Infection VIRALE? (publicité,desactive...)
Résolu
musdu83
-
musdu83 -
musdu83 -
Bonjour,j'ai les logiciels suivant:
CCleaner
Zone Alarm
avast edition familial
yahoo bloqueur pop up
antipub et proxomitron (logiciel qui devrait normalement bloquer les publiciters)
Spybot Search et Detroy
Free Window Registry Repair (logiciel qui trouve les erreurs et les supprime)
firefox (parametre pour bloquer les pop ups)
j'ai scanner et reparer de tous les cotés mais je n'arrete pas de recevoir des publicites sur mon ordinateur,mes mises a jours et mon pare feu se desactive et mon ordinateur des fois quands je l'allume montre le message d'erreur suivan:
'remove disk or other media press any key to restart'
voici: ce que dis hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:23:49, on 13/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkCSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Salaat Time\SalaatTime.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\RayV\RayV\RayV.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\VnrPack\VnrPack20.exe
C:\Program Files\GetModule\GetModule23.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\documents and settings\mustapha\local settings\application data\wmgsm.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\regsvr32.exe
C:\Program Files\Antipub\antipub.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\MUSTAPHA\Local Settings\Temporary Internet Files\Content.IE5\1TC4HQLA\HiJackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {0574D50F-C261-490D-BF39-4E91183C4EFB} - C:\WINDOWS\system32\xxyvSJcd.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {b926ec48-cfac-63a9-4134-1d09d0be2ba1} - {1ab2eb0d-90d1-4314-9a36-cafc84ce629b} - C:\WINDOWS\system32\jzskku.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: (no name) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
O2 - BHO: (no name) - {746F50F1-2B39-4BF2-9E3D-EBBC82FB72B9} - C:\WINDOWS\system32\rqRLeFWP.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {8EEB2711-9D21-4f9c-99A1-B7FC5A8CA56A} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A3194EE0-A963-41DA-B9A7-4E1BD5165808} - (no file)
O2 - BHO: (no name) - {BF2C994B-F11F-46BB-813C-20EF95F55CA0} - (no file)
O2 - BHO: bannerstyles15 browser enhancer - {c4553992-8e98-b064-fe6e-61afd5258f1b} - C:\WINDOWS\system32\kahnbmeblowi.dll
O2 - BHO: (no name) - {d07cd5d3-c484-4c19-b27a-3cd2da9f3302} - C:\WINDOWS\system32\ucdvth.dll
O3 - Toolbar: (no name) - {157B91D9-D643-403b-92FE-FB48DA68D6C4} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [mczwwyhosm] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\kahnbmeblowi.dll"
O4 - HKLM\..\Run: [OpenDNS Update] "C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [SalaatTime] C:\Program Files\Salaat Time\SalaatTime.exe
O4 - HKCU\..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Documents and Settings\MUSTAPHA\Bureau\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [VnrPack20] "C:\Program Files\VnrPack\VnrPack20.exe"
O4 - HKCU\..\Run: [VnrBlock21] "C:\Program Files\VnrBlock\VnrBlock21.exe"
O4 - HKCU\..\Run: [GetModule23] "C:\Program Files\GetModule\GetModule23.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [wmgsm] "c:\documents and settings\mustapha\local settings\application data\wmgsm.exe" wmgsm
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: CCC.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: CCC.lnk = ? (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.asus.com/fr/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ORDI
O17 - HKLM\Software\..\Telephony: DomainName = ORDI
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ORDI
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ORDI
O20 - AppInit_DLLs: ucdvth.dll jzskku.dll
O20 - Winlogon Notify: xxyvSJcd - xxyvSJcd.dll (file missing)
O23 - Service: Service de configuration Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
CCleaner
Zone Alarm
avast edition familial
yahoo bloqueur pop up
antipub et proxomitron (logiciel qui devrait normalement bloquer les publiciters)
Spybot Search et Detroy
Free Window Registry Repair (logiciel qui trouve les erreurs et les supprime)
firefox (parametre pour bloquer les pop ups)
j'ai scanner et reparer de tous les cotés mais je n'arrete pas de recevoir des publicites sur mon ordinateur,mes mises a jours et mon pare feu se desactive et mon ordinateur des fois quands je l'allume montre le message d'erreur suivan:
'remove disk or other media press any key to restart'
voici: ce que dis hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:23:49, on 13/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkCSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Salaat Time\SalaatTime.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\RayV\RayV\RayV.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\VnrPack\VnrPack20.exe
C:\Program Files\GetModule\GetModule23.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\documents and settings\mustapha\local settings\application data\wmgsm.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\regsvr32.exe
C:\Program Files\Antipub\antipub.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\MUSTAPHA\Local Settings\Temporary Internet Files\Content.IE5\1TC4HQLA\HiJackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {0574D50F-C261-490D-BF39-4E91183C4EFB} - C:\WINDOWS\system32\xxyvSJcd.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {b926ec48-cfac-63a9-4134-1d09d0be2ba1} - {1ab2eb0d-90d1-4314-9a36-cafc84ce629b} - C:\WINDOWS\system32\jzskku.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: (no name) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
O2 - BHO: (no name) - {746F50F1-2B39-4BF2-9E3D-EBBC82FB72B9} - C:\WINDOWS\system32\rqRLeFWP.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {8EEB2711-9D21-4f9c-99A1-B7FC5A8CA56A} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A3194EE0-A963-41DA-B9A7-4E1BD5165808} - (no file)
O2 - BHO: (no name) - {BF2C994B-F11F-46BB-813C-20EF95F55CA0} - (no file)
O2 - BHO: bannerstyles15 browser enhancer - {c4553992-8e98-b064-fe6e-61afd5258f1b} - C:\WINDOWS\system32\kahnbmeblowi.dll
O2 - BHO: (no name) - {d07cd5d3-c484-4c19-b27a-3cd2da9f3302} - C:\WINDOWS\system32\ucdvth.dll
O3 - Toolbar: (no name) - {157B91D9-D643-403b-92FE-FB48DA68D6C4} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [mczwwyhosm] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\kahnbmeblowi.dll"
O4 - HKLM\..\Run: [OpenDNS Update] "C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [SalaatTime] C:\Program Files\Salaat Time\SalaatTime.exe
O4 - HKCU\..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Documents and Settings\MUSTAPHA\Bureau\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [VnrPack20] "C:\Program Files\VnrPack\VnrPack20.exe"
O4 - HKCU\..\Run: [VnrBlock21] "C:\Program Files\VnrBlock\VnrBlock21.exe"
O4 - HKCU\..\Run: [GetModule23] "C:\Program Files\GetModule\GetModule23.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [wmgsm] "c:\documents and settings\mustapha\local settings\application data\wmgsm.exe" wmgsm
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: CCC.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: CCC.lnk = ? (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.asus.com/fr/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ORDI
O17 - HKLM\Software\..\Telephony: DomainName = ORDI
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ORDI
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ORDI
O20 - AppInit_DLLs: ucdvth.dll jzskku.dll
O20 - Winlogon Notify: xxyvSJcd - xxyvSJcd.dll (file missing)
O23 - Service: Service de configuration Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
A voir également:
- Infection VIRALE? (publicité,desactive...)
- Compte facebook désactivé - Guide
- Pave tactile desactive - Guide
- Compte instagram desactivé - Guide
- Supprimer publicité - Guide
- Compte facebook piraté et désactivé - Guide
51 réponses
/!\ Seul musdu83 peut suivre cette procédure /!\
1/
---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.
---> Copie le texte ci-dessous par sélection puis Ctrl+C :
KillAll::
FileLook::
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\lmyvkpevviupbcntk.exe
C:\WINDOWS\vntb9283.exe
C:\WINDOWS\bdtb3452.exe
C:\WINDOWS\dwtb2837.exe
C:\WINDOWS\system32\newsettings.ces
C:\WINDOWS\smms.bat
C:\WINDOWS\system32\meddekom.dat
C:\WINDOWS\winzipme.ini
C:\Documents and Settings\adelus\dofwni.exe
C:\WINDOWS\system32\SalaatTime.dll
DirLook::
C:\WINDOWS\system32\tz1
C:\WINDOWS\system32\hpd
C:\WINDOWS\system32\EV02
C:\WINDOWS\system32\ci
C:\temp\xp34
C:\[u]0/u300fff9c12bc6739aba4b52
C:\7655925401048e40a58c7cb238cb44
C:\Documents and Settings\merza
---> Colle la sélection dans le bloc-notes
---> Enregistre ce fichier sur le bureau (Impératif)
---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes
2/
---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif
[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.
[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.
[*] Une fois le scan achevé, un rapport va s'afficher : poste-le
[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix.txt
1/
---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.
---> Copie le texte ci-dessous par sélection puis Ctrl+C :
KillAll::
FileLook::
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\lmyvkpevviupbcntk.exe
C:\WINDOWS\vntb9283.exe
C:\WINDOWS\bdtb3452.exe
C:\WINDOWS\dwtb2837.exe
C:\WINDOWS\system32\newsettings.ces
C:\WINDOWS\smms.bat
C:\WINDOWS\system32\meddekom.dat
C:\WINDOWS\winzipme.ini
C:\Documents and Settings\adelus\dofwni.exe
C:\WINDOWS\system32\SalaatTime.dll
DirLook::
C:\WINDOWS\system32\tz1
C:\WINDOWS\system32\hpd
C:\WINDOWS\system32\EV02
C:\WINDOWS\system32\ci
C:\temp\xp34
C:\[u]0/u300fff9c12bc6739aba4b52
C:\7655925401048e40a58c7cb238cb44
C:\Documents and Settings\merza
---> Colle la sélection dans le bloc-notes
---> Enregistre ce fichier sur le bureau (Impératif)
---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes
2/
---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif
[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.
[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.
[*] Une fois le scan achevé, un rapport va s'afficher : poste-le
[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix.txt
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
/!\ Seul musdu83 peut suivre cette procédure /!\
1/
---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.
---> Copie le texte ci-dessous par sélection puis Ctrl+C :
KillAll::
File::
C:\Documents and Settings\adelus\dofwni.exe
C:\WINDOWS\bdtb3452.exe
C:\WINDOWS\dwtb2837.exe
C:\WINDOWS\smms.bat
C:\WINDOWS\system32\lmyvkpevviupbcntk.exe
C:\WINDOWS\system32\meddekom.dat
C:\WINDOWS\system32\newsettings.ces
C:\WINDOWS\vntb9283.exe
C:\WINDOWS\winzipme.ini
C:\WINDOWS\system32\ucdvth.dll
C:\WINDOWS\system32\jzskku.dll
Folder::
C:\WINDOWS\system32\ci
C:\WINDOWS\system32\EV02
C:\WINDOWS\system32\hpd
C:\WINDOWS\system32\tz1
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8615b99c-94a9-11dd-93d8-001e8c52030a}]
---> Colle la sélection dans le bloc-notes
---> Enregistre ce fichier sur le bureau (Impératif)
---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes
2/
---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif
[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.
[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.
[*] Une fois le scan achevé, un rapport va s'afficher : poste-le
[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix.txt
1/
---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.
---> Copie le texte ci-dessous par sélection puis Ctrl+C :
KillAll::
File::
C:\Documents and Settings\adelus\dofwni.exe
C:\WINDOWS\bdtb3452.exe
C:\WINDOWS\dwtb2837.exe
C:\WINDOWS\smms.bat
C:\WINDOWS\system32\lmyvkpevviupbcntk.exe
C:\WINDOWS\system32\meddekom.dat
C:\WINDOWS\system32\newsettings.ces
C:\WINDOWS\vntb9283.exe
C:\WINDOWS\winzipme.ini
C:\WINDOWS\system32\ucdvth.dll
C:\WINDOWS\system32\jzskku.dll
Folder::
C:\WINDOWS\system32\ci
C:\WINDOWS\system32\EV02
C:\WINDOWS\system32\hpd
C:\WINDOWS\system32\tz1
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8615b99c-94a9-11dd-93d8-001e8c52030a}]
---> Colle la sélection dans le bloc-notes
---> Enregistre ce fichier sur le bureau (Impératif)
---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes
2/
---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif
[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.
[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.
[*] Une fois le scan achevé, un rapport va s'afficher : poste-le
[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix.txt
ComboFix 08-10-14.02 - MUSTAPHA 2008-10-15 7:12:38.5 - [color=red][b]FAT32[/b][/color]x86
Lancé depuis: C:\Documents and Settings\MUSTAPHA\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\MUSTAPHA\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
FILE ::
C:\Documents and Settings\adelus\dofwni.exe
C:\WINDOWS\bdtb3452.exe
C:\WINDOWS\dwtb2837.exe
C:\WINDOWS\smms.bat
C:\WINDOWS\system32\jzskku.dll
C:\WINDOWS\system32\lmyvkpevviupbcntk.exe
C:\WINDOWS\system32\meddekom.dat
C:\WINDOWS\system32\newsettings.ces
C:\WINDOWS\system32\ucdvth.dll
C:\WINDOWS\vntb9283.exe
C:\WINDOWS\winzipme.ini
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\adelus\dofwni.exe
C:\WINDOWS\bdtb3452.exe
C:\WINDOWS\dwtb2837.exe
C:\WINDOWS\smms.bat
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\ci
C:\WINDOWS\system32\EV02
C:\WINDOWS\system32\hpd
C:\WINDOWS\system32\hpd\COPi9943.exe
C:\WINDOWS\system32\lmyvkpevviupbcntk.exe
C:\WINDOWS\system32\meddekom.dat
C:\WINDOWS\system32\newsettings.ces
C:\WINDOWS\system32\tz1
C:\WINDOWS\vntb9283.exe
C:\WINDOWS\winzipme.ini
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-15 au 2008-10-15 ))))))))))))))))))))))))))))))))))))
.
2008-10-15 07:08 . 2008-10-15 07:08 1,393 --a------ C:\WINDOWS\imsins.BAK
2008-10-14 23:10 . 2008-10-14 23:10 <REP> d-------- C:\Documents and Settings\Default User
2008-10-14 23:10 . 2008-08-14 15:23 2,191,232 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-14 23:10 . 2008-08-14 15:23 2,147,328 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-14 23:10 . 2008-08-14 15:23 2,068,096 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-14 23:10 . 2008-08-14 15:23 2,025,984 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-14 23:10 . 2008-09-15 17:26 1,846,528 --------- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-14 23:05 . 2008-10-14 23:06 3,098,403 --a------ C:\[u]0[/u]2 Track 2.wma
2008-10-14 23:03 . 2008-10-14 23:04 4,183,160 --a------ C:\[u]0[/u]3 Track 3.wma
2008-10-14 23:01 . 2008-10-14 23:02 3,545,425 --a------ C:\plus javanceplus je grandis.mp3
2008-10-14 22:58 . 2008-10-14 22:59 5,745,425 --a------ C:\plus javance,plus je grandis,.mp3
2008-10-14 20:42 . 2008-10-14 20:42 <REP> d--hs---- C:\FOUND.000
2008-10-14 19:40 . 2008-10-14 19:40 <REP> d-------- C:\Program Files\Counter-Strike Source
2008-10-14 19:40 . 2008-10-14 19:40 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\InstallShield Installation Information
2008-10-14 19:10 . 2008-10-14 19:10 <REP> d-------- C:\Program Files\Valve Lan
2008-10-13 19:31 . 2008-10-13 19:31 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-13 19:31 . 2008-10-13 19:31 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\Malwarebytes
2008-10-13 19:31 . 2008-10-13 19:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-13 19:31 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-13 19:31 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-13 07:49 . 2008-10-13 07:49 <REP> d-------- C:\Program Files\Navilog1
2008-10-12 22:25 . 2008-10-12 22:25 <REP> d-------- C:\Program Files\Antipub
2008-10-12 21:12 . 2008-10-12 21:13 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\MailFrontier
2008-10-12 20:33 . 2008-10-12 20:33 <REP> d-------- C:\Documents and Settings\adelus\Application Data\MailFrontier
2008-10-12 17:43 . 2008-07-09 09:05 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-10-12 17:43 . 2008-07-09 09:05 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-10-12 17:43 . 2008-07-09 09:05 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-10-12 17:43 . 2008-07-09 09:05 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-10-12 17:42 . 2008-10-12 17:42 <REP> d-------- C:\Program Files\Zone Labs
2008-10-12 17:42 . 2008-07-09 09:05 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-10-12 17:42 . 2008-10-15 07:21 360,555 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-10-12 17:10 . 2008-10-12 17:10 <REP> d-------- C:\Program Files\Alwil Software
2008-10-12 14:31 . 2008-10-12 14:31 <REP> d-------- C:\Program Files\Sunbelt Software
2008-10-12 14:22 . 2008-10-12 14:22 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-12 13:41 . 2008-10-12 21:43 4,194,394 --a------ C:\WINDOWS\pfirewall.log.old
2008-10-12 12:37 . 2008-10-12 12:37 <REP> d-------- C:\Program Files\MSN Password Recovery
2008-10-11 23:56 . 2008-10-11 23:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-10-11 23:19 . 2008-10-11 23:19 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\FileZilla
2008-10-11 23:18 . 2008-10-11 23:19 <REP> d-------- C:\Program Files\FileZilla FTP Client
2008-10-11 23:09 . 2008-10-11 23:09 <REP> d-------- C:\Program Files\Yahoo!
2008-10-11 10:03 . 2008-10-11 10:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-10 16:53 . 2008-10-10 16:53 <REP> d-------- C:\Program Files\OpenDNS Updater
2008-10-09 21:03 . 2008-10-09 21:03 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\Smart PC Solutions
2008-10-09 20:56 . 2008-10-09 20:56 <REP> d-------- C:\Program Files\Free Window Registry Repair
2008-10-09 19:41 . 2008-10-09 19:41 <REP> d-------- C:\Program Files\Microsoft Works
2008-10-09 19:37 . 2008-10-09 19:37 <REP> d-------- C:\Program Files\Microsoft.NET
2008-10-09 19:26 . 2008-10-09 19:26 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\Uniblue
2008-10-09 18:40 . 2008-10-09 18:40 3,120 --a------ C:\WINDOWS\system32\118290.54
2008-10-09 18:40 . 2008-10-09 18:40 3,120 --a------ C:\WINDOWS\118294.78
2008-10-09 18:38 . 1996-08-20 20:37 15,840 --a------ C:\WINDOWS\system32\Machnm1.exe
2008-10-09 18:38 . 2005-09-25 16:37 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys
2008-10-09 18:38 . 2003-08-13 00:27 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys
2008-10-09 18:24 . 2008-10-09 18:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-08 23:15 . 2008-10-08 23:15 <REP> d-------- C:\Program Files\MSN Messenger
2008-10-08 23:01 . 2008-08-09 09:24 59,728 --a------ C:\msimg32.dll
2008-10-08 16:44 . 2008-10-08 16:44 <REP> d-------- C:\temp\xp34
2008-10-08 16:44 . 2008-10-08 16:44 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-10-08 16:14 . 2008-10-08 16:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-10-08 11:10 . 2008-10-08 11:10 <REP> d-------- C:\Documents and Settings\adelus\Application Data\HiYo
2008-10-07 07:46 . 2008-10-07 07:46 <REP> d-------- C:\Program Files\Windows Live Toolbar
2008-10-07 07:46 . 2008-10-07 07:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-10-06 18:36 . 2008-10-06 18:36 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\HiYo
2008-10-04 19:54 . 2008-10-04 19:54 268 --ah----- C:\sqmdata00.sqm
2008-10-04 19:54 . 2008-10-04 19:54 244 --ah----- C:\sqmnoopt00.sqm
2008-10-04 19:54 . 2008-10-04 19:54 172 --ah----- C:\sqmnoopt01.sqm
2008-10-04 19:54 . 2008-10-04 19:54 172 --ah----- C:\sqmdata01.sqm
2008-10-04 19:49 . 2008-10-04 19:49 <REP> d-------- C:\Program Files\MessengerDiscovery
2008-10-04 19:49 . 2004-03-09 00:00 212,240 --a------ C:\WINDOWS\system32\richtx32.OCX
2008-10-04 19:49 . 2004-03-09 00:00 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.ocx
2008-10-02 22:30 . 2008-10-02 22:30 <REP> d-------- C:\Program Files\Wakfu
2008-10-01 20:27 . 2008-10-11 23:10 959 --a------ C:\rollback.ini
2008-10-01 16:19 . 2008-10-15 07:18 2,080 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-01 16:19 . 2008-10-15 07:18 1,100 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-01 15:47 . 2008-10-01 15:47 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\Hide IP NG
2008-10-01 14:13 . 2008-10-01 14:13 <REP> d-------- C:\Documents and Settings\LocalService\Bureau
2008-10-01 13:41 . 2008-10-01 13:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-10-01 13:41 . 2008-07-09 09:05 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-10-01 13:41 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-10-01 13:41 . 2008-10-12 21:12 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-10-01 13:40 . 2008-10-01 13:40 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2008-10-01 13:39 . 2008-10-01 13:39 <REP> d-------- C:\WINDOWS\Internet Logs
2008-09-30 21:53 . 2008-09-30 21:53 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Contacts
2008-09-29 21:35 . 2008-09-29 21:35 <REP> d-------- C:\Documents and Settings\MERZA2\Application Data\SiteAdvisor
2008-09-28 15:12 . 2008-09-28 15:12 <REP> d-------- C:\2fab93e879cf551fd5c6145d76bada9d
2008-09-28 15:12 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-09-28 15:08 . 2008-09-28 15:08 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2008-09-28 15:08 . 2008-09-28 15:08 <REP> d-------- C:\Program Files\MSBuild
2008-09-28 15:07 . 2008-09-28 15:07 <REP> d-------- C:\Program Files\Reference Assemblies
2008-09-28 15:07 . 2008-09-28 15:07 <REP> d-------- C:\[u]0[/u]300fff9c12bc6739aba4b52
2008-09-28 15:07 . 2008-07-06 14:06 1,676,288 --------- C:\WINDOWS\system32\xpssvcs.dll
2008-09-28 15:07 . 2008-07-06 14:06 1,676,288 --------- C:\WINDOWS\system32\dllcache\xpssvcs.dll
2008-09-28 15:07 . 2008-07-06 12:50 597,504 --------- C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe
2008-09-28 15:07 . 2008-07-06 14:06 575,488 --------- C:\WINDOWS\system32\xpsshhdr.dll
2008-09-28 15:07 . 2008-07-06 14:06 575,488 --------- C:\WINDOWS\system32\dllcache\xpsshhdr.dll
2008-09-28 15:07 . 2008-07-06 14:06 117,760 --------- C:\WINDOWS\system32\prntvpt.dll
2008-09-28 15:07 . 2008-07-06 14:06 89,088 --------- C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll
2008-09-28 15:06 . 2008-09-28 15:06 <REP> d-------- C:\WINDOWS\SxsCaPendDel
2008-09-28 14:39 . 2008-09-28 14:39 <REP> d-------- C:\7655925401048e40a58c7cb238cb44
2008-09-28 14:38 . 2006-04-13 11:30 1,073,152 --a------ C:\WINDOWS\system32\libmysql_c.dll
2008-09-27 22:42 . 2008-09-27 22:42 <REP> d-------- C:\Documents and Settings\merza\Bureau
2008-09-27 22:42 . 2008-09-27 22:42 <REP> d-------- C:\Documents and Settings\merza
2008-09-27 21:27 . 2008-09-27 21:27 <REP> d-------- C:\Program Files\WinPcap
2008-09-27 20:55 . 2008-09-27 20:55 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\SACore
2008-09-27 20:45 . 2008-09-27 20:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-09-27 17:20 . 2008-09-27 17:20 <REP> d-------- C:\Program Files\SiteAdvisor
2008-09-27 17:20 . 2008-09-27 17:20 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\SiteAdvisor
2008-09-27 17:13 . 2008-09-27 17:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-09-27 17:08 . 2008-09-27 17:08 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\DNA
2008-09-27 16:43 . 2008-09-27 16:43 <REP> d-------- C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
2008-09-27 15:42 . 2008-09-27 15:42 <REP> d-------- C:\Documents and Settings\adelus\Application Data\DivX
2008-09-27 15:20 . 2008-09-27 15:20 <REP> d-------- C:\Documents and Settings\adelus\Application Data\Symantec
2008-09-27 14:16 . 2008-09-27 14:16 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\LimeWire
2008-09-27 14:14 . 2008-09-27 14:14 <REP> d-------- C:\Program Files\LimeWire
2008-09-27 09:42 . 2008-09-27 09:42 1,196 --a------ C:\WINDOWS\mozver.dat
2008-09-27 09:40 . 2008-09-27 09:40 0 --a------ C:\WINDOWS\nsreg.dat
2008-09-26 22:49 . 2008-10-12 16:29 966 --a------ C:\WINDOWS\wininit.ini
2008-09-26 22:18 . 2008-09-26 22:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-26 21:56 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-09-26 21:56 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-09-26 21:56 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-09-26 21:56 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-09-26 21:56 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-09-26 21:56 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-09-26 21:56 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-09-26 21:56 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-14 19:37 24,282,856 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_10_14_21_33_03_full.dmp.zip
2008-10-14 19:09 1,741,810 ------w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-09-15 15:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-15 11:17 2,012 ----a-w C:\WINDOWS\system32\ealregsnapshot1.reg
2008-09-14 14:55 --------- d-----w C:\Documents and Settings\MUSTAPHA\Application Data\DivX
2008-09-13 23:34 --------- d-----w C:\Program Files\uTorrent
2008-09-13 23:34 --------- d-----w C:\Documents and Settings\MUSTAPHA\Application Data\uTorrent
2008-09-10 17:31 --------- d-----w C:\Documents and Settings\adelus\Application Data\ItsLabel
2008-09-10 12:10 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-09-10 12:10 --------- d-----w C:\Documents and Settings\MUSTAPHA\Application Data\SPORE Creature Creator
2008-09-10 07:41 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
2008-09-09 20:36 --------- d-----w C:\Documents and Settings\MUSTAPHA\Application Data\ItsLabel
2008-09-09 16:39 --------- d-----w C:\Documents and Settings\MUSTAPHA\Application Data\SecondLife
2008-09-09 16:37 --------- d-----w C:\Documents and Settings\MUSTAPHA\Application Data\EoRezo
2008-09-07 10:11 --------- d-----w C:\Program Files\Java
2008-09-07 10:11 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-09-05 23:08 --------- d-----w C:\Program Files\Get IP
2008-09-03 09:10 --------- d-----w C:\Program Files\DivX
2008-08-30 15:31 --------- d-----w C:\Documents and Settings\MUSTAPHA\Application Data\ATI
2008-08-30 15:30 --------- d-----w C:\Documents and Settings\MUSTAPHA\Application Data\AVG7
2008-08-14 13:23 2,147,328 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:23 2,025,984 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-05 22:02 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-08-05 22:02 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-08-05 22:00 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-08-05 22:00 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-08-05 21:59 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-08-05 21:59 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-08-05 21:59 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-08-05 21:59 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-08-05 21:59 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-08-05 21:59 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-08-05 21:59 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-08-05 21:59 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-08-05 21:58 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-08-05 21:58 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-08-05 21:58 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-08-05 21:58 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-08-05 21:58 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-08-05 21:58 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-08-05 21:58 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-07-29 19:10 73,720 ----a-w C:\WINDOWS\system32\dxva2.dll
2008-07-29 19:10 493,048 ----a-w C:\WINDOWS\system32\evr.dll
2008-07-29 19:10 26,112 ----a-w C:\WINDOWS\system32\TsWpfWrp.exe
2008-07-29 18:35 326,160 ----a-w C:\WINDOWS\system32\PresentationHost.exe
2008-07-29 17:59 781,344 ----a-w C:\WINDOWS\system32\PresentationNative_v0300.dll
2008-07-29 17:59 43,544 ----a-w C:\WINDOWS\system32\PresentationHostProxy.dll
2008-07-29 17:59 161,296 ----a-w C:\WINDOWS\system32\UIAutomationCore.dll
2008-07-29 17:59 105,016 ----a-w C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2008-07-29 17:24 97,800 ----a-w C:\WINDOWS\system32\infocardapi.dll
2008-07-29 17:24 622,080 ----a-w C:\WINDOWS\system32\icardagt.exe
2008-07-29 17:24 11,264 ----a-w C:\WINDOWS\system32\icardres.dll
2008-07-25 09:16 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
2008-07-25 09:16 83,968 ----a-w C:\WINDOWS\system32\mscories.dll
2008-07-25 09:16 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
2008-07-25 09:16 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
2008-07-23 16:50 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-07-23 16:50 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-07-23 16:50 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-03-08 18:24 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2006-10-12 02:09 94,208 --sh--w C:\WINDOWS\system32\SalaatTime.dll
.
((((((((((((((((((((((((((((( snapshot@2008-10-14_20.25.17,15 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-09 17:39:44 248,632 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2008-10-14 21:12:16 250,928 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2008-08-14 13:23:44 2,147,328 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 13:23:50 2,068,096 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 13:23:44 2,025,984 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 13:23:50 2,191,232 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
+ 2006-10-27 13:07:36 17,891,112 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002119410000000000000000F01FEC\12.0.4518\EXCEL.EXE
+ 2006-10-27 13:04:08 497,504 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002119410000000000000000F01FEC\12.0.4518\MORPH9.DLL
+ 2006-10-27 13:26:40 16,870,712 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002119410000000000000000F01FEC\12.0.4518\MSO.DLL
+ 2006-10-27 13:04:10 9,581,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002119410000000000000000F01FEC\12.0.4518\MSPUB.EXE
+ 2006-10-27 13:18:36 1,658,152 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002119410000000000000000F01FEC\12.0.4518\OGL.DLL
+ 2006-10-27 13:04:06 465,200 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002119410000000000000000F01FEC\12.0.4518\POWERPNT.EXE
+ 2006-10-27 13:04:06 7,980,848 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002119410000000000000000F01FEC\12.0.4518\PPCORE.DLL
+ 2008-10-09 17:39:44 248,632 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002119410000000000000000F01FEC\12.0.4518\PPTPIA.DLL
+ 2006-10-26 18:09:36 136,008 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002119410000000000000000F01FEC\12.0.4518\PRTF9.DLL
+ 2006-10-27 13:04:06 624,456 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002119410000000000000000F01FEC\12.0.4518\PTXT9.DLL
+ 2006-10-26 18:09:44 590,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002119410000000000000000F01FEC\12.0.4518\PUBCONV.DLL
+ 2006-10-27 13:23:04 347,432 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002119410000000000000000F01FEC\12.0.4518\WINWORD.EXE
+ 2006-10-27 13:11:38 4,235,560 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002119410000000000000000F01FEC\12.0.4518\WRD12CNV.DLL
+ 2006-10-27 13:11:36 21,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002119410000000000000000F01FEC\12.0.4518\WRD12EXE.EXE
+ 2006-10-27 13:23:08 17,483,560 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002119410000000000000000F01FEC\12.0.4518\WWLIB.DLL
+ 2006-10-26 19:13:08 14,674,216 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002119410000000000000000F01FEC\12.0.4518\XL12CNV.EXE
+ 2006-10-26 19:17:08 11,072 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002119410000000000000000F01FEC\12.0.4518\XLCALL32.DLL
- 2008-10-09 18:38:10 1,165,584 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-10-15 05:10:56 1,165,584 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
- 2008-10-09 18:38:10 20,240 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-10-15 05:10:56 20,240 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-10-09 18:38:10 217,864 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
+ 2008-10-15 05:10:56 217,864 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
- 2008-10-09 18:38:10 18,704 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-10-15 05:10:56 18,704 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-10-09 18:38:10 35,088 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-10-15 05:10:56 35,088 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-10-09 18:38:10 845,584 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-10-15 05:10:56 845,584 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
- 2008-10-09 18:38:10 922,384 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-10-15 05:10:56 922,384 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
- 2008-10-09 18:38:10 272,648 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-10-15 05:10:56 272,648 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
- 2008-10-09 18:38:10 888,080 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-10-15 05:10:56 888,080 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-10-09 18:38:10 1,172,240 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-10-15 05:10:56 1,172,240 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-10-10 14:38:26 304,416 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-10-15 05:19:12 304,416 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2008-08-26 20:28:12 16,208,504 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-10-07 19:19:40 16,721,856 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-11-30 12:39:22 17,272 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 12:39:30 18,296 ------w C:\WINDOWS\system32\spmsg.dll
+ 2008-10-15 05:19:36 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_d8.dat
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SalaatTime"="C:\Program Files\Salaat Time\SalaatTime.exe" [2007-08-26 13443072]
"RayV"="C:\Program Files\RayV\RayV\RayV.exe" [2008-09-07 3708200]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-09-27 289088]
"ccleaner"="C:\Documents and Settings\MUSTAPHA\Bureau\CCleaner\CCleaner.exe" [2008-09-24 1279216]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OpenDNS Update"="C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe" [2008-10-09 281088]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
C:\Documents and Settings\MUSTAPHA\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]
C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]
C:\Documents and Settings\adelus\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]
C:\Documents and Settings\Invit‚\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]
C:\Documents and Settings\MERZA2\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]
C:\Documents and Settings\MUSTAPHA\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]
C:\Documents and Settings\MUSTAPHA\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-05-22 2756608]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"<NO NAME>"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Documents and Settings\\merza\\Bureau\\Dofus\\Dofus.exe"=
"C:\\Nostale(FR)\\Nostale.exe"=
"C:\\Program Files\\ASUS\\ASUS Live Update\\ALU.EXE"=
"C:\\Program Files\\RayV\\RayV\\RayV.exe"=
"C:\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\System32\\ZoneLabs\\vsmon.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\WINDOWS\System32\StkCSrv.exe [2007-04-18 24576]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-08-21 30208]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\WINDOWS\system32\Drivers\StkCMini.sys [2007-06-05 1260672]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-03-28 57024]
S3 CoachUsb;Coach Digital Camera on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-11-24 50976]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0480f980-8a24-11dd-93b8-001d60c57f04}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \info.exe o
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {857D4360-762B-978B-76AD-491AA719E47A} /qb
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-15 07:20:09
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM32\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM32\ACS.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\LIGHTSCRIBE\LSSRVC.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\PROGRAM FILES\TOSHIBA\BLUETOOTH TOSHIBA STACK\TOSBTSRV.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Heure de fin: 2008-10-15 7:24:33 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-15 05:24:22
ComboFix4.txt 2008-10-14 18:26:32
ComboFix3.txt 2008-10-14 19:14:10
ComboFix2.txt 2008-10-14 19:36:36
Avant-CF: 64 094 994 432 octets libres
Après-CF: 64,084,901,888 octets libres
422 --- E O F --- 2008-10-15 05:11:01
Lancé depuis: C:\Documents and Settings\MUSTAPHA\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\MUSTAPHA\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
FILE ::
C:\Documents and Settings\adelus\dofwni.exe
C:\WINDOWS\bdtb3452.exe
C:\WINDOWS\dwtb2837.exe
C:\WINDOWS\smms.bat
C:\WINDOWS\system32\jzskku.dll
C:\WINDOWS\system32\lmyvkpevviupbcntk.exe
C:\WINDOWS\system32\meddekom.dat
C:\WINDOWS\system32\newsettings.ces
C:\WINDOWS\system32\ucdvth.dll
C:\WINDOWS\vntb9283.exe
C:\WINDOWS\winzipme.ini
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\adelus\dofwni.exe
C:\WINDOWS\bdtb3452.exe
C:\WINDOWS\dwtb2837.exe
C:\WINDOWS\smms.bat
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\ci
C:\WINDOWS\system32\EV02
C:\WINDOWS\system32\hpd
C:\WINDOWS\system32\hpd\COPi9943.exe
C:\WINDOWS\system32\lmyvkpevviupbcntk.exe
C:\WINDOWS\system32\meddekom.dat
C:\WINDOWS\system32\newsettings.ces
C:\WINDOWS\system32\tz1
C:\WINDOWS\vntb9283.exe
C:\WINDOWS\winzipme.ini
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-15 au 2008-10-15 ))))))))))))))))))))))))))))))))))))
.
2008-10-15 07:08 . 2008-10-15 07:08 1,393 --a------ C:\WINDOWS\imsins.BAK
2008-10-14 23:10 . 2008-10-14 23:10 <REP> d-------- C:\Documents and Settings\Default User
2008-10-14 23:10 . 2008-08-14 15:23 2,191,232 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-14 23:10 . 2008-08-14 15:23 2,147,328 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-14 23:10 . 2008-08-14 15:23 2,068,096 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-14 23:10 . 2008-08-14 15:23 2,025,984 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-14 23:10 . 2008-09-15 17:26 1,846,528 --------- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-14 23:05 . 2008-10-14 23:06 3,098,403 --a------ C:\[u]0[/u]2 Track 2.wma
2008-10-14 23:03 . 2008-10-14 23:04 4,183,160 --a------ C:\[u]0[/u]3 Track 3.wma
2008-10-14 23:01 . 2008-10-14 23:02 3,545,425 --a------ C:\plus javanceplus je grandis.mp3
2008-10-14 22:58 . 2008-10-14 22:59 5,745,425 --a------ C:\plus javance,plus je grandis,.mp3
2008-10-14 20:42 . 2008-10-14 20:42 <REP> d--hs---- C:\FOUND.000
2008-10-14 19:40 . 2008-10-14 19:40 <REP> d-------- C:\Program Files\Counter-Strike Source
2008-10-14 19:40 . 2008-10-14 19:40 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\InstallShield Installation Information
2008-10-14 19:10 . 2008-10-14 19:10 <REP> d-------- C:\Program Files\Valve Lan
2008-10-13 19:31 . 2008-10-13 19:31 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-13 19:31 . 2008-10-13 19:31 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\Malwarebytes
2008-10-13 19:31 . 2008-10-13 19:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-13 19:31 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-13 19:31 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-13 07:49 . 2008-10-13 07:49 <REP> d-------- C:\Program Files\Navilog1
2008-10-12 22:25 . 2008-10-12 22:25 <REP> d-------- C:\Program Files\Antipub
2008-10-12 21:12 . 2008-10-12 21:13 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\MailFrontier
2008-10-12 20:33 . 2008-10-12 20:33 <REP> d-------- C:\Documents and Settings\adelus\Application Data\MailFrontier
2008-10-12 17:43 . 2008-07-09 09:05 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-10-12 17:43 . 2008-07-09 09:05 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-10-12 17:43 . 2008-07-09 09:05 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-10-12 17:43 . 2008-07-09 09:05 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-10-12 17:42 . 2008-10-12 17:42 <REP> d-------- C:\Program Files\Zone Labs
2008-10-12 17:42 . 2008-07-09 09:05 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-10-12 17:42 . 2008-10-15 07:21 360,555 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-10-12 17:10 . 2008-10-12 17:10 <REP> d-------- C:\Program Files\Alwil Software
2008-10-12 14:31 . 2008-10-12 14:31 <REP> d-------- C:\Program Files\Sunbelt Software
2008-10-12 14:22 . 2008-10-12 14:22 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-12 13:41 . 2008-10-12 21:43 4,194,394 --a------ C:\WINDOWS\pfirewall.log.old
2008-10-12 12:37 . 2008-10-12 12:37 <REP> d-------- C:\Program Files\MSN Password Recovery
2008-10-11 23:56 . 2008-10-11 23:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-10-11 23:19 . 2008-10-11 23:19 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\FileZilla
2008-10-11 23:18 . 2008-10-11 23:19 <REP> d-------- C:\Program Files\FileZilla FTP Client
2008-10-11 23:09 . 2008-10-11 23:09 <REP> d-------- C:\Program Files\Yahoo!
2008-10-11 10:03 . 2008-10-11 10:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-10 16:53 . 2008-10-10 16:53 <REP> d-------- C:\Program Files\OpenDNS Updater
2008-10-09 21:03 . 2008-10-09 21:03 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\Smart PC Solutions
2008-10-09 20:56 . 2008-10-09 20:56 <REP> d-------- C:\Program Files\Free Window Registry Repair
2008-10-09 19:41 . 2008-10-09 19:41 <REP> d-------- C:\Program Files\Microsoft Works
2008-10-09 19:37 . 2008-10-09 19:37 <REP> d-------- C:\Program Files\Microsoft.NET
2008-10-09 19:26 . 2008-10-09 19:26 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\Uniblue
2008-10-09 18:40 . 2008-10-09 18:40 3,120 --a------ C:\WINDOWS\system32\118290.54
2008-10-09 18:40 . 2008-10-09 18:40 3,120 --a------ C:\WINDOWS\118294.78
2008-10-09 18:38 . 1996-08-20 20:37 15,840 --a------ C:\WINDOWS\system32\Machnm1.exe
2008-10-09 18:38 . 2005-09-25 16:37 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys
2008-10-09 18:38 . 2003-08-13 00:27 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys
2008-10-09 18:24 . 2008-10-09 18:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-08 23:15 . 2008-10-08 23:15 <REP> d-------- C:\Program Files\MSN Messenger
2008-10-08 23:01 . 2008-08-09 09:24 59,728 --a------ C:\msimg32.dll
2008-10-08 16:44 . 2008-10-08 16:44 <REP> d-------- C:\temp\xp34
2008-10-08 16:44 . 2008-10-08 16:44 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-10-08 16:14 . 2008-10-08 16:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-10-08 11:10 . 2008-10-08 11:10 <REP> d-------- C:\Documents and Settings\adelus\Application Data\HiYo
2008-10-07 07:46 . 2008-10-07 07:46 <REP> d-------- C:\Program Files\Windows Live Toolbar
2008-10-07 07:46 . 2008-10-07 07:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-10-06 18:36 . 2008-10-06 18:36 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\HiYo
2008-10-04 19:54 . 2008-10-04 19:54 268 --ah----- C:\sqmdata00.sqm
2008-10-04 19:54 . 2008-10-04 19:54 244 --ah----- C:\sqmnoopt00.sqm
2008-10-04 19:54 . 2008-10-04 19:54 172 --ah----- C:\sqmnoopt01.sqm
2008-10-04 19:54 . 2008-10-04 19:54 172 --ah----- C:\sqmdata01.sqm
2008-10-04 19:49 . 2008-10-04 19:49 <REP> d-------- C:\Program Files\MessengerDiscovery
2008-10-04 19:49 . 2004-03-09 00:00 212,240 --a------ C:\WINDOWS\system32\richtx32.OCX
2008-10-04 19:49 . 2004-03-09 00:00 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.ocx
2008-10-02 22:30 . 2008-10-02 22:30 <REP> d-------- C:\Program Files\Wakfu
2008-10-01 20:27 . 2008-10-11 23:10 959 --a------ C:\rollback.ini
2008-10-01 16:19 . 2008-10-15 07:18 2,080 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-01 16:19 . 2008-10-15 07:18 1,100 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-01 15:47 . 2008-10-01 15:47 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\Hide IP NG
2008-10-01 14:13 . 2008-10-01 14:13 <REP> d-------- C:\Documents and Settings\LocalService\Bureau
2008-10-01 13:41 . 2008-10-01 13:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-10-01 13:41 . 2008-07-09 09:05 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-10-01 13:41 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-10-01 13:41 . 2008-10-12 21:12 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-10-01 13:40 . 2008-10-01 13:40 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2008-10-01 13:39 . 2008-10-01 13:39 <REP> d-------- C:\WINDOWS\Internet Logs
2008-09-30 21:53 . 2008-09-30 21:53 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Contacts
2008-09-29 21:35 . 2008-09-29 21:35 <REP> d-------- C:\Documents and Settings\MERZA2\Application Data\SiteAdvisor
2008-09-28 15:12 . 2008-09-28 15:12 <REP> d-------- C:\2fab93e879cf551fd5c6145d76bada9d
2008-09-28 15:12 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-09-28 15:08 . 2008-09-28 15:08 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2008-09-28 15:08 . 2008-09-28 15:08 <REP> d-------- C:\Program Files\MSBuild
2008-09-28 15:07 . 2008-09-28 15:07 <REP> d-------- C:\Program Files\Reference Assemblies
2008-09-28 15:07 . 2008-09-28 15:07 <REP> d-------- C:\[u]0[/u]300fff9c12bc6739aba4b52
2008-09-28 15:07 . 2008-07-06 14:06 1,676,288 --------- C:\WINDOWS\system32\xpssvcs.dll
2008-09-28 15:07 . 2008-07-06 14:06 1,676,288 --------- C:\WINDOWS\system32\dllcache\xpssvcs.dll
2008-09-28 15:07 . 2008-07-06 12:50 597,504 --------- C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe
2008-09-28 15:07 . 2008-07-06 14:06 575,488 --------- C:\WINDOWS\system32\xpsshhdr.dll
2008-09-28 15:07 . 2008-07-06 14:06 575,488 --------- C:\WINDOWS\system32\dllcache\xpsshhdr.dll
2008-09-28 15:07 . 2008-07-06 14:06 117,760 --------- C:\WINDOWS\system32\prntvpt.dll
2008-09-28 15:07 . 2008-07-06 14:06 89,088 --------- C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll
2008-09-28 15:06 . 2008-09-28 15:06 <REP> d-------- C:\WINDOWS\SxsCaPendDel
2008-09-28 14:39 . 2008-09-28 14:39 <REP> d-------- C:\7655925401048e40a58c7cb238cb44
2008-09-28 14:38 . 2006-04-13 11:30 1,073,152 --a------ C:\WINDOWS\system32\libmysql_c.dll
2008-09-27 22:42 . 2008-09-27 22:42 <REP> d-------- C:\Documents and Settings\merza\Bureau
2008-09-27 22:42 . 2008-09-27 22:42 <REP> d-------- C:\Documents and Settings\merza
2008-09-27 21:27 . 2008-09-27 21:27 <REP> d-------- C:\Program Files\WinPcap
2008-09-27 20:55 . 2008-09-27 20:55 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\SACore
2008-09-27 20:45 . 2008-09-27 20:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-09-27 17:20 . 2008-09-27 17:20 <REP> d-------- C:\Program Files\SiteAdvisor
2008-09-27 17:20 . 2008-09-27 17:20 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\SiteAdvisor
2008-09-27 17:13 . 2008-09-27 17:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-09-27 17:08 . 2008-09-27 17:08 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\DNA
2008-09-27 16:43 . 2008-09-27 16:43 <REP> d-------- C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
2008-09-27 15:42 . 2008-09-27 15:42 <REP> d-------- C:\Documents and Settings\adelus\Application Data\DivX
2008-09-27 15:20 . 2008-09-27 15:20 <REP> d-------- C:\Documents and Settings\adelus\Application Data\Symantec
2008-09-27 14:16 . 2008-09-27 14:16 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\LimeWire
2008-09-27 14:14 . 2008-09-27 14:14 <REP> d-------- C:\Program Files\LimeWire
2008-09-27 09:42 . 2008-09-27 09:42 1,196 --a------ C:\WINDOWS\mozver.dat
2008-09-27 09:40 . 2008-09-27 09:40 0 --a------ C:\WINDOWS\nsreg.dat
2008-09-26 22:49 . 2008-10-12 16:29 966 --a------ C:\WINDOWS\wininit.ini
2008-09-26 22:18 . 2008-09-26 22:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-26 21:56 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-09-26 21:56 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-09-26 21:56 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-09-26 21:56 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-09-26 21:56 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-09-26 21:56 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-09-26 21:56 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-09-26 21:56 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-14 19:37 24,282,856 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_10_14_21_33_03_full.dmp.zip
2008-10-14 19:09 1,741,810 ------w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-09-15 15:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-15 11:17 2,012 ----a-w C:\WINDOWS\system32\ealregsnapshot1.reg
2008-09-14 14:55 --------- d-----w C:\Documents and Settings\MUSTAPHA\Application Data\DivX
2008-09-13 23:34 --------- d-----w C:\Program Files\uTorrent
2008-09-13 23:34 --------- d-----w C:\Documents and Settings\MUSTAPHA\Application Data\uTorrent
2008-09-10 17:31 --------- d-----w C:\Documents and Settings\adelus\Application Data\ItsLabel
2008-09-10 12:10 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-09-10 12:10 --------- d-----w C:\Documents and Settings\MUSTAPHA\Application Data\SPORE Creature Creator
2008-09-10 07:41 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
2008-09-09 20:36 --------- d-----w C:\Documents and Settings\MUSTAPHA\Application Data\ItsLabel
2008-09-09 16:39 --------- d-----w C:\Documents and Settings\MUSTAPHA\Application Data\SecondLife
2008-09-09 16:37 --------- d-----w C:\Documents and Settings\MUSTAPHA\Application Data\EoRezo
2008-09-07 10:11 --------- d-----w C:\Program Files\Java
2008-09-07 10:11 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-09-05 23:08 --------- d-----w C:\Program Files\Get IP
2008-09-03 09:10 --------- d-----w C:\Program Files\DivX
2008-08-30 15:31 --------- d-----w C:\Documents and Settings\MUSTAPHA\Application Data\ATI
2008-08-30 15:30 --------- d-----w C:\Documents and Settings\MUSTAPHA\Application Data\AVG7
2008-08-14 13:23 2,147,328 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:23 2,025,984 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-05 22:02 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-08-05 22:02 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-08-05 22:00 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-08-05 22:00 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-08-05 21:59 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-08-05 21:59 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-08-05 21:59 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-08-05 21:59 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-08-05 21:59 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-08-05 21:59 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-08-05 21:59 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-08-05 21:59 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-08-05 21:58 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-08-05 21:58 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-08-05 21:58 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-08-05 21:58 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-08-05 21:58 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-08-05 21:58 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-08-05 21:58 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-07-29 19:10 73,720 ----a-w C:\WINDOWS\system32\dxva2.dll
2008-07-29 19:10 493,048 ----a-w C:\WINDOWS\system32\evr.dll
2008-07-29 19:10 26,112 ----a-w C:\WINDOWS\system32\TsWpfWrp.exe
2008-07-29 18:35 326,160 ----a-w C:\WINDOWS\system32\PresentationHost.exe
2008-07-29 17:59 781,344 ----a-w C:\WINDOWS\system32\PresentationNative_v0300.dll
2008-07-29 17:59 43,544 ----a-w C:\WINDOWS\system32\PresentationHostProxy.dll
2008-07-29 17:59 161,296 ----a-w C:\WINDOWS\system32\UIAutomationCore.dll
2008-07-29 17:59 105,016 ----a-w C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2008-07-29 17:24 97,800 ----a-w C:\WINDOWS\system32\infocardapi.dll
2008-07-29 17:24 622,080 ----a-w C:\WINDOWS\system32\icardagt.exe
2008-07-29 17:24 11,264 ----a-w C:\WINDOWS\system32\icardres.dll
2008-07-25 09:16 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
2008-07-25 09:16 83,968 ----a-w C:\WINDOWS\system32\mscories.dll
2008-07-25 09:16 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
2008-07-25 09:16 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
2008-07-23 16:50 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-07-23 16:50 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-07-23 16:50 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-03-08 18:24 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2006-10-12 02:09 94,208 --sh--w C:\WINDOWS\system32\SalaatTime.dll
.
((((((((((((((((((((((((((((( snapshot@2008-10-14_20.25.17,15 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-09 17:39:44 248,632 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2008-10-14 21:12:16 250,928 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2008-08-14 13:23:44 2,147,328 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 13:23:50 2,068,096 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 13:23:44 2,025,984 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 13:23:50 2,191,232 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
+ 2006-10-27 13:07:36 17,891,112 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002119410000000000000000F01FEC\12.0.4518\EXCEL.EXE
+ 2006-10-27 13:04:08 497,504 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002119410000000000000000F01FEC\12.0.4518\MORPH9.DLL
+ 2006-10-27 13:26:40 16,870,712 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002119410000000000000000F01FEC\12.0.4518\MSO.DLL
+ 2006-10-27 13:04:10 9,581,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002119410000000000000000F01FEC\12.0.4518\MSPUB.EXE
+ 2006-10-27 13:18:36 1,658,152 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002119410000000000000000F01FEC\12.0.4518\OGL.DLL
+ 2006-10-27 13:04:06 465,200 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002119410000000000000000F01FEC\12.0.4518\POWERPNT.EXE
+ 2006-10-27 13:04:06 7,980,848 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002119410000000000000000F01FEC\12.0.4518\PPCORE.DLL
+ 2008-10-09 17:39:44 248,632 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002119410000000000000000F01FEC\12.0.4518\PPTPIA.DLL
+ 2006-10-26 18:09:36 136,008 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002119410000000000000000F01FEC\12.0.4518\PRTF9.DLL
+ 2006-10-27 13:04:06 624,456 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002119410000000000000000F01FEC\12.0.4518\PTXT9.DLL
+ 2006-10-26 18:09:44 590,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002119410000000000000000F01FEC\12.0.4518\PUBCONV.DLL
+ 2006-10-27 13:23:04 347,432 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002119410000000000000000F01FEC\12.0.4518\WINWORD.EXE
+ 2006-10-27 13:11:38 4,235,560 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002119410000000000000000F01FEC\12.0.4518\WRD12CNV.DLL
+ 2006-10-27 13:11:36 21,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002119410000000000000000F01FEC\12.0.4518\WRD12EXE.EXE
+ 2006-10-27 13:23:08 17,483,560 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002119410000000000000000F01FEC\12.0.4518\WWLIB.DLL
+ 2006-10-26 19:13:08 14,674,216 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002119410000000000000000F01FEC\12.0.4518\XL12CNV.EXE
+ 2006-10-26 19:17:08 11,072 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002119410000000000000000F01FEC\12.0.4518\XLCALL32.DLL
- 2008-10-09 18:38:10 1,165,584 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-10-15 05:10:56 1,165,584 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
- 2008-10-09 18:38:10 20,240 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-10-15 05:10:56 20,240 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-10-09 18:38:10 217,864 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
+ 2008-10-15 05:10:56 217,864 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
- 2008-10-09 18:38:10 18,704 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-10-15 05:10:56 18,704 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-10-09 18:38:10 35,088 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-10-15 05:10:56 35,088 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-10-09 18:38:10 845,584 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-10-15 05:10:56 845,584 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
- 2008-10-09 18:38:10 922,384 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-10-15 05:10:56 922,384 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
- 2008-10-09 18:38:10 272,648 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-10-15 05:10:56 272,648 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
- 2008-10-09 18:38:10 888,080 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-10-15 05:10:56 888,080 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-10-09 18:38:10 1,172,240 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-10-15 05:10:56 1,172,240 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-10-10 14:38:26 304,416 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-10-15 05:19:12 304,416 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2008-08-26 20:28:12 16,208,504 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-10-07 19:19:40 16,721,856 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-11-30 12:39:22 17,272 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 12:39:30 18,296 ------w C:\WINDOWS\system32\spmsg.dll
+ 2008-10-15 05:19:36 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_d8.dat
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SalaatTime"="C:\Program Files\Salaat Time\SalaatTime.exe" [2007-08-26 13443072]
"RayV"="C:\Program Files\RayV\RayV\RayV.exe" [2008-09-07 3708200]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-09-27 289088]
"ccleaner"="C:\Documents and Settings\MUSTAPHA\Bureau\CCleaner\CCleaner.exe" [2008-09-24 1279216]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OpenDNS Update"="C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe" [2008-10-09 281088]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
C:\Documents and Settings\MUSTAPHA\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]
C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]
C:\Documents and Settings\adelus\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]
C:\Documents and Settings\Invit‚\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]
C:\Documents and Settings\MERZA2\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]
C:\Documents and Settings\MUSTAPHA\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]
C:\Documents and Settings\MUSTAPHA\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-05-22 2756608]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"<NO NAME>"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Documents and Settings\\merza\\Bureau\\Dofus\\Dofus.exe"=
"C:\\Nostale(FR)\\Nostale.exe"=
"C:\\Program Files\\ASUS\\ASUS Live Update\\ALU.EXE"=
"C:\\Program Files\\RayV\\RayV\\RayV.exe"=
"C:\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\System32\\ZoneLabs\\vsmon.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\WINDOWS\System32\StkCSrv.exe [2007-04-18 24576]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-08-21 30208]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\WINDOWS\system32\Drivers\StkCMini.sys [2007-06-05 1260672]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-03-28 57024]
S3 CoachUsb;Coach Digital Camera on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-11-24 50976]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0480f980-8a24-11dd-93b8-001d60c57f04}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \info.exe o
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {857D4360-762B-978B-76AD-491AA719E47A} /qb
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-15 07:20:09
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM32\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM32\ACS.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\LIGHTSCRIBE\LSSRVC.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\PROGRAM FILES\TOSHIBA\BLUETOOTH TOSHIBA STACK\TOSBTSRV.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Heure de fin: 2008-10-15 7:24:33 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-15 05:24:22
ComboFix4.txt 2008-10-14 18:26:32
ComboFix3.txt 2008-10-14 19:14:10
ComboFix2.txt 2008-10-14 19:36:36
Avant-CF: 64 094 994 432 octets libres
Après-CF: 64,084,901,888 octets libres
422 --- E O F --- 2008-10-15 05:11:01
---> Relance MBAM, va dans Quarantaine et supprime tout.
--> Télécharge UsbFix (de Chiquitine29) sur ton Bureau :
http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe
--> Lance l'installation avec les paramètres par défaut.
--> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.
--> Double-clique sur le raccourci UsbFix sur ton Bureau.
--> Le PC va redémarrer.
--> Après redémarrage, poste le rapport UsbFix.txt
Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.
(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide)
--> Télécharge UsbFix (de Chiquitine29) sur ton Bureau :
http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe
--> Lance l'installation avec les paramètres par défaut.
--> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.
--> Double-clique sur le raccourci UsbFix sur ton Bureau.
--> Le PC va redémarrer.
--> Après redémarrage, poste le rapport UsbFix.txt
Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.
(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide)
------------- UsbFix V1.095 ---------------
* User : MUSTAPHA - NOM-7E0E7CF0633
* Outils mis a jours le 15/10/2008 par Chiquitine29
* Recherche effectuée à 17:48:29 le 15/10/2008
* Windows Xp - Internet Explorer 7.0.5730.13
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\DOCUME~1\MUSTAPHA\LOCALS~1\Temp\1.tmp\b2e.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\acs.exe
--------------- [ Informations lecteurs ] ----------------
C: - Lecteur fixe
D: - Lecteur fixe
G: - Lecteur amovible
--------------- [ Registre / Startup ] ----------------
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
OpenDNS Update REG_SZ "C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe"
ZoneAlarm Client REG_SZ "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
StartCCC REG_SZ c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
SalaatTime REG_SZ C:\Program Files\Salaat Time\SalaatTime.exe
RayV REG_SZ C:\Program Files\RayV\RayV\RayV.exe /background
BitTorrent DNA REG_SZ "C:\Program Files\DNA\btdna.exe"
ccleaner REG_SZ "C:\Documents and Settings\MUSTAPHA\Bureau\CCleaner\CCleaner.exe" /AUTO
MsnMsgr REG_SZ "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
--------------- [ Registre / Mountpoint2 ] ----------------
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0480f980-8a24-11dd-93b8-001d60c57f04}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-1394294494-3148761984-2392622359-1011\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0480f980-8a24-11dd-93b8-001d60c57f04}\Shell\AutoRun\command
--------------- [ Nettoyage des disques ] ----------------
--------------- ! Fin du rapport ! ----------------
Voila se scan etais trop rapide a mon gout donc je sais pas si j'ai bien fais se que tu ma dis
* User : MUSTAPHA - NOM-7E0E7CF0633
* Outils mis a jours le 15/10/2008 par Chiquitine29
* Recherche effectuée à 17:48:29 le 15/10/2008
* Windows Xp - Internet Explorer 7.0.5730.13
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\DOCUME~1\MUSTAPHA\LOCALS~1\Temp\1.tmp\b2e.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\acs.exe
--------------- [ Informations lecteurs ] ----------------
C: - Lecteur fixe
D: - Lecteur fixe
G: - Lecteur amovible
--------------- [ Registre / Startup ] ----------------
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
OpenDNS Update REG_SZ "C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe"
ZoneAlarm Client REG_SZ "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
StartCCC REG_SZ c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
SalaatTime REG_SZ C:\Program Files\Salaat Time\SalaatTime.exe
RayV REG_SZ C:\Program Files\RayV\RayV\RayV.exe /background
BitTorrent DNA REG_SZ "C:\Program Files\DNA\btdna.exe"
ccleaner REG_SZ "C:\Documents and Settings\MUSTAPHA\Bureau\CCleaner\CCleaner.exe" /AUTO
MsnMsgr REG_SZ "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
--------------- [ Registre / Mountpoint2 ] ----------------
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0480f980-8a24-11dd-93b8-001d60c57f04}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-1394294494-3148761984-2392622359-1011\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0480f980-8a24-11dd-93b8-001d60c57f04}\Shell\AutoRun\command
--------------- [ Nettoyage des disques ] ----------------
--------------- ! Fin du rapport ! ----------------
Voila se scan etais trop rapide a mon gout donc je sais pas si j'ai bien fais se que tu ma dis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:39:33, on 15/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkCSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\MUSTAPHA\Local Settings\Temporary Internet Files\Content.IE5\UUQIPD24\HiJackThis[1].exe
C:\WINDOWS\system32\NOTEPAD.EXE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: (no name) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {157B91D9-D643-403b-92FE-FB48DA68D6C4} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [OpenDNS Update] "C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [SalaatTime] C:\Program Files\Salaat Time\SalaatTime.exe
O4 - HKCU\..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Documents and Settings\MUSTAPHA\Bureau\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: CCC.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: CCC.lnk = ? (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ORDI
O17 - HKLM\Software\..\Telephony: DomainName = ORDI
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ORDI
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ORDI
O23 - Service: Service de configuration Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
Scan saved at 18:39:33, on 15/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkCSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\MUSTAPHA\Local Settings\Temporary Internet Files\Content.IE5\UUQIPD24\HiJackThis[1].exe
C:\WINDOWS\system32\NOTEPAD.EXE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: (no name) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {157B91D9-D643-403b-92FE-FB48DA68D6C4} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [OpenDNS Update] "C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [SalaatTime] C:\Program Files\Salaat Time\SalaatTime.exe
O4 - HKCU\..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Documents and Settings\MUSTAPHA\Bureau\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: CCC.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: CCC.lnk = ? (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ORDI
O17 - HKLM\Software\..\Telephony: DomainName = ORDI
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ORDI
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ORDI
O23 - Service: Service de configuration Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
---> Supprime les traces de Norton avec ceci :
ftp://ftp.symantec.com/public/francais/removal_tools/Norton_Removal_Tool.exe
---> Poste un nouveau rapport HijackThis.
ftp://ftp.symantec.com/public/francais/removal_tools/Norton_Removal_Tool.exe
---> Poste un nouveau rapport HijackThis.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:07:06, on 15/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkCSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Salaat Time\SalaatTime.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RayV\RayV\RayV.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Documents and Settings\MUSTAPHA\Bureau\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {157B91D9-D643-403b-92FE-FB48DA68D6C4} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [OpenDNS Update] "C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [SalaatTime] C:\Program Files\Salaat Time\SalaatTime.exe
O4 - HKCU\..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Documents and Settings\MUSTAPHA\Bureau\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: CCC.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: CCC.lnk = ? (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.asus.com/fr/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ORDI
O17 - HKLM\Software\..\Telephony: DomainName = ORDI
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ORDI
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ORDI
O23 - Service: Service de configuration Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
Scan saved at 19:07:06, on 15/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkCSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Salaat Time\SalaatTime.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RayV\RayV\RayV.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Documents and Settings\MUSTAPHA\Bureau\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {157B91D9-D643-403b-92FE-FB48DA68D6C4} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [OpenDNS Update] "C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [SalaatTime] C:\Program Files\Salaat Time\SalaatTime.exe
O4 - HKCU\..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Documents and Settings\MUSTAPHA\Bureau\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: CCC.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: CCC.lnk = ? (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.asus.com/fr/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ORDI
O17 - HKLM\Software\..\Telephony: DomainName = ORDI
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ORDI
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ORDI
O23 - Service: Service de configuration Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
---> Relance HijackThis et choisis Do a system scan only
---> Coche les cases qui sont devant les lignes suivantes :
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
O3 - Toolbar: (no name) - {157B91D9-D643-403b-92FE-FB48DA68D6C4} - (no file)
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
---> Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.
---> Redémarre ton PC et poste un dernier rapport HijackThis.
---> Coche les cases qui sont devant les lignes suivantes :
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
O3 - Toolbar: (no name) - {157B91D9-D643-403b-92FE-FB48DA68D6C4} - (no file)
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
---> Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.
---> Redémarre ton PC et poste un dernier rapport HijackThis.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:48:20, on 15/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkCSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Salaat Time\SalaatTime.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\RayV\RayV\RayV.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\MUSTAPHA\Bureau\HiJackThis.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [OpenDNS Update] "C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [SalaatTime] C:\Program Files\Salaat Time\SalaatTime.exe
O4 - HKCU\..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Documents and Settings\MUSTAPHA\Bureau\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - S-1-5-18 Startup: CCC.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: CCC.lnk = ? (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.asus.com/fr/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ORDI
O17 - HKLM\Software\..\Telephony: DomainName = ORDI
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ORDI
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ORDI
O23 - Service: Service de configuration Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
Scan saved at 19:48:20, on 15/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkCSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Salaat Time\SalaatTime.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\RayV\RayV\RayV.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\MUSTAPHA\Bureau\HiJackThis.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [OpenDNS Update] "C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [SalaatTime] C:\Program Files\Salaat Time\SalaatTime.exe
O4 - HKCU\..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Documents and Settings\MUSTAPHA\Bureau\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - S-1-5-18 Startup: CCC.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: CCC.lnk = ? (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.asus.com/fr/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ORDI
O17 - HKLM\Software\..\Telephony: DomainName = ORDI
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ORDI
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ORDI
O23 - Service: Service de configuration Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
Pour finir :
---> Désinstalle HijackThis et UsbFix.
---> Télécharge CCleaner (N'installe pas la Yahoo Toolbar) :
https://www.ccleaner.com/ccleaner/download
---> Lance-le. Va dans "Options" puis "Avancé", tu décoches la case "Effacer uniquement les fichiers etc...". Tu vas dans "Nettoyeur", tu fais "Analyse". Une fois terminé, tu lances le nettoyage. Puis tu vas dans "Registre", tu fais "Chercher des erreurs". Une fois terminé, tu répares toutes les erreurs sans sauvegarder la base de registre.
---> Télécharge Tools Cleaner sur ton Bureau :
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
* Clique sur Recherche et laisse le scan agir.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options facultatives.
* Clique sur Quitter pour obtenir le rapport.
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
---> Il est nécessaire de désactiver puis réactiver la restauration système pour la purger :
http://www.infos-du-net.com/forum/272480-11-desactiver-activer-restauration-systeme
---> Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème :
https://www.vulgarisation-informatique.com/creer-point-restauration.php
---> Antivir plus efficace qu'Avast.
---> Désinstalle HijackThis et UsbFix.
---> Télécharge CCleaner (N'installe pas la Yahoo Toolbar) :
https://www.ccleaner.com/ccleaner/download
---> Lance-le. Va dans "Options" puis "Avancé", tu décoches la case "Effacer uniquement les fichiers etc...". Tu vas dans "Nettoyeur", tu fais "Analyse". Une fois terminé, tu lances le nettoyage. Puis tu vas dans "Registre", tu fais "Chercher des erreurs". Une fois terminé, tu répares toutes les erreurs sans sauvegarder la base de registre.
---> Télécharge Tools Cleaner sur ton Bureau :
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
* Clique sur Recherche et laisse le scan agir.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options facultatives.
* Clique sur Quitter pour obtenir le rapport.
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
---> Il est nécessaire de désactiver puis réactiver la restauration système pour la purger :
http://www.infos-du-net.com/forum/272480-11-desactiver-activer-restauration-systeme
---> Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème :
https://www.vulgarisation-informatique.com/creer-point-restauration.php
---> Antivir plus efficace qu'Avast.
