 17:01 . 2004-06-26 13:21 5,760 --a------ C:\Windows\System32\vnchelp.dll
2008-08-30 17:01 . 2004-06-26 13:22 4,736 --a------ C:\Windows\System32\drivers\vncdrv.sys
2008-08-30 16:14 . 2008-08-30 16:14 <REP> d-------- C:\Program Files\Age of Conan Quick Start
2008-08-28 22:58 . 2008-08-28 22:58 107,888 --a------ C:\Windows\System32\CmdLineExt.dll
2008-08-28 22:50 . 2008-08-28 22:50 56 --ah----- C:\Windows\System32\ezsidmv.dat
2008-08-26 19:51 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-08-26 19:51 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-08-26 19:51 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-08-26 19:51 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-08-26 19:51 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-08-26 19:51 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-08-26 19:51 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-08-26 19:51 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-08-26 19:51 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-08-24 23:13 . 2008-08-24 23:13 <REP> d-------- C:\Users\Soufcool\AppData\Roaming\CyberLink
2008-08-24 20:50 . 2008-08-24 20:50 <REP> dr------- C:\Windows\System32\config\systemprofile\Videos
2008-08-24 20:50 . 2008-08-24 20:50 <REP> dr------- C:\Windows\System32\config\systemprofile\Searches
2008-08-24 20:50 . 2008-08-24 20:50 <REP> dr------- C:\Windows\System32\config\systemprofile\Saved Games
2008-08-24 20:50 . 2008-08-24 20:50 <REP> dr------- C:\Windows\System32\config\systemprofile\Pictures
2008-08-24 20:50 . 2008-08-24 20:50 <REP> dr------- C:\Windows\System32\config\systemprofile\Music
2008-08-24 20:50 . 2008-08-24 20:50 <REP> dr------- C:\Windows\System32\config\systemprofile\Links
2008-08-24 20:50 . 2008-08-24 20:50 <REP> dr------- C:\Windows\System32\config\systemprofile\Downloads
2008-08-24 20:50 . 2008-08-24 20:50 <REP> dr------- C:\Windows\System32\config\systemprofile\Documents
2008-08-24 11:34 . 2008-08-24 11:34 <REP> d-------- C:\Users\Soufcool\AppData\Roaming\teamspeak2
2008-08-24 11:34 . 2008-08-24 11:34 <REP> d-------- C:\Program Files\Teamspeak2_RC2
2008-08-24 11:34 . 2008-08-24 11:34 34,064 --a------ C:\Windows\System32\lhacm.acm
2008-08-23 18:58 . 2008-08-23 18:58 <REP> dr-h----- C:\Users\Soufcool\AppData\Roaming\SecuROM
2008-08-23 14:54 . 2004-12-20 20:37 20,016 --------- C:\Windows\System32\drivers\pxhelp20.sys
2008-08-23 14:53 . 2008-08-23 14:56 <REP> d-------- C:\Program Files\Winamp
2008-08-23 14:53 . 2008-08-23 15:11 155 --a------ C:\Windows\winamp.ini
2008-08-23 14:01 . 2008-08-23 14:01 <REP> d-------- C:\temp
2008-08-23 13:46 . 2008-08-23 13:46 <REP> d-------- C:\Users\Soufcool\AppData\Roaming\InstallShield
2008-08-23 12:55 . 2008-08-23 12:55 <REP> d-------- C:\Program Files\DAEMON Tools Toolbar
2008-08-23 12:54 . 2008-08-23 12:55 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-08-23 12:26 . 2008-08-23 12:26 <REP> d-------- C:\Users\Soufcool\AppData\Roaming\DAEMON Tools
2008-08-23 12:26 . 2008-08-23 12:26 717,296 --a------ C:\Windows\System32\drivers\sptd.sys
2008-08-23 10:56 . 2008-09-14 20:59 <REP> d-------- C:\INSTALL
2008-08-22 21:24 . 2008-09-14 16:01 <REP> d-------- C:\Users\Soufcool\AppData\Roaming\skypePM
2008-08-22 21:12 . 2008-09-14 22:54 <REP> d-------- C:\Users\Soufcool\AppData\Roaming\Skype
2008-08-22 21:02 . 2008-08-22 21:02 <REP> d-------- C:\Users\All Users\Skype
2008-08-22 21:02 . 2008-08-22 21:02 <REP> d-------- C:\ProgramData\Skype
2008-08-22 21:02 . 2008-08-22 21:02 <REP> d-------- C:\Program Files\Skype
2008-08-22 21:02 . 2008-08-22 21:02 <REP> d-------- C:\Program Files\Common Files\Skype
2008-08-22 18:53 . 2008-08-22 18:53 <REP> d-------- C:\Users\Soufcool\AppData\Roaming\vlc
2008-08-22 18:44 . 2008-08-22 18:44 <REP> d-------- C:\Program Files\VideoLAN
2008-08-22 12:35 . 2008-08-22 12:35 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-08-22 10:49 . 2008-09-14 20:16 78,396 --a------ C:\Users\All Users\nvModes.dat
2008-08-22 10:49 . 2008-09-14 20:16 78,396 --a------ C:\ProgramData\nvModes.dat
2008-08-22 10:44 . 2008-08-22 10:44 <REP> d-------- C:\Windows\nvtmpinst
2008-08-22 10:42 . 2008-08-22 10:42 <REP> d-------- C:\NVIDIA
2008-08-22 10:32 . 2008-08-22 10:34 28,124 --a------ C:\Users\Soufcool\AppData\Roaming\nvModes.dat
2008-08-22 10:20 . 2008-08-22 10:20 <REP> d-------- C:\Users\Soufcool\AppData\Roaming\Creative
2008-08-22 01:48 . 2008-09-05 21:51 137,656 --a------ C:\Windows\System32\drivers\PnkBstrK.sys
2008-08-22 01:48 . 2008-09-09 23:00 103,736 --a------ C:\Windows\System32\PnkBstrB.exe
2008-08-22 01:48 . 2008-08-22 12:49 66,872 --a------ C:\Windows\System32\PnkBstrA.exe
2008-08-22 01:48 . 2008-08-22 01:48 22,328 --a------ C:\Users\Soufcool\AppData\Roaming\PnkBstrK.sys
2008-08-22 01:48 . 2008-08-22 01:48 299 --a------ C:\Windows\game.ini
2008-08-22 01:24 . 2008-08-22 01:24 <REP> d-------- C:\Users\Soufcool\AppData\Roaming\SystemRequirementsLab
2008-08-22 01:24 . 2008-08-22 01:24 <REP> d-------- C:\Program Files\SystemRequirementsLab
2008-08-21 19:31 . 2008-08-23 14:01 <REP> d-------- C:\Users\All Users\media center programs
2008-08-21 19:31 . 2008-08-23 14:01 <REP> d-------- C:\ProgramData\media center programs
2008-08-21 18:42 . 2008-08-21 18:42 <REP> d-------- C:\Users\All Users\Funcom
2008-08-21 18:42 . 2008-08-21 18:42 <REP> d-------- C:\ProgramData\Funcom
2008-08-21 18:30 . 2008-08-21 18:30 <REP> d-------- C:\Program Files\Alwil Software
2008-08-21 18:30 . 2008-07-19 16:36 51,280 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-08-21 18:19 . 2008-08-21 18:19 <REP> d-------- C:\Users\Soufcool\AppData\Roaming\Intel
2008-08-21 18:15 . 2008-08-21 18:21 <REP> d-------- C:\DOWNLOADS
2008-08-21 18:00 . 2008-09-07 11:25 <REP> d-------- C:\JEUX
2008-08-21 17:40 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-21 17:33 . 2008-06-26 03:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-08-21 17:32 . 2008-06-27 03:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-21 17:32 . 2008-06-27 06:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-21 16:38 . 2008-08-21 16:38 <REP> dr------- C:\Users\Soufcool\Searches
2008-08-21 16:38 . 2008-08-21 16:38 <REP> dr------- C:\Users\Soufcool\Contacts
2008-08-21 16:38 . 2008-08-21 16:38 <REP> d-------- C:\Users\Soufcool\Bluetooth Software
2008-08-21 16:37 . 2008-08-21 16:38 <REP> dr------- C:\Users\Soufcool\Videos
2008-08-21 16:37 . 2008-09-02 00:25 <REP> dr------- C:\Users\Soufcool\Saved Games
2008-08-21 16:37 . 2008-08-16 19:12 <REP> d-------- C:\Users\Soufcool\Roaming
2008-08-21 16:37 . 2008-09-14 12:20 <REP> dr------- C:\Users\Soufcool\Pictures
2008-08-21 16:37 . 2008-08-21 16:38 <REP> dr------- C:\Users\Soufcool\Music
2008-08-21 16:37 . 2008-08-21 16:38 <REP> dr------- C:\Users\Soufcool\Links
2008-08-21 16:37 . 2008-08-21 16:38 <REP> dr------- C:\Users\Soufcool\Downloads
2008-08-21 16:37 . 2008-09-14 13:57 <REP> dr------- C:\Users\Soufcool\Documents
2008-08-21 16:37 . 2006-11-02 14:37 <REP> d-------- C:\Users\Soufcool\AppData\Roaming\Media Center Programs
2008-08-21 16:37 . 2008-08-21 16:37 <REP> d-------- C:\Users\Soufcool\AppData\Roaming\Dell
2008-08-21 16:37 . 2008-08-21 16:37 <REP> d--h----- C:\Users\Soufcool\AppData
2008-08-21 16:37 . 2008-09-05 21:13 <REP> d-------- C:\Users\Soufcool
2008-08-21 16:37 . 2008-08-21 16:37 720,896 --a------ C:\Windows\IMAPIShellExt.dll
2008-08-21 16:37 . 2008-08-21 16:37 81,920 --a------ C:\Windows\BurnImage.exe
2008-08-21 16:34 . 2008-08-21 16:34 <REP> dr------- C:\Windows\System32\config\systemprofile\Contacts
2008-08-17 03:55 . 2008-08-17 03:55 <REP> d-------- C:\Program Files\Synaptics
2008-08-17 03:54 . 2008-08-17 03:54 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-08-17 03:54 . 2008-08-17 03:54 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-08-17 03:54 . 2008-08-17 03:54 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-08-17 03:54 . 2008-08-17 03:54 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-08-17 03:53 . 2008-08-17 03:53 2,032,128 --a------ C:\Windows\System32\win32k.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-21 15:50 --------- d-----w C:\Program Files\Windows Mail
2008-08-21 14:34 --------- d-sh--w C:\ProgramData\Modèles
2008-08-21 14:34 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-08-21 14:34 --------- d-sh--w C:\ProgramData\Favoris
2008-08-21 14:34 --------- d-sh--w C:\ProgramData\Documents
2008-08-21 14:34 --------- d-sh--w C:\ProgramData\Bureau
2008-08-21 14:34 --------- d-sh--w C:\ProgramData\Application Data
2008-08-21 14:34 --------- d-sh--w C:\Program Files\Fichiers communs
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-19 03:31 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-16 68856]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-08-12 21741864]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 125952]
"Google Update"="C:\Users\Soufcool\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1029416]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-12-03 36864]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"Launch LCDMon"="C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe" [2007-07-18 775952]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-07-02 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-07-02 92704]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2008-07-02 92704]
C:\Users\Soufcool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe [2008-05-13 1058088]
C:\Users\Sebcool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe [2008-05-13 1058088]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 703280]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-08-16 50688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-08-16 19:27 10536 C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ageofconan.exe]
"Debugger"="C:\Program Files\Age of Conan Quick Start\aoclaunch.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{09BA8EB3-AF62-41C6-AA68-AF1AAD9888CB}"= C:\Program Files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{5988D471-DC0E-47EB-80AF-92FE1BCDE4B9}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{A6B934A0-82E3-4944-BB3D-55D9E0F4C710}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{3E57AF78-D278-4107-9B5B-F42F4FB66C23}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{99105F93-B664-4062-BCC6-8230FA00262F}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{671DC034-C9A8-42DE-A58F-EFC24FE68E03}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{2143CB58-4D09-4944-872A-33296E6A0F1F}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{CEEE033B-9680-494F-86C4-C1B40B969AD8}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{8DE662E6-5469-43EB-90E5-0F67BB33D226}"= UDP:C:\JEUX\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{BB307440-3E3C-4CB2-A30A-D211A64E4B98}"= TCP:C:\JEUX\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{7801CF11-E74C-4EE8-B7C6-67C12367AC86}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{29AAA1CF-96C9-4405-B8DF-9120979B6049}"= UDP:C:\JEUX\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:Supreme Commander - Forged Alliance
"{811C07F1-C0F1-47BA-9603-8508C76462FA}"= TCP:C:\JEUX\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:Supreme Commander - Forged Alliance
"{E164334F-1AB2-4AAC-A868-DC7CDF1BCF4F}"= UDP:C:\JEUX\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance
"{F4CE319C-0BB1-4E98-A0AA-0CFBAE652584}"= TCP:C:\JEUX\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance
"TCP Query User{7581FF24-4EE7-4BC9-8631-66E38D63C13E}C:\\program files\\ultravnc\\winvnc.exe"= UDP:C:\program files\ultravnc\winvnc.exe:VNC server for Win32
"UDP Query User{EC8022FD-DD44-4B5A-8026-F5CF8056A06F}C:\\program files\\ultravnc\\winvnc.exe"= TCP:C:\program files\ultravnc\winvnc.exe:VNC server for Win32
"TCP Query User{EF43351F-2C43-4CDE-900D-5E697479D1B2}C:\\users\\soufcool\\desktop\\war europe downloader.exe"= UDP:C:\users\soufcool\desktop\war europe downloader.exe:war europe downloader.exe
"UDP Query User{EF5E3A78-5FD4-45A8-A71B-37FE8B54DB3A}C:\\users\\soufcool\\desktop\\war europe downloader.exe"= TCP:C:\users\soufcool\desktop\war europe downloader.exe:war europe downloader.exe
"TCP Query User{FD2D6A06-1B24-4F5B-A65C-C29FAEA3AAF5}C:\\jeux\\magic the gathering - battlegrounds\\system\\mtgbattlegrounds.exe"= UDP:C:\jeux\magic the gathering - battlegrounds\system\mtgbattlegrounds.exe:MTGBattlegrounds
"UDP Query User{C33A67EA-EF9E-4196-9961-501809319756}C:\\jeux\\magic the gathering - battlegrounds\\system\\mtgbattlegrounds.exe"= TCP:C:\jeux\magic the gathering - battlegrounds\system\mtgbattlegrounds.exe:MTGBattlegrounds
"TCP Query User{0C1DB6F8-68A8-49DC-845E-556C30D4BC25}G:\\sauve d shuttle\\emule\\emule.exe"= UDP:G:\sauve d shuttle\emule\emule.exe:eMule
"UDP Query User{D7A8D122-9E33-40F1-BB42-9BD21EC5F09A}G:\\sauve d shuttle\\emule\\emule.exe"= TCP:G:\sauve d shuttle\emule\emule.exe:eMule
"{3961AA33-843C-4E69-A03E-5C0D1F46645C}"= UDP:16010:Forged Alliance
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2008-01-02 73728]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-04-28 161048]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-07-18 179712]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-12-03 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-12-03 7424]
R3 physX32;physX32;C:\Windows\system32\DRIVERS\physX32.sys [2007-06-26 117888]
S3 btwaudio;Périphérique audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2006-11-07 78128]
S3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2006-11-07 80176]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-07 16560]
S3 GoToAssist;GoToAssist;C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe Start=service [ ]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b082fef-70fe-11dd-a579-001fe2da21d5}]
\shell\AutoRun\command - E:\autorun.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Users\Soufcool\AppData\Roaming\Mozilla\Firefox\Profiles\4gkch86d.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/ig?hl=fr&source=iglk
FF -: plugin - C:\Users\Soufcool\AppData\Local\Google\Update\1.2.131.11\npGoogleOneClick5.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-14 23:00:31
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-09-14 23:01:30
ComboFix-quarantined-files.txt 2008-09-14 21:01:27
Avant-CF: 236,739,461,120 octets libres
AprŠs-CF: 237,211,262,976 octets libres
267 --- E O F --- 2008-09-10 00:26:30
-------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------
Et voici le rapport généré par HiJackThis après le passage de ComboFix :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:08:11, on 14/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Soufcool\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\INSTALL\UTILS\Jack.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Soufcool\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - S-1-5-21-3072910097-2753795572-4256524432-1001 Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Sebcool')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Dell Internal Network Card Power Management (nicconfigsvc) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
hooligan63780
Messages postés
835
Date d'inscription
lundi 25 août 2008
Statut
Membre
Dernière intervention
29 novembre 2008
5
14 sept. 2008 à 23:26
14 sept. 2008 à 23:26
bien mtn télécharge S&D https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html
ccleaner pour qu'il fasse le tri : https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
et malwarebytes : https://www.01net.com/telecharger/windows/Securite/anti-spam/fiches/44096.html
ccleaner pour qu'il fasse le tri : https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
et malwarebytes : https://www.01net.com/telecharger/windows/Securite/anti-spam/fiches/44096.html
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
hooligan63780
Messages postés
835
Date d'inscription
lundi 25 août 2008
Statut
Membre
Dernière intervention
29 novembre 2008
5
14 sept. 2008 à 23:27
14 sept. 2008 à 23:27
puis après reposte un rapport stp