Icones et barre des tachent clignotent
Fermé
fabinou40
Messages postés
13
Date d'inscription
lundi 13 octobre 2008
Statut
Membre
Dernière intervention
13 octobre 2008
-
13 oct. 2008 à 10:03
Utilisateur anonyme - 13 oct. 2008 à 14:09
Utilisateur anonyme - 13 oct. 2008 à 14:09
A voir également:
- Icones et barre des tachent clignotent
- Windows 11 barre des taches a gauche - Guide
- Comment remettre la barre des tâches à la normale ? - Guide
- Barre verticale mac - Forum MacOS
- Barré whatsapp - Guide
- Egal barré - Forum Clavier
22 réponses
Utilisateur anonyme
13 oct. 2008 à 10:32
13 oct. 2008 à 10:32
"Le plupart des logiciel ne sont plus exécutables."
As-tu un message d'erreur ? du genre "l'application **** n'est pas une application Win32 valide" ?
-Télécharge HiJackThis de Merijn sur ton bureau.
-Renomme-le par exemple en heaven.exe pour contrer une infection Vundo
- Double-clic sur Heaven.exe
- Génère un rapport en suivant ces indications :
- Exécute le et clique sur Do a scan and save log file.
- Le rapport s'ouvre sur le Bloc-Note
- Colle le rapport ici, pour cela :
- Menu Edition / Selectionner Tout
- Menu Edition / copier
- Ici dans un nouveau message : clic droit / coller
Aide :N'hésite pas à consulter l'aide HiJackThisl
As-tu un message d'erreur ? du genre "l'application **** n'est pas une application Win32 valide" ?
-Télécharge HiJackThis de Merijn sur ton bureau.
-Renomme-le par exemple en heaven.exe pour contrer une infection Vundo
- Double-clic sur Heaven.exe
- Génère un rapport en suivant ces indications :
- Exécute le et clique sur Do a scan and save log file.
- Le rapport s'ouvre sur le Bloc-Note
- Colle le rapport ici, pour cela :
- Menu Edition / Selectionner Tout
- Menu Edition / copier
- Ici dans un nouveau message : clic droit / coller
Aide :N'hésite pas à consulter l'aide HiJackThisl
sherred
Messages postés
8346
Date d'inscription
samedi 26 janvier 2008
Statut
Membre
Dernière intervention
25 mars 2024
350
13 oct. 2008 à 10:34
13 oct. 2008 à 10:34
et bien on va commencer par le debut
1er télechargez hijackthis
https://www.clubic.com/telecharger-fiche17891-hijackthis.html
Lancez HijackThis en double cliquant sur son icône puis cliquez sur le bouton "Do a system scan only"
Le rapport est retranscrit aussitôt apres le scan dans une fenêtre de type Bloc-notes
il vous suffit de realiser un copier/coller et de le poster dans le forum
2eme telechargez malwarebytes
http://ftpclubic22.clubic.com/...
aprés mise a jour faite un scan (de preference redemarrer sans echec pour faire le scan ) supprimez ce qu'il trouve et copier /coller les resultats
3eme attendre nos reponses sur la suite de la procedure
1er télechargez hijackthis
https://www.clubic.com/telecharger-fiche17891-hijackthis.html
Lancez HijackThis en double cliquant sur son icône puis cliquez sur le bouton "Do a system scan only"
Le rapport est retranscrit aussitôt apres le scan dans une fenêtre de type Bloc-notes
il vous suffit de realiser un copier/coller et de le poster dans le forum
2eme telechargez malwarebytes
http://ftpclubic22.clubic.com/...
aprés mise a jour faite un scan (de preference redemarrer sans echec pour faire le scan ) supprimez ce qu'il trouve et copier /coller les resultats
3eme attendre nos reponses sur la suite de la procedure
fabinou40
Messages postés
13
Date d'inscription
lundi 13 octobre 2008
Statut
Membre
Dernière intervention
13 octobre 2008
13 oct. 2008 à 10:52
13 oct. 2008 à 10:52
voici le résultat après avoir scanner avec Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:47:08, on 13/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe
C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe
C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe
C:\WINDOWS\explorer.exe
K:\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [flockbox] D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe /a
O4 - HKLM\..\Run: [Getca] C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Arovax AntiSpyware] C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe /s
O4 - HKCU\..\Policies\Explorer\Run: [pg32.exe] C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {1663B0BC-2CCE-4227-99BB-6E8B34FAC9E4} (COPPDetector Control) - https://drm.bittorrent.com/toaster/activex/COPPDetector.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Belkin 54Mbps Wireless USB Network Service (Belkin 54Mbps Wireless USB) - Unknown owner - C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SPM License Server (spmd) - mental images GmbH - C:\WINDOWS\system32\spm\spmdib.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:47:08, on 13/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe
C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe
C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe
C:\WINDOWS\explorer.exe
K:\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [flockbox] D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe /a
O4 - HKLM\..\Run: [Getca] C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Arovax AntiSpyware] C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe /s
O4 - HKCU\..\Policies\Explorer\Run: [pg32.exe] C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {1663B0BC-2CCE-4227-99BB-6E8B34FAC9E4} (COPPDetector Control) - https://drm.bittorrent.com/toaster/activex/COPPDetector.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Belkin 54Mbps Wireless USB Network Service (Belkin 54Mbps Wireless USB) - Unknown owner - C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SPM License Server (spmd) - mental images GmbH - C:\WINDOWS\system32\spm\spmdib.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Utilisateur anonyme
13 oct. 2008 à 11:04
13 oct. 2008 à 11:04
-Telecharge MBAM--> http://www.malwarebytes.org/mbam/program/mbam-setup.exe
-Mets-le a jour
-Execute un scan complet en mode sans echec
-Supprime tout ce qu'il te trouve (liste en rouge) en cochant de vant les infections et en cliquant sur "supprimer la selection"
-Poste le rapport
NOTE : Le scan peut durer plusieurs heures selon l'espace occupé !
-Mets-le a jour
-Execute un scan complet en mode sans echec
-Supprime tout ce qu'il te trouve (liste en rouge) en cochant de vant les infections et en cliquant sur "supprimer la selection"
-Poste le rapport
NOTE : Le scan peut durer plusieurs heures selon l'espace occupé !
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
fabinou40
Messages postés
13
Date d'inscription
lundi 13 octobre 2008
Statut
Membre
Dernière intervention
13 octobre 2008
13 oct. 2008 à 11:46
13 oct. 2008 à 11:46
bonjour,
le scan avec mbam a donné ceci :
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1134
Windows 5.1.2600 Service Pack 3
13/10/2008 11:44:56
mbam-log-2008-10-13 (11-44-56).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 244015
Temps écoulé: 21 minute(s), 42 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\opnOIcbb.dll (Trojan.Vundo.H) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{abd03ce4-8057-45d3-8fa8-98e9d2aca394} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{abd03ce4-8057-45d3-8fa8-98e9d2aca394} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0ecc7d05-c233-4723-9c21-5b2b8b4da993} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4bd7956-7aee-4814-8326-74a3e11c68d9} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\opnoicbb -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\opnoicbb -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\opnOIcbb.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\bbcIOnpo.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bbcIOnpo.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
bien à vous
le scan avec mbam a donné ceci :
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1134
Windows 5.1.2600 Service Pack 3
13/10/2008 11:44:56
mbam-log-2008-10-13 (11-44-56).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 244015
Temps écoulé: 21 minute(s), 42 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\opnOIcbb.dll (Trojan.Vundo.H) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{abd03ce4-8057-45d3-8fa8-98e9d2aca394} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{abd03ce4-8057-45d3-8fa8-98e9d2aca394} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0ecc7d05-c233-4723-9c21-5b2b8b4da993} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4bd7956-7aee-4814-8326-74a3e11c68d9} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\opnoicbb -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\opnoicbb -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\opnOIcbb.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\bbcIOnpo.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bbcIOnpo.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
bien à vous
fabinou40
Messages postés
13
Date d'inscription
lundi 13 octobre 2008
Statut
Membre
Dernière intervention
13 octobre 2008
13 oct. 2008 à 11:46
13 oct. 2008 à 11:46
bonjour,
le scan avec mbam a donné ceci :
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1134
Windows 5.1.2600 Service Pack 3
13/10/2008 11:44:56
mbam-log-2008-10-13 (11-44-56).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 244015
Temps écoulé: 21 minute(s), 42 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\opnOIcbb.dll (Trojan.Vundo.H) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{abd03ce4-8057-45d3-8fa8-98e9d2aca394} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{abd03ce4-8057-45d3-8fa8-98e9d2aca394} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0ecc7d05-c233-4723-9c21-5b2b8b4da993} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4bd7956-7aee-4814-8326-74a3e11c68d9} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\opnoicbb -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\opnoicbb -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\opnOIcbb.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\bbcIOnpo.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bbcIOnpo.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
bien à vous
le scan avec mbam a donné ceci :
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1134
Windows 5.1.2600 Service Pack 3
13/10/2008 11:44:56
mbam-log-2008-10-13 (11-44-56).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 244015
Temps écoulé: 21 minute(s), 42 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\opnOIcbb.dll (Trojan.Vundo.H) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{abd03ce4-8057-45d3-8fa8-98e9d2aca394} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{abd03ce4-8057-45d3-8fa8-98e9d2aca394} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0ecc7d05-c233-4723-9c21-5b2b8b4da993} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4bd7956-7aee-4814-8326-74a3e11c68d9} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\opnoicbb -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\opnoicbb -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\opnOIcbb.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\bbcIOnpo.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bbcIOnpo.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
bien à vous
Utilisateur anonyme
13 oct. 2008 à 11:52
13 oct. 2008 à 11:52
Désactive les logiciels de protection (Antivirus, Antispywares) puis :
-Télécharge Combofix sUBs : combofix.exel
et sauvegarde le sur ton bureau et pas ailleurs!
-Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.
-Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
-Copie/colle un nouveau rapport HiJackThis avec.
-Télécharge Combofix sUBs : combofix.exel
et sauvegarde le sur ton bureau et pas ailleurs!
-Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.
-Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
-Copie/colle un nouveau rapport HiJackThis avec.
fabinou40
Messages postés
13
Date d'inscription
lundi 13 octobre 2008
Statut
Membre
Dernière intervention
13 octobre 2008
13 oct. 2008 à 12:17
13 oct. 2008 à 12:17
rapport de combofix :
ComboFix 08-10-11.04 - Fabian 2008-10-13 12:05:30.2 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.268 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Fabian\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Temp\abW9
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\rMa05yy
C:\WINDOWS\system32\rMa18yy
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Legacy_NPF
-------\Service_Boonty Games
-------\Service_NPF
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-13 au 2008-10-13 ))))))))))))))))))))))))))))))))))))
.
2101-04-29 16:27 . 2007-11-24 13:31 3,120 --a------ C:\WINDOWS\MF_C421.lfa
2101-04-29 16:27 . 2007-11-24 13:31 3,120 --a------ C:\WINDOWS\MF_C420.lfa
2008-10-13 10:55 . 2008-10-13 10:55 <REP> d-------- C:\WINDOWS\options
2008-10-13 10:05 . 2008-10-13 10:05 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-10-13 10:04 . 2003-10-13 15:30 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2008-10-13 10:04 . 2004-04-30 15:12 40,960 --a------ C:\WINDOWS\system32\B11gUSB.dll
2008-10-13 10:04 . 2003-09-25 23:28 31,930 --a------ C:\WINDOWS\system32\GTNDIS3.VXD
2008-10-13 10:04 . 2003-09-25 22:15 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys
2008-10-13 09:10 . 2008-10-13 09:10 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-10-13 08:34 . 2008-10-13 08:34 <REP> d-------- C:\Program Files\Yahoo!
2008-10-13 08:34 . 2008-10-13 08:34 <REP> d-------- C:\Program Files\Arovax AntiSpyware
2008-10-13 08:20 . 2008-10-13 09:26 1,606 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-13 08:00 . 2008-10-13 08:00 <REP> d-------- C:\Program Files\CCleaner
2008-10-12 21:44 . 2008-10-12 21:45 0 --a------ C:\WINDOWS\system32\atiicdxx.dat
2008-10-12 20:33 . 2008-10-12 20:33 0 --a------ C:\WINDOWS\system32\drivers\uhfepyd.sys
2008-10-12 20:30 . 2008-10-12 20:30 <REP> d-------- C:\Documents and Settings\julien.ACER-5C89C15659\Application Data\Malwarebytes
2008-10-12 20:17 . 2008-10-12 20:17 <REP> d-------- C:\!KillBox
2008-10-12 20:09 . 2008-10-12 20:09 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Spyware Terminator
2008-10-10 14:48 . 2008-10-10 14:48 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-10 14:48 . 2008-10-10 14:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-10 14:48 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-10 14:48 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-10 14:44 . 2008-10-10 14:44 <REP> d--hs---- C:\FOUND.006
2008-10-10 13:46 . 2008-10-10 13:46 <REP> d--hs---- C:\FOUND.005
2008-10-10 13:35 . 2008-10-10 13:49 346 --ahs---- C:\WINDOWS\system32\waGilnnn.ini
2008-10-10 13:16 . 2008-10-10 13:16 <REP> d-------- C:\Program Files\Exterminate It!
2008-10-10 12:15 . 2008-10-10 12:15 <REP> d-------- C:\Program Files\Spyware Doctor
2008-10-10 12:15 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-10-10 12:15 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-10-10 12:15 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-10-10 12:15 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-10-10 12:11 . 2008-10-10 12:11 <REP> d-------- C:\Program Files\Enigma Software Group
2008-10-10 08:56 . 2008-10-10 08:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-10-09 16:02 . 2008-10-09 16:02 42 --a------ C:\WINDOWS\system32\RegistryEasy.lie
2008-10-09 15:56 . 2008-10-09 15:56 <REP> d-------- C:\Program Files\Registry Easy
2008-10-09 15:21 . 2008-10-09 15:21 <REP> d--hs---- C:\Documents and Settings\Fabian\PrivacIE
2008-10-09 15:14 . 2008-04-14 04:33 81,920 --a------ C:\WINDOWS\system32\ieencode.dll
2008-10-09 08:16 . 2008-10-09 08:16 <REP> d--hs---- C:\FOUND.004
2008-10-09 07:59 . 2008-10-09 07:59 <REP> d-------- C:\Program Files\Common Files
2008-10-08 15:05 . 2008-10-08 15:05 <REP> d-------- C:\Program Files\Rockstar Games
2008-10-08 14:49 . 2008-10-08 14:49 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2008-10-03 10:44 . 2008-10-03 10:44 <REP> d-------- C:\Documents and Settings\Fabian\Tracing
2008-10-03 10:39 . 2008-10-03 10:39 <REP> d-------- C:\Program Files\Microsoft
2008-10-03 10:33 . 2008-10-03 10:33 <REP> d-------- C:\Program Files\Fichiers communs\Windows Live
2008-10-01 09:46 . 2008-10-01 09:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-10-01 09:31 . 2008-10-01 09:31 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-10-01 07:43 . 2008-10-01 07:43 <REP> d--hs---- C:\FOUND.003
2008-09-29 15:00 . 2008-09-29 15:00 <REP> d--hs---- C:\FOUND.002
2008-09-24 15:48 . 2008-09-24 15:48 <REP> d--hs---- C:\FOUND.001
2008-09-19 08:02 . 2003-11-20 15:28 651,264 --a------ C:\WINDOWS\system32\libeay32.dll
2008-09-19 08:02 . 2003-11-20 15:28 507,904 --a------ C:\WINDOWS\system32\AegisE5.dll
2008-09-19 08:02 . 2003-11-20 15:28 147,456 --a------ C:\WINDOWS\system32\ssleay32.dll
2008-09-19 08:02 . 2003-11-20 15:28 15,781 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys
2008-09-16 08:15 . 2008-09-16 08:16 <REP> d-------- C:\Program Files\PIXELA
2008-09-16 08:15 . 2002-04-07 13:26 106,496 --a------ C:\WINDOWS\system32\FPXS2Pro.dll
2008-09-16 08:14 . 2008-09-16 08:14 <REP> d-------- C:\Program Files\REGSHAVE
2008-09-16 08:14 . 2001-11-25 13:11 81,924 --------- C:\WINDOWS\system32\drivers\VC4CB104.SYS
2008-09-16 08:14 . 2002-02-27 13:27 65,536 --------- C:\WINDOWS\system32\FINFCHECK.dll
2008-09-16 08:14 . 2002-06-25 10:06 45,056 --------- C:\WINDOWS\system32\FINFCOPY.dll
2008-09-16 08:11 . 2002-02-05 18:33 69,632 --------- C:\WINDOWS\system32\FREGSHEX.DLL
2008-09-16 08:11 . 2002-02-13 12:00 45,056 --------- C:\WINDOWS\system32\FCLKBTN.DLL
2008-09-16 07:47 . 2004-08-05 05:00 149,376 --a------ C:\WINDOWS\system32\drivers\tffsport.sys
2008-09-16 07:47 . 2004-08-05 05:00 149,376 --a------ C:\WINDOWS\system32\dllcache\tffsport.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-29 06:13 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-09-11 07:26 --------- d-----w C:\Program Files\Photo to Sketch Pro
2008-09-11 07:18 --------- d-----w C:\Program Files\Photo To Sketch
2008-09-09 10:22 --------- d-----w C:\Program Files\Easy Mosaic
2008-09-09 06:55 --------- d-----w C:\Program Files\WinZip Self-Extractor
2008-09-08 22:03 51,712 ----a-w C:\WINDOWS\system32\sirenacm.dll
2008-09-05 14:04 288,768 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-09-04 06:16 --------- d-----w C:\Program Files\AxBx
2008-08-29 15:13 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-08-29 15:04 --------- d-----w C:\Program Files\Sega
2008-08-29 09:00 141,312 ----a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-08-25 13:26 --------- d-----w C:\Program Files\StofWare
2008-08-25 09:13 2,946,544 ----a-w C:\Documents and Settings\Fabian\setup.exe
2008-08-22 13:02 --------- d-----w C:\Program Files\Elaborate Bytes
2008-08-19 14:58 45,056 ----a-w C:\WINDOWS\system32\UninstallBeetle.exe
2008-08-05 15:55 265,720 ----a-w C:\WINDOWS\system32\msdbg2.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2007-12-31 16:10 15,397 ----a-w C:\Program Files\settings.dat
2005-02-16 09:06 218,112 ----a-w C:\Documents and Settings\Fabian\scanner.exe
2005-02-15 09:16 290,304 ----a-w C:\Program Files\UPHClean-Setup.msi
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
2008-08-21 15:15 94736 --a------ C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"= "C:\Program Files\Windows Live\Toolbar\wltcore.dll" [2008-09-02 953360]
[HKEY_CLASSES_ROOT\clsid\{21fa44ef-376d-4d53-9b0f-8a89d3229068}]
[HKEY_CLASSES_ROOT\TypeLib\{182E05A4-F4FF-4F73-8C84-D36B87D915AF}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Arovax AntiSpyware"="C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe" [2007-09-21 1966080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-10-07 131072]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-05-05 1817600]
"flockbox"="D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe" [2007-12-14 1071472]
[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"pg32.exe"="C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe" [2008-10-08 84992]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCPL"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoNetSetup"= 0 (0x0)
"NoNetSetupIDPage"= 0 (0x0)
"NoNetSetupSecurityPage"= 0 (0x0)
"NoWorkgroupContents"= 0 (0x0)
"NoEntireNetwork"= 0 (0x0)
"NoFileSharingControl"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoInstrumentation"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoUserNameInStartMenu"= 1 (0x1)
"NoInstrumentation"= 0 (0x0)
"NoStartMenuPinnedList"= 0 (0x0)
"ForceStartMenuLogoff"= 0 (0x0)
"RestrictRun"= 0 (0x0)
"NoCommonGroups"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoThumbnailCache"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 0 (0x0)
"NoClose"= 0 (0x0)
"NoSetFolders"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"msvideo7"= STV680tg.dll
"vidc.yv12"= yv12vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Belkin Wireless USB Utility.lnk]
backup=C:\WINDOWS\pss\Belkin Wireless USB Utility.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Antivirus Pro
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-10-02 14:45 67488 C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2008-07-18 10:21 268672 C:\Program Files\Alcohol Soft\Alcohol 120\AxCmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
--a------ 2001-12-06 14:09 45056 C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 14:07 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-08-08 22:08 413696 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Boonty Games"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\System32\\dpnsvr.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Sega\\OutRun2006 Coast 2 Coast\\OR2006C2C.EXE"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:TCP"= 6346:TCP:Shereaza
"6346:UDP"= 6346:UDP:shareaza
"4242:TCP"= 4242:TCP:4242
"4242:UDP"= 4242:UDP:4242
"86:TCP"= 86:TCP:BroadCam Web Server
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 MPRIFL;MPRIFL;C:\WINDOWS\system32\DRIVERS\MPRIFL.SYS [2007-12-13 17264]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2005-02-11 16640]
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
R0 tffsport;M-Systems DiskOnChip 2000;C:\WINDOWS\system32\DRIVERS\tffsport.sys [2004-08-05 149376]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-08-29 141312]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-10-02 124832]
R2 Dnscache;Client DNS;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S1 d06264f0;d06264f0;C:\WINDOWS\system32\drivers\d06264f0.sys [ ]
S2 Belkin 54Mbps Wireless USB;Belkin 54Mbps Wireless USB Network Service;C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe [ ]
S3 AmeAtmPc;AmeAtmPc;C:\WINDOWS\system32\DRIVERS\AmeAtmPc.sys [2002-12-17 118391]
S3 AtmElan;Réseau émulant ATM;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2008-04-13 55808]
S3 AtmLane;Émulation réseau ATM;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2008-04-13 55808]
S3 camfilt2;camfilt2;C:\WINDOWS\system32\DRIVERS\camfilt2.sys [ ]
S3 int15.sys;int15.sys;C:\Program Files\acer\eRecovery\int15.sys [2005-01-13 69632]
S3 msloop;Pilote de carte de bouclage Microsoft;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 4992]
S3 XDva120;XDva120;C:\WINDOWS\system32\XDva120.sys [ ]
.
Contenu du dossier 'Tâches planifiées'
2008-10-09 C:\WINDOWS\Tasks\Schedule Task Weekly.job
- C:\Program Files\Registry Easy\RE.exe [2008-09-23 16:30]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{320E933A-03B1-423F-8A3E-10EA29EC5EA4} - (no file)
BHO-{4EC7AF3E-0521-4CAD-A677-BD12B42EDBAA} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-Getca - C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe
ShellExecuteHooks-{EA5FB64B-1CA5-4939-A93A-9E76234B0A67} - (no file)
Notify-dimsntfy - (no file)
Notify-xxywVlJB - (no file)
MSConfigStartUp-Getca - C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Fabian\Application Data\Mozilla\Firefox\Profiles\ko4nh5rh.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-13 12:11:39
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Heure de fin: 2008-10-13 12:13:19 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-13 10:13:18
ComboFix2.txt 2007-11-30 11:44:06
Avant-CF: 18.508.382.208 octets libres
Après-CF: 20,047,855,616 octets libres
295 --- E O F --- 2008-10-10 06:00:10
rapport de Hujackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:58, on 13/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe
C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
K:\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [flockbox] D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe /a
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Arovax AntiSpyware] C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe /s
O4 - HKCU\..\Policies\Explorer\Run: [pg32.exe] C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {1663B0BC-2CCE-4227-99BB-6E8B34FAC9E4} (COPPDetector Control) - https://drm.bittorrent.com/toaster/activex/COPPDetector.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Belkin 54Mbps Wireless USB Network Service (Belkin 54Mbps Wireless USB) - Unknown owner - C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe (file missing)
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SPM License Server (spmd) - mental images GmbH - C:\WINDOWS\system32\spm\spmdib.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
ComboFix 08-10-11.04 - Fabian 2008-10-13 12:05:30.2 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.268 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Fabian\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Temp\abW9
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\rMa05yy
C:\WINDOWS\system32\rMa18yy
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Legacy_NPF
-------\Service_Boonty Games
-------\Service_NPF
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-13 au 2008-10-13 ))))))))))))))))))))))))))))))))))))
.
2101-04-29 16:27 . 2007-11-24 13:31 3,120 --a------ C:\WINDOWS\MF_C421.lfa
2101-04-29 16:27 . 2007-11-24 13:31 3,120 --a------ C:\WINDOWS\MF_C420.lfa
2008-10-13 10:55 . 2008-10-13 10:55 <REP> d-------- C:\WINDOWS\options
2008-10-13 10:05 . 2008-10-13 10:05 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-10-13 10:04 . 2003-10-13 15:30 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2008-10-13 10:04 . 2004-04-30 15:12 40,960 --a------ C:\WINDOWS\system32\B11gUSB.dll
2008-10-13 10:04 . 2003-09-25 23:28 31,930 --a------ C:\WINDOWS\system32\GTNDIS3.VXD
2008-10-13 10:04 . 2003-09-25 22:15 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys
2008-10-13 09:10 . 2008-10-13 09:10 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-10-13 08:34 . 2008-10-13 08:34 <REP> d-------- C:\Program Files\Yahoo!
2008-10-13 08:34 . 2008-10-13 08:34 <REP> d-------- C:\Program Files\Arovax AntiSpyware
2008-10-13 08:20 . 2008-10-13 09:26 1,606 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-13 08:00 . 2008-10-13 08:00 <REP> d-------- C:\Program Files\CCleaner
2008-10-12 21:44 . 2008-10-12 21:45 0 --a------ C:\WINDOWS\system32\atiicdxx.dat
2008-10-12 20:33 . 2008-10-12 20:33 0 --a------ C:\WINDOWS\system32\drivers\uhfepyd.sys
2008-10-12 20:30 . 2008-10-12 20:30 <REP> d-------- C:\Documents and Settings\julien.ACER-5C89C15659\Application Data\Malwarebytes
2008-10-12 20:17 . 2008-10-12 20:17 <REP> d-------- C:\!KillBox
2008-10-12 20:09 . 2008-10-12 20:09 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Spyware Terminator
2008-10-10 14:48 . 2008-10-10 14:48 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-10 14:48 . 2008-10-10 14:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-10 14:48 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-10 14:48 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-10 14:44 . 2008-10-10 14:44 <REP> d--hs---- C:\FOUND.006
2008-10-10 13:46 . 2008-10-10 13:46 <REP> d--hs---- C:\FOUND.005
2008-10-10 13:35 . 2008-10-10 13:49 346 --ahs---- C:\WINDOWS\system32\waGilnnn.ini
2008-10-10 13:16 . 2008-10-10 13:16 <REP> d-------- C:\Program Files\Exterminate It!
2008-10-10 12:15 . 2008-10-10 12:15 <REP> d-------- C:\Program Files\Spyware Doctor
2008-10-10 12:15 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-10-10 12:15 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-10-10 12:15 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-10-10 12:15 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-10-10 12:11 . 2008-10-10 12:11 <REP> d-------- C:\Program Files\Enigma Software Group
2008-10-10 08:56 . 2008-10-10 08:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-10-09 16:02 . 2008-10-09 16:02 42 --a------ C:\WINDOWS\system32\RegistryEasy.lie
2008-10-09 15:56 . 2008-10-09 15:56 <REP> d-------- C:\Program Files\Registry Easy
2008-10-09 15:21 . 2008-10-09 15:21 <REP> d--hs---- C:\Documents and Settings\Fabian\PrivacIE
2008-10-09 15:14 . 2008-04-14 04:33 81,920 --a------ C:\WINDOWS\system32\ieencode.dll
2008-10-09 08:16 . 2008-10-09 08:16 <REP> d--hs---- C:\FOUND.004
2008-10-09 07:59 . 2008-10-09 07:59 <REP> d-------- C:\Program Files\Common Files
2008-10-08 15:05 . 2008-10-08 15:05 <REP> d-------- C:\Program Files\Rockstar Games
2008-10-08 14:49 . 2008-10-08 14:49 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2008-10-03 10:44 . 2008-10-03 10:44 <REP> d-------- C:\Documents and Settings\Fabian\Tracing
2008-10-03 10:39 . 2008-10-03 10:39 <REP> d-------- C:\Program Files\Microsoft
2008-10-03 10:33 . 2008-10-03 10:33 <REP> d-------- C:\Program Files\Fichiers communs\Windows Live
2008-10-01 09:46 . 2008-10-01 09:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-10-01 09:31 . 2008-10-01 09:31 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-10-01 07:43 . 2008-10-01 07:43 <REP> d--hs---- C:\FOUND.003
2008-09-29 15:00 . 2008-09-29 15:00 <REP> d--hs---- C:\FOUND.002
2008-09-24 15:48 . 2008-09-24 15:48 <REP> d--hs---- C:\FOUND.001
2008-09-19 08:02 . 2003-11-20 15:28 651,264 --a------ C:\WINDOWS\system32\libeay32.dll
2008-09-19 08:02 . 2003-11-20 15:28 507,904 --a------ C:\WINDOWS\system32\AegisE5.dll
2008-09-19 08:02 . 2003-11-20 15:28 147,456 --a------ C:\WINDOWS\system32\ssleay32.dll
2008-09-19 08:02 . 2003-11-20 15:28 15,781 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys
2008-09-16 08:15 . 2008-09-16 08:16 <REP> d-------- C:\Program Files\PIXELA
2008-09-16 08:15 . 2002-04-07 13:26 106,496 --a------ C:\WINDOWS\system32\FPXS2Pro.dll
2008-09-16 08:14 . 2008-09-16 08:14 <REP> d-------- C:\Program Files\REGSHAVE
2008-09-16 08:14 . 2001-11-25 13:11 81,924 --------- C:\WINDOWS\system32\drivers\VC4CB104.SYS
2008-09-16 08:14 . 2002-02-27 13:27 65,536 --------- C:\WINDOWS\system32\FINFCHECK.dll
2008-09-16 08:14 . 2002-06-25 10:06 45,056 --------- C:\WINDOWS\system32\FINFCOPY.dll
2008-09-16 08:11 . 2002-02-05 18:33 69,632 --------- C:\WINDOWS\system32\FREGSHEX.DLL
2008-09-16 08:11 . 2002-02-13 12:00 45,056 --------- C:\WINDOWS\system32\FCLKBTN.DLL
2008-09-16 07:47 . 2004-08-05 05:00 149,376 --a------ C:\WINDOWS\system32\drivers\tffsport.sys
2008-09-16 07:47 . 2004-08-05 05:00 149,376 --a------ C:\WINDOWS\system32\dllcache\tffsport.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-29 06:13 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-09-11 07:26 --------- d-----w C:\Program Files\Photo to Sketch Pro
2008-09-11 07:18 --------- d-----w C:\Program Files\Photo To Sketch
2008-09-09 10:22 --------- d-----w C:\Program Files\Easy Mosaic
2008-09-09 06:55 --------- d-----w C:\Program Files\WinZip Self-Extractor
2008-09-08 22:03 51,712 ----a-w C:\WINDOWS\system32\sirenacm.dll
2008-09-05 14:04 288,768 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-09-04 06:16 --------- d-----w C:\Program Files\AxBx
2008-08-29 15:13 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-08-29 15:04 --------- d-----w C:\Program Files\Sega
2008-08-29 09:00 141,312 ----a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-08-25 13:26 --------- d-----w C:\Program Files\StofWare
2008-08-25 09:13 2,946,544 ----a-w C:\Documents and Settings\Fabian\setup.exe
2008-08-22 13:02 --------- d-----w C:\Program Files\Elaborate Bytes
2008-08-19 14:58 45,056 ----a-w C:\WINDOWS\system32\UninstallBeetle.exe
2008-08-05 15:55 265,720 ----a-w C:\WINDOWS\system32\msdbg2.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2007-12-31 16:10 15,397 ----a-w C:\Program Files\settings.dat
2005-02-16 09:06 218,112 ----a-w C:\Documents and Settings\Fabian\scanner.exe
2005-02-15 09:16 290,304 ----a-w C:\Program Files\UPHClean-Setup.msi
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
2008-08-21 15:15 94736 --a------ C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"= "C:\Program Files\Windows Live\Toolbar\wltcore.dll" [2008-09-02 953360]
[HKEY_CLASSES_ROOT\clsid\{21fa44ef-376d-4d53-9b0f-8a89d3229068}]
[HKEY_CLASSES_ROOT\TypeLib\{182E05A4-F4FF-4F73-8C84-D36B87D915AF}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Arovax AntiSpyware"="C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe" [2007-09-21 1966080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-10-07 131072]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-05-05 1817600]
"flockbox"="D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe" [2007-12-14 1071472]
[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"pg32.exe"="C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe" [2008-10-08 84992]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCPL"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoNetSetup"= 0 (0x0)
"NoNetSetupIDPage"= 0 (0x0)
"NoNetSetupSecurityPage"= 0 (0x0)
"NoWorkgroupContents"= 0 (0x0)
"NoEntireNetwork"= 0 (0x0)
"NoFileSharingControl"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoInstrumentation"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoUserNameInStartMenu"= 1 (0x1)
"NoInstrumentation"= 0 (0x0)
"NoStartMenuPinnedList"= 0 (0x0)
"ForceStartMenuLogoff"= 0 (0x0)
"RestrictRun"= 0 (0x0)
"NoCommonGroups"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoThumbnailCache"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 0 (0x0)
"NoClose"= 0 (0x0)
"NoSetFolders"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"msvideo7"= STV680tg.dll
"vidc.yv12"= yv12vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Belkin Wireless USB Utility.lnk]
backup=C:\WINDOWS\pss\Belkin Wireless USB Utility.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Antivirus Pro
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-10-02 14:45 67488 C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2008-07-18 10:21 268672 C:\Program Files\Alcohol Soft\Alcohol 120\AxCmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
--a------ 2001-12-06 14:09 45056 C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 14:07 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-08-08 22:08 413696 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Boonty Games"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\System32\\dpnsvr.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Sega\\OutRun2006 Coast 2 Coast\\OR2006C2C.EXE"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:TCP"= 6346:TCP:Shereaza
"6346:UDP"= 6346:UDP:shareaza
"4242:TCP"= 4242:TCP:4242
"4242:UDP"= 4242:UDP:4242
"86:TCP"= 86:TCP:BroadCam Web Server
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 MPRIFL;MPRIFL;C:\WINDOWS\system32\DRIVERS\MPRIFL.SYS [2007-12-13 17264]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2005-02-11 16640]
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
R0 tffsport;M-Systems DiskOnChip 2000;C:\WINDOWS\system32\DRIVERS\tffsport.sys [2004-08-05 149376]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-08-29 141312]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-10-02 124832]
R2 Dnscache;Client DNS;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S1 d06264f0;d06264f0;C:\WINDOWS\system32\drivers\d06264f0.sys [ ]
S2 Belkin 54Mbps Wireless USB;Belkin 54Mbps Wireless USB Network Service;C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe [ ]
S3 AmeAtmPc;AmeAtmPc;C:\WINDOWS\system32\DRIVERS\AmeAtmPc.sys [2002-12-17 118391]
S3 AtmElan;Réseau émulant ATM;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2008-04-13 55808]
S3 AtmLane;Émulation réseau ATM;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2008-04-13 55808]
S3 camfilt2;camfilt2;C:\WINDOWS\system32\DRIVERS\camfilt2.sys [ ]
S3 int15.sys;int15.sys;C:\Program Files\acer\eRecovery\int15.sys [2005-01-13 69632]
S3 msloop;Pilote de carte de bouclage Microsoft;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 4992]
S3 XDva120;XDva120;C:\WINDOWS\system32\XDva120.sys [ ]
.
Contenu du dossier 'Tâches planifiées'
2008-10-09 C:\WINDOWS\Tasks\Schedule Task Weekly.job
- C:\Program Files\Registry Easy\RE.exe [2008-09-23 16:30]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{320E933A-03B1-423F-8A3E-10EA29EC5EA4} - (no file)
BHO-{4EC7AF3E-0521-4CAD-A677-BD12B42EDBAA} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-Getca - C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe
ShellExecuteHooks-{EA5FB64B-1CA5-4939-A93A-9E76234B0A67} - (no file)
Notify-dimsntfy - (no file)
Notify-xxywVlJB - (no file)
MSConfigStartUp-Getca - C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Fabian\Application Data\Mozilla\Firefox\Profiles\ko4nh5rh.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-13 12:11:39
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Heure de fin: 2008-10-13 12:13:19 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-13 10:13:18
ComboFix2.txt 2007-11-30 11:44:06
Avant-CF: 18.508.382.208 octets libres
Après-CF: 20,047,855,616 octets libres
295 --- E O F --- 2008-10-10 06:00:10
rapport de Hujackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:58, on 13/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe
C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
K:\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [flockbox] D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe /a
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Arovax AntiSpyware] C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe /s
O4 - HKCU\..\Policies\Explorer\Run: [pg32.exe] C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {1663B0BC-2CCE-4227-99BB-6E8B34FAC9E4} (COPPDetector Control) - https://drm.bittorrent.com/toaster/activex/COPPDetector.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Belkin 54Mbps Wireless USB Network Service (Belkin 54Mbps Wireless USB) - Unknown owner - C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe (file missing)
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SPM License Server (spmd) - mental images GmbH - C:\WINDOWS\system32\spm\spmdib.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
fabinou40
Messages postés
13
Date d'inscription
lundi 13 octobre 2008
Statut
Membre
Dernière intervention
13 octobre 2008
13 oct. 2008 à 12:17
13 oct. 2008 à 12:17
rapport de combofix :
ComboFix 08-10-11.04 - Fabian 2008-10-13 12:05:30.2 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.268 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Fabian\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Temp\abW9
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\rMa05yy
C:\WINDOWS\system32\rMa18yy
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Legacy_NPF
-------\Service_Boonty Games
-------\Service_NPF
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-13 au 2008-10-13 ))))))))))))))))))))))))))))))))))))
.
2101-04-29 16:27 . 2007-11-24 13:31 3,120 --a------ C:\WINDOWS\MF_C421.lfa
2101-04-29 16:27 . 2007-11-24 13:31 3,120 --a------ C:\WINDOWS\MF_C420.lfa
2008-10-13 10:55 . 2008-10-13 10:55 <REP> d-------- C:\WINDOWS\options
2008-10-13 10:05 . 2008-10-13 10:05 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-10-13 10:04 . 2003-10-13 15:30 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2008-10-13 10:04 . 2004-04-30 15:12 40,960 --a------ C:\WINDOWS\system32\B11gUSB.dll
2008-10-13 10:04 . 2003-09-25 23:28 31,930 --a------ C:\WINDOWS\system32\GTNDIS3.VXD
2008-10-13 10:04 . 2003-09-25 22:15 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys
2008-10-13 09:10 . 2008-10-13 09:10 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-10-13 08:34 . 2008-10-13 08:34 <REP> d-------- C:\Program Files\Yahoo!
2008-10-13 08:34 . 2008-10-13 08:34 <REP> d-------- C:\Program Files\Arovax AntiSpyware
2008-10-13 08:20 . 2008-10-13 09:26 1,606 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-13 08:00 . 2008-10-13 08:00 <REP> d-------- C:\Program Files\CCleaner
2008-10-12 21:44 . 2008-10-12 21:45 0 --a------ C:\WINDOWS\system32\atiicdxx.dat
2008-10-12 20:33 . 2008-10-12 20:33 0 --a------ C:\WINDOWS\system32\drivers\uhfepyd.sys
2008-10-12 20:30 . 2008-10-12 20:30 <REP> d-------- C:\Documents and Settings\julien.ACER-5C89C15659\Application Data\Malwarebytes
2008-10-12 20:17 . 2008-10-12 20:17 <REP> d-------- C:\!KillBox
2008-10-12 20:09 . 2008-10-12 20:09 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Spyware Terminator
2008-10-10 14:48 . 2008-10-10 14:48 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-10 14:48 . 2008-10-10 14:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-10 14:48 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-10 14:48 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-10 14:44 . 2008-10-10 14:44 <REP> d--hs---- C:\FOUND.006
2008-10-10 13:46 . 2008-10-10 13:46 <REP> d--hs---- C:\FOUND.005
2008-10-10 13:35 . 2008-10-10 13:49 346 --ahs---- C:\WINDOWS\system32\waGilnnn.ini
2008-10-10 13:16 . 2008-10-10 13:16 <REP> d-------- C:\Program Files\Exterminate It!
2008-10-10 12:15 . 2008-10-10 12:15 <REP> d-------- C:\Program Files\Spyware Doctor
2008-10-10 12:15 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-10-10 12:15 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-10-10 12:15 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-10-10 12:15 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-10-10 12:11 . 2008-10-10 12:11 <REP> d-------- C:\Program Files\Enigma Software Group
2008-10-10 08:56 . 2008-10-10 08:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-10-09 16:02 . 2008-10-09 16:02 42 --a------ C:\WINDOWS\system32\RegistryEasy.lie
2008-10-09 15:56 . 2008-10-09 15:56 <REP> d-------- C:\Program Files\Registry Easy
2008-10-09 15:21 . 2008-10-09 15:21 <REP> d--hs---- C:\Documents and Settings\Fabian\PrivacIE
2008-10-09 15:14 . 2008-04-14 04:33 81,920 --a------ C:\WINDOWS\system32\ieencode.dll
2008-10-09 08:16 . 2008-10-09 08:16 <REP> d--hs---- C:\FOUND.004
2008-10-09 07:59 . 2008-10-09 07:59 <REP> d-------- C:\Program Files\Common Files
2008-10-08 15:05 . 2008-10-08 15:05 <REP> d-------- C:\Program Files\Rockstar Games
2008-10-08 14:49 . 2008-10-08 14:49 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2008-10-03 10:44 . 2008-10-03 10:44 <REP> d-------- C:\Documents and Settings\Fabian\Tracing
2008-10-03 10:39 . 2008-10-03 10:39 <REP> d-------- C:\Program Files\Microsoft
2008-10-03 10:33 . 2008-10-03 10:33 <REP> d-------- C:\Program Files\Fichiers communs\Windows Live
2008-10-01 09:46 . 2008-10-01 09:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-10-01 09:31 . 2008-10-01 09:31 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-10-01 07:43 . 2008-10-01 07:43 <REP> d--hs---- C:\FOUND.003
2008-09-29 15:00 . 2008-09-29 15:00 <REP> d--hs---- C:\FOUND.002
2008-09-24 15:48 . 2008-09-24 15:48 <REP> d--hs---- C:\FOUND.001
2008-09-19 08:02 . 2003-11-20 15:28 651,264 --a------ C:\WINDOWS\system32\libeay32.dll
2008-09-19 08:02 . 2003-11-20 15:28 507,904 --a------ C:\WINDOWS\system32\AegisE5.dll
2008-09-19 08:02 . 2003-11-20 15:28 147,456 --a------ C:\WINDOWS\system32\ssleay32.dll
2008-09-19 08:02 . 2003-11-20 15:28 15,781 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys
2008-09-16 08:15 . 2008-09-16 08:16 <REP> d-------- C:\Program Files\PIXELA
2008-09-16 08:15 . 2002-04-07 13:26 106,496 --a------ C:\WINDOWS\system32\FPXS2Pro.dll
2008-09-16 08:14 . 2008-09-16 08:14 <REP> d-------- C:\Program Files\REGSHAVE
2008-09-16 08:14 . 2001-11-25 13:11 81,924 --------- C:\WINDOWS\system32\drivers\VC4CB104.SYS
2008-09-16 08:14 . 2002-02-27 13:27 65,536 --------- C:\WINDOWS\system32\FINFCHECK.dll
2008-09-16 08:14 . 2002-06-25 10:06 45,056 --------- C:\WINDOWS\system32\FINFCOPY.dll
2008-09-16 08:11 . 2002-02-05 18:33 69,632 --------- C:\WINDOWS\system32\FREGSHEX.DLL
2008-09-16 08:11 . 2002-02-13 12:00 45,056 --------- C:\WINDOWS\system32\FCLKBTN.DLL
2008-09-16 07:47 . 2004-08-05 05:00 149,376 --a------ C:\WINDOWS\system32\drivers\tffsport.sys
2008-09-16 07:47 . 2004-08-05 05:00 149,376 --a------ C:\WINDOWS\system32\dllcache\tffsport.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-29 06:13 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-09-11 07:26 --------- d-----w C:\Program Files\Photo to Sketch Pro
2008-09-11 07:18 --------- d-----w C:\Program Files\Photo To Sketch
2008-09-09 10:22 --------- d-----w C:\Program Files\Easy Mosaic
2008-09-09 06:55 --------- d-----w C:\Program Files\WinZip Self-Extractor
2008-09-08 22:03 51,712 ----a-w C:\WINDOWS\system32\sirenacm.dll
2008-09-05 14:04 288,768 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-09-04 06:16 --------- d-----w C:\Program Files\AxBx
2008-08-29 15:13 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-08-29 15:04 --------- d-----w C:\Program Files\Sega
2008-08-29 09:00 141,312 ----a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-08-25 13:26 --------- d-----w C:\Program Files\StofWare
2008-08-25 09:13 2,946,544 ----a-w C:\Documents and Settings\Fabian\setup.exe
2008-08-22 13:02 --------- d-----w C:\Program Files\Elaborate Bytes
2008-08-19 14:58 45,056 ----a-w C:\WINDOWS\system32\UninstallBeetle.exe
2008-08-05 15:55 265,720 ----a-w C:\WINDOWS\system32\msdbg2.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2007-12-31 16:10 15,397 ----a-w C:\Program Files\settings.dat
2005-02-16 09:06 218,112 ----a-w C:\Documents and Settings\Fabian\scanner.exe
2005-02-15 09:16 290,304 ----a-w C:\Program Files\UPHClean-Setup.msi
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
2008-08-21 15:15 94736 --a------ C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"= "C:\Program Files\Windows Live\Toolbar\wltcore.dll" [2008-09-02 953360]
[HKEY_CLASSES_ROOT\clsid\{21fa44ef-376d-4d53-9b0f-8a89d3229068}]
[HKEY_CLASSES_ROOT\TypeLib\{182E05A4-F4FF-4F73-8C84-D36B87D915AF}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Arovax AntiSpyware"="C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe" [2007-09-21 1966080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-10-07 131072]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-05-05 1817600]
"flockbox"="D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe" [2007-12-14 1071472]
[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"pg32.exe"="C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe" [2008-10-08 84992]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCPL"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoNetSetup"= 0 (0x0)
"NoNetSetupIDPage"= 0 (0x0)
"NoNetSetupSecurityPage"= 0 (0x0)
"NoWorkgroupContents"= 0 (0x0)
"NoEntireNetwork"= 0 (0x0)
"NoFileSharingControl"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoInstrumentation"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoUserNameInStartMenu"= 1 (0x1)
"NoInstrumentation"= 0 (0x0)
"NoStartMenuPinnedList"= 0 (0x0)
"ForceStartMenuLogoff"= 0 (0x0)
"RestrictRun"= 0 (0x0)
"NoCommonGroups"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoThumbnailCache"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 0 (0x0)
"NoClose"= 0 (0x0)
"NoSetFolders"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"msvideo7"= STV680tg.dll
"vidc.yv12"= yv12vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Belkin Wireless USB Utility.lnk]
backup=C:\WINDOWS\pss\Belkin Wireless USB Utility.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Antivirus Pro
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-10-02 14:45 67488 C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2008-07-18 10:21 268672 C:\Program Files\Alcohol Soft\Alcohol 120\AxCmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
--a------ 2001-12-06 14:09 45056 C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 14:07 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-08-08 22:08 413696 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Boonty Games"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\System32\\dpnsvr.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Sega\\OutRun2006 Coast 2 Coast\\OR2006C2C.EXE"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:TCP"= 6346:TCP:Shereaza
"6346:UDP"= 6346:UDP:shareaza
"4242:TCP"= 4242:TCP:4242
"4242:UDP"= 4242:UDP:4242
"86:TCP"= 86:TCP:BroadCam Web Server
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 MPRIFL;MPRIFL;C:\WINDOWS\system32\DRIVERS\MPRIFL.SYS [2007-12-13 17264]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2005-02-11 16640]
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
R0 tffsport;M-Systems DiskOnChip 2000;C:\WINDOWS\system32\DRIVERS\tffsport.sys [2004-08-05 149376]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-08-29 141312]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-10-02 124832]
R2 Dnscache;Client DNS;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S1 d06264f0;d06264f0;C:\WINDOWS\system32\drivers\d06264f0.sys [ ]
S2 Belkin 54Mbps Wireless USB;Belkin 54Mbps Wireless USB Network Service;C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe [ ]
S3 AmeAtmPc;AmeAtmPc;C:\WINDOWS\system32\DRIVERS\AmeAtmPc.sys [2002-12-17 118391]
S3 AtmElan;Réseau émulant ATM;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2008-04-13 55808]
S3 AtmLane;Émulation réseau ATM;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2008-04-13 55808]
S3 camfilt2;camfilt2;C:\WINDOWS\system32\DRIVERS\camfilt2.sys [ ]
S3 int15.sys;int15.sys;C:\Program Files\acer\eRecovery\int15.sys [2005-01-13 69632]
S3 msloop;Pilote de carte de bouclage Microsoft;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 4992]
S3 XDva120;XDva120;C:\WINDOWS\system32\XDva120.sys [ ]
.
Contenu du dossier 'Tâches planifiées'
2008-10-09 C:\WINDOWS\Tasks\Schedule Task Weekly.job
- C:\Program Files\Registry Easy\RE.exe [2008-09-23 16:30]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{320E933A-03B1-423F-8A3E-10EA29EC5EA4} - (no file)
BHO-{4EC7AF3E-0521-4CAD-A677-BD12B42EDBAA} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-Getca - C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe
ShellExecuteHooks-{EA5FB64B-1CA5-4939-A93A-9E76234B0A67} - (no file)
Notify-dimsntfy - (no file)
Notify-xxywVlJB - (no file)
MSConfigStartUp-Getca - C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Fabian\Application Data\Mozilla\Firefox\Profiles\ko4nh5rh.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-13 12:11:39
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Heure de fin: 2008-10-13 12:13:19 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-13 10:13:18
ComboFix2.txt 2007-11-30 11:44:06
Avant-CF: 18.508.382.208 octets libres
Après-CF: 20,047,855,616 octets libres
295 --- E O F --- 2008-10-10 06:00:10
rapport de Hujackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:58, on 13/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe
C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
K:\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [flockbox] D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe /a
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Arovax AntiSpyware] C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe /s
O4 - HKCU\..\Policies\Explorer\Run: [pg32.exe] C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {1663B0BC-2CCE-4227-99BB-6E8B34FAC9E4} (COPPDetector Control) - https://drm.bittorrent.com/toaster/activex/COPPDetector.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Belkin 54Mbps Wireless USB Network Service (Belkin 54Mbps Wireless USB) - Unknown owner - C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe (file missing)
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SPM License Server (spmd) - mental images GmbH - C:\WINDOWS\system32\spm\spmdib.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
ComboFix 08-10-11.04 - Fabian 2008-10-13 12:05:30.2 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.268 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Fabian\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Temp\abW9
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\rMa05yy
C:\WINDOWS\system32\rMa18yy
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Legacy_NPF
-------\Service_Boonty Games
-------\Service_NPF
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-13 au 2008-10-13 ))))))))))))))))))))))))))))))))))))
.
2101-04-29 16:27 . 2007-11-24 13:31 3,120 --a------ C:\WINDOWS\MF_C421.lfa
2101-04-29 16:27 . 2007-11-24 13:31 3,120 --a------ C:\WINDOWS\MF_C420.lfa
2008-10-13 10:55 . 2008-10-13 10:55 <REP> d-------- C:\WINDOWS\options
2008-10-13 10:05 . 2008-10-13 10:05 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-10-13 10:04 . 2003-10-13 15:30 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2008-10-13 10:04 . 2004-04-30 15:12 40,960 --a------ C:\WINDOWS\system32\B11gUSB.dll
2008-10-13 10:04 . 2003-09-25 23:28 31,930 --a------ C:\WINDOWS\system32\GTNDIS3.VXD
2008-10-13 10:04 . 2003-09-25 22:15 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys
2008-10-13 09:10 . 2008-10-13 09:10 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-10-13 08:34 . 2008-10-13 08:34 <REP> d-------- C:\Program Files\Yahoo!
2008-10-13 08:34 . 2008-10-13 08:34 <REP> d-------- C:\Program Files\Arovax AntiSpyware
2008-10-13 08:20 . 2008-10-13 09:26 1,606 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-13 08:00 . 2008-10-13 08:00 <REP> d-------- C:\Program Files\CCleaner
2008-10-12 21:44 . 2008-10-12 21:45 0 --a------ C:\WINDOWS\system32\atiicdxx.dat
2008-10-12 20:33 . 2008-10-12 20:33 0 --a------ C:\WINDOWS\system32\drivers\uhfepyd.sys
2008-10-12 20:30 . 2008-10-12 20:30 <REP> d-------- C:\Documents and Settings\julien.ACER-5C89C15659\Application Data\Malwarebytes
2008-10-12 20:17 . 2008-10-12 20:17 <REP> d-------- C:\!KillBox
2008-10-12 20:09 . 2008-10-12 20:09 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Spyware Terminator
2008-10-10 14:48 . 2008-10-10 14:48 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-10 14:48 . 2008-10-10 14:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-10 14:48 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-10 14:48 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-10 14:44 . 2008-10-10 14:44 <REP> d--hs---- C:\FOUND.006
2008-10-10 13:46 . 2008-10-10 13:46 <REP> d--hs---- C:\FOUND.005
2008-10-10 13:35 . 2008-10-10 13:49 346 --ahs---- C:\WINDOWS\system32\waGilnnn.ini
2008-10-10 13:16 . 2008-10-10 13:16 <REP> d-------- C:\Program Files\Exterminate It!
2008-10-10 12:15 . 2008-10-10 12:15 <REP> d-------- C:\Program Files\Spyware Doctor
2008-10-10 12:15 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-10-10 12:15 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-10-10 12:15 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-10-10 12:15 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-10-10 12:11 . 2008-10-10 12:11 <REP> d-------- C:\Program Files\Enigma Software Group
2008-10-10 08:56 . 2008-10-10 08:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-10-09 16:02 . 2008-10-09 16:02 42 --a------ C:\WINDOWS\system32\RegistryEasy.lie
2008-10-09 15:56 . 2008-10-09 15:56 <REP> d-------- C:\Program Files\Registry Easy
2008-10-09 15:21 . 2008-10-09 15:21 <REP> d--hs---- C:\Documents and Settings\Fabian\PrivacIE
2008-10-09 15:14 . 2008-04-14 04:33 81,920 --a------ C:\WINDOWS\system32\ieencode.dll
2008-10-09 08:16 . 2008-10-09 08:16 <REP> d--hs---- C:\FOUND.004
2008-10-09 07:59 . 2008-10-09 07:59 <REP> d-------- C:\Program Files\Common Files
2008-10-08 15:05 . 2008-10-08 15:05 <REP> d-------- C:\Program Files\Rockstar Games
2008-10-08 14:49 . 2008-10-08 14:49 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2008-10-03 10:44 . 2008-10-03 10:44 <REP> d-------- C:\Documents and Settings\Fabian\Tracing
2008-10-03 10:39 . 2008-10-03 10:39 <REP> d-------- C:\Program Files\Microsoft
2008-10-03 10:33 . 2008-10-03 10:33 <REP> d-------- C:\Program Files\Fichiers communs\Windows Live
2008-10-01 09:46 . 2008-10-01 09:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-10-01 09:31 . 2008-10-01 09:31 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-10-01 07:43 . 2008-10-01 07:43 <REP> d--hs---- C:\FOUND.003
2008-09-29 15:00 . 2008-09-29 15:00 <REP> d--hs---- C:\FOUND.002
2008-09-24 15:48 . 2008-09-24 15:48 <REP> d--hs---- C:\FOUND.001
2008-09-19 08:02 . 2003-11-20 15:28 651,264 --a------ C:\WINDOWS\system32\libeay32.dll
2008-09-19 08:02 . 2003-11-20 15:28 507,904 --a------ C:\WINDOWS\system32\AegisE5.dll
2008-09-19 08:02 . 2003-11-20 15:28 147,456 --a------ C:\WINDOWS\system32\ssleay32.dll
2008-09-19 08:02 . 2003-11-20 15:28 15,781 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys
2008-09-16 08:15 . 2008-09-16 08:16 <REP> d-------- C:\Program Files\PIXELA
2008-09-16 08:15 . 2002-04-07 13:26 106,496 --a------ C:\WINDOWS\system32\FPXS2Pro.dll
2008-09-16 08:14 . 2008-09-16 08:14 <REP> d-------- C:\Program Files\REGSHAVE
2008-09-16 08:14 . 2001-11-25 13:11 81,924 --------- C:\WINDOWS\system32\drivers\VC4CB104.SYS
2008-09-16 08:14 . 2002-02-27 13:27 65,536 --------- C:\WINDOWS\system32\FINFCHECK.dll
2008-09-16 08:14 . 2002-06-25 10:06 45,056 --------- C:\WINDOWS\system32\FINFCOPY.dll
2008-09-16 08:11 . 2002-02-05 18:33 69,632 --------- C:\WINDOWS\system32\FREGSHEX.DLL
2008-09-16 08:11 . 2002-02-13 12:00 45,056 --------- C:\WINDOWS\system32\FCLKBTN.DLL
2008-09-16 07:47 . 2004-08-05 05:00 149,376 --a------ C:\WINDOWS\system32\drivers\tffsport.sys
2008-09-16 07:47 . 2004-08-05 05:00 149,376 --a------ C:\WINDOWS\system32\dllcache\tffsport.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-29 06:13 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-09-11 07:26 --------- d-----w C:\Program Files\Photo to Sketch Pro
2008-09-11 07:18 --------- d-----w C:\Program Files\Photo To Sketch
2008-09-09 10:22 --------- d-----w C:\Program Files\Easy Mosaic
2008-09-09 06:55 --------- d-----w C:\Program Files\WinZip Self-Extractor
2008-09-08 22:03 51,712 ----a-w C:\WINDOWS\system32\sirenacm.dll
2008-09-05 14:04 288,768 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-09-04 06:16 --------- d-----w C:\Program Files\AxBx
2008-08-29 15:13 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-08-29 15:04 --------- d-----w C:\Program Files\Sega
2008-08-29 09:00 141,312 ----a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-08-25 13:26 --------- d-----w C:\Program Files\StofWare
2008-08-25 09:13 2,946,544 ----a-w C:\Documents and Settings\Fabian\setup.exe
2008-08-22 13:02 --------- d-----w C:\Program Files\Elaborate Bytes
2008-08-19 14:58 45,056 ----a-w C:\WINDOWS\system32\UninstallBeetle.exe
2008-08-05 15:55 265,720 ----a-w C:\WINDOWS\system32\msdbg2.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2007-12-31 16:10 15,397 ----a-w C:\Program Files\settings.dat
2005-02-16 09:06 218,112 ----a-w C:\Documents and Settings\Fabian\scanner.exe
2005-02-15 09:16 290,304 ----a-w C:\Program Files\UPHClean-Setup.msi
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
2008-08-21 15:15 94736 --a------ C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"= "C:\Program Files\Windows Live\Toolbar\wltcore.dll" [2008-09-02 953360]
[HKEY_CLASSES_ROOT\clsid\{21fa44ef-376d-4d53-9b0f-8a89d3229068}]
[HKEY_CLASSES_ROOT\TypeLib\{182E05A4-F4FF-4F73-8C84-D36B87D915AF}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Arovax AntiSpyware"="C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe" [2007-09-21 1966080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-10-07 131072]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-05-05 1817600]
"flockbox"="D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe" [2007-12-14 1071472]
[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"pg32.exe"="C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe" [2008-10-08 84992]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCPL"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoNetSetup"= 0 (0x0)
"NoNetSetupIDPage"= 0 (0x0)
"NoNetSetupSecurityPage"= 0 (0x0)
"NoWorkgroupContents"= 0 (0x0)
"NoEntireNetwork"= 0 (0x0)
"NoFileSharingControl"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoInstrumentation"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoUserNameInStartMenu"= 1 (0x1)
"NoInstrumentation"= 0 (0x0)
"NoStartMenuPinnedList"= 0 (0x0)
"ForceStartMenuLogoff"= 0 (0x0)
"RestrictRun"= 0 (0x0)
"NoCommonGroups"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoThumbnailCache"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 0 (0x0)
"NoClose"= 0 (0x0)
"NoSetFolders"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"msvideo7"= STV680tg.dll
"vidc.yv12"= yv12vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Belkin Wireless USB Utility.lnk]
backup=C:\WINDOWS\pss\Belkin Wireless USB Utility.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Antivirus Pro
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-10-02 14:45 67488 C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2008-07-18 10:21 268672 C:\Program Files\Alcohol Soft\Alcohol 120\AxCmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
--a------ 2001-12-06 14:09 45056 C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 14:07 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-08-08 22:08 413696 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Boonty Games"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\System32\\dpnsvr.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Sega\\OutRun2006 Coast 2 Coast\\OR2006C2C.EXE"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:TCP"= 6346:TCP:Shereaza
"6346:UDP"= 6346:UDP:shareaza
"4242:TCP"= 4242:TCP:4242
"4242:UDP"= 4242:UDP:4242
"86:TCP"= 86:TCP:BroadCam Web Server
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 MPRIFL;MPRIFL;C:\WINDOWS\system32\DRIVERS\MPRIFL.SYS [2007-12-13 17264]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2005-02-11 16640]
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
R0 tffsport;M-Systems DiskOnChip 2000;C:\WINDOWS\system32\DRIVERS\tffsport.sys [2004-08-05 149376]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-08-29 141312]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-10-02 124832]
R2 Dnscache;Client DNS;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S1 d06264f0;d06264f0;C:\WINDOWS\system32\drivers\d06264f0.sys [ ]
S2 Belkin 54Mbps Wireless USB;Belkin 54Mbps Wireless USB Network Service;C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe [ ]
S3 AmeAtmPc;AmeAtmPc;C:\WINDOWS\system32\DRIVERS\AmeAtmPc.sys [2002-12-17 118391]
S3 AtmElan;Réseau émulant ATM;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2008-04-13 55808]
S3 AtmLane;Émulation réseau ATM;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2008-04-13 55808]
S3 camfilt2;camfilt2;C:\WINDOWS\system32\DRIVERS\camfilt2.sys [ ]
S3 int15.sys;int15.sys;C:\Program Files\acer\eRecovery\int15.sys [2005-01-13 69632]
S3 msloop;Pilote de carte de bouclage Microsoft;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 4992]
S3 XDva120;XDva120;C:\WINDOWS\system32\XDva120.sys [ ]
.
Contenu du dossier 'Tâches planifiées'
2008-10-09 C:\WINDOWS\Tasks\Schedule Task Weekly.job
- C:\Program Files\Registry Easy\RE.exe [2008-09-23 16:30]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{320E933A-03B1-423F-8A3E-10EA29EC5EA4} - (no file)
BHO-{4EC7AF3E-0521-4CAD-A677-BD12B42EDBAA} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-Getca - C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe
ShellExecuteHooks-{EA5FB64B-1CA5-4939-A93A-9E76234B0A67} - (no file)
Notify-dimsntfy - (no file)
Notify-xxywVlJB - (no file)
MSConfigStartUp-Getca - C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Fabian\Application Data\Mozilla\Firefox\Profiles\ko4nh5rh.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-13 12:11:39
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Heure de fin: 2008-10-13 12:13:19 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-13 10:13:18
ComboFix2.txt 2007-11-30 11:44:06
Avant-CF: 18.508.382.208 octets libres
Après-CF: 20,047,855,616 octets libres
295 --- E O F --- 2008-10-10 06:00:10
rapport de Hujackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:58, on 13/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe
C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
K:\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [flockbox] D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe /a
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Arovax AntiSpyware] C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe /s
O4 - HKCU\..\Policies\Explorer\Run: [pg32.exe] C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {1663B0BC-2CCE-4227-99BB-6E8B34FAC9E4} (COPPDetector Control) - https://drm.bittorrent.com/toaster/activex/COPPDetector.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Belkin 54Mbps Wireless USB Network Service (Belkin 54Mbps Wireless USB) - Unknown owner - C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe (file missing)
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SPM License Server (spmd) - mental images GmbH - C:\WINDOWS\system32\spm\spmdib.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
fabinou40
Messages postés
13
Date d'inscription
lundi 13 octobre 2008
Statut
Membre
Dernière intervention
13 octobre 2008
13 oct. 2008 à 12:17
13 oct. 2008 à 12:17
rapport de combofix :
ComboFix 08-10-11.04 - Fabian 2008-10-13 12:05:30.2 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.268 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Fabian\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Temp\abW9
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\rMa05yy
C:\WINDOWS\system32\rMa18yy
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Legacy_NPF
-------\Service_Boonty Games
-------\Service_NPF
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-13 au 2008-10-13 ))))))))))))))))))))))))))))))))))))
.
2101-04-29 16:27 . 2007-11-24 13:31 3,120 --a------ C:\WINDOWS\MF_C421.lfa
2101-04-29 16:27 . 2007-11-24 13:31 3,120 --a------ C:\WINDOWS\MF_C420.lfa
2008-10-13 10:55 . 2008-10-13 10:55 <REP> d-------- C:\WINDOWS\options
2008-10-13 10:05 . 2008-10-13 10:05 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-10-13 10:04 . 2003-10-13 15:30 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2008-10-13 10:04 . 2004-04-30 15:12 40,960 --a------ C:\WINDOWS\system32\B11gUSB.dll
2008-10-13 10:04 . 2003-09-25 23:28 31,930 --a------ C:\WINDOWS\system32\GTNDIS3.VXD
2008-10-13 10:04 . 2003-09-25 22:15 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys
2008-10-13 09:10 . 2008-10-13 09:10 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-10-13 08:34 . 2008-10-13 08:34 <REP> d-------- C:\Program Files\Yahoo!
2008-10-13 08:34 . 2008-10-13 08:34 <REP> d-------- C:\Program Files\Arovax AntiSpyware
2008-10-13 08:20 . 2008-10-13 09:26 1,606 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-13 08:00 . 2008-10-13 08:00 <REP> d-------- C:\Program Files\CCleaner
2008-10-12 21:44 . 2008-10-12 21:45 0 --a------ C:\WINDOWS\system32\atiicdxx.dat
2008-10-12 20:33 . 2008-10-12 20:33 0 --a------ C:\WINDOWS\system32\drivers\uhfepyd.sys
2008-10-12 20:30 . 2008-10-12 20:30 <REP> d-------- C:\Documents and Settings\julien.ACER-5C89C15659\Application Data\Malwarebytes
2008-10-12 20:17 . 2008-10-12 20:17 <REP> d-------- C:\!KillBox
2008-10-12 20:09 . 2008-10-12 20:09 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Spyware Terminator
2008-10-10 14:48 . 2008-10-10 14:48 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-10 14:48 . 2008-10-10 14:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-10 14:48 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-10 14:48 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-10 14:44 . 2008-10-10 14:44 <REP> d--hs---- C:\FOUND.006
2008-10-10 13:46 . 2008-10-10 13:46 <REP> d--hs---- C:\FOUND.005
2008-10-10 13:35 . 2008-10-10 13:49 346 --ahs---- C:\WINDOWS\system32\waGilnnn.ini
2008-10-10 13:16 . 2008-10-10 13:16 <REP> d-------- C:\Program Files\Exterminate It!
2008-10-10 12:15 . 2008-10-10 12:15 <REP> d-------- C:\Program Files\Spyware Doctor
2008-10-10 12:15 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-10-10 12:15 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-10-10 12:15 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-10-10 12:15 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-10-10 12:11 . 2008-10-10 12:11 <REP> d-------- C:\Program Files\Enigma Software Group
2008-10-10 08:56 . 2008-10-10 08:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-10-09 16:02 . 2008-10-09 16:02 42 --a------ C:\WINDOWS\system32\RegistryEasy.lie
2008-10-09 15:56 . 2008-10-09 15:56 <REP> d-------- C:\Program Files\Registry Easy
2008-10-09 15:21 . 2008-10-09 15:21 <REP> d--hs---- C:\Documents and Settings\Fabian\PrivacIE
2008-10-09 15:14 . 2008-04-14 04:33 81,920 --a------ C:\WINDOWS\system32\ieencode.dll
2008-10-09 08:16 . 2008-10-09 08:16 <REP> d--hs---- C:\FOUND.004
2008-10-09 07:59 . 2008-10-09 07:59 <REP> d-------- C:\Program Files\Common Files
2008-10-08 15:05 . 2008-10-08 15:05 <REP> d-------- C:\Program Files\Rockstar Games
2008-10-08 14:49 . 2008-10-08 14:49 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2008-10-03 10:44 . 2008-10-03 10:44 <REP> d-------- C:\Documents and Settings\Fabian\Tracing
2008-10-03 10:39 . 2008-10-03 10:39 <REP> d-------- C:\Program Files\Microsoft
2008-10-03 10:33 . 2008-10-03 10:33 <REP> d-------- C:\Program Files\Fichiers communs\Windows Live
2008-10-01 09:46 . 2008-10-01 09:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-10-01 09:31 . 2008-10-01 09:31 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-10-01 07:43 . 2008-10-01 07:43 <REP> d--hs---- C:\FOUND.003
2008-09-29 15:00 . 2008-09-29 15:00 <REP> d--hs---- C:\FOUND.002
2008-09-24 15:48 . 2008-09-24 15:48 <REP> d--hs---- C:\FOUND.001
2008-09-19 08:02 . 2003-11-20 15:28 651,264 --a------ C:\WINDOWS\system32\libeay32.dll
2008-09-19 08:02 . 2003-11-20 15:28 507,904 --a------ C:\WINDOWS\system32\AegisE5.dll
2008-09-19 08:02 . 2003-11-20 15:28 147,456 --a------ C:\WINDOWS\system32\ssleay32.dll
2008-09-19 08:02 . 2003-11-20 15:28 15,781 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys
2008-09-16 08:15 . 2008-09-16 08:16 <REP> d-------- C:\Program Files\PIXELA
2008-09-16 08:15 . 2002-04-07 13:26 106,496 --a------ C:\WINDOWS\system32\FPXS2Pro.dll
2008-09-16 08:14 . 2008-09-16 08:14 <REP> d-------- C:\Program Files\REGSHAVE
2008-09-16 08:14 . 2001-11-25 13:11 81,924 --------- C:\WINDOWS\system32\drivers\VC4CB104.SYS
2008-09-16 08:14 . 2002-02-27 13:27 65,536 --------- C:\WINDOWS\system32\FINFCHECK.dll
2008-09-16 08:14 . 2002-06-25 10:06 45,056 --------- C:\WINDOWS\system32\FINFCOPY.dll
2008-09-16 08:11 . 2002-02-05 18:33 69,632 --------- C:\WINDOWS\system32\FREGSHEX.DLL
2008-09-16 08:11 . 2002-02-13 12:00 45,056 --------- C:\WINDOWS\system32\FCLKBTN.DLL
2008-09-16 07:47 . 2004-08-05 05:00 149,376 --a------ C:\WINDOWS\system32\drivers\tffsport.sys
2008-09-16 07:47 . 2004-08-05 05:00 149,376 --a------ C:\WINDOWS\system32\dllcache\tffsport.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-29 06:13 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-09-11 07:26 --------- d-----w C:\Program Files\Photo to Sketch Pro
2008-09-11 07:18 --------- d-----w C:\Program Files\Photo To Sketch
2008-09-09 10:22 --------- d-----w C:\Program Files\Easy Mosaic
2008-09-09 06:55 --------- d-----w C:\Program Files\WinZip Self-Extractor
2008-09-08 22:03 51,712 ----a-w C:\WINDOWS\system32\sirenacm.dll
2008-09-05 14:04 288,768 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-09-04 06:16 --------- d-----w C:\Program Files\AxBx
2008-08-29 15:13 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-08-29 15:04 --------- d-----w C:\Program Files\Sega
2008-08-29 09:00 141,312 ----a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-08-25 13:26 --------- d-----w C:\Program Files\StofWare
2008-08-25 09:13 2,946,544 ----a-w C:\Documents and Settings\Fabian\setup.exe
2008-08-22 13:02 --------- d-----w C:\Program Files\Elaborate Bytes
2008-08-19 14:58 45,056 ----a-w C:\WINDOWS\system32\UninstallBeetle.exe
2008-08-05 15:55 265,720 ----a-w C:\WINDOWS\system32\msdbg2.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2007-12-31 16:10 15,397 ----a-w C:\Program Files\settings.dat
2005-02-16 09:06 218,112 ----a-w C:\Documents and Settings\Fabian\scanner.exe
2005-02-15 09:16 290,304 ----a-w C:\Program Files\UPHClean-Setup.msi
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
2008-08-21 15:15 94736 --a------ C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"= "C:\Program Files\Windows Live\Toolbar\wltcore.dll" [2008-09-02 953360]
[HKEY_CLASSES_ROOT\clsid\{21fa44ef-376d-4d53-9b0f-8a89d3229068}]
[HKEY_CLASSES_ROOT\TypeLib\{182E05A4-F4FF-4F73-8C84-D36B87D915AF}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Arovax AntiSpyware"="C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe" [2007-09-21 1966080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-10-07 131072]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-05-05 1817600]
"flockbox"="D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe" [2007-12-14 1071472]
[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"pg32.exe"="C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe" [2008-10-08 84992]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCPL"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoNetSetup"= 0 (0x0)
"NoNetSetupIDPage"= 0 (0x0)
"NoNetSetupSecurityPage"= 0 (0x0)
"NoWorkgroupContents"= 0 (0x0)
"NoEntireNetwork"= 0 (0x0)
"NoFileSharingControl"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoInstrumentation"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoUserNameInStartMenu"= 1 (0x1)
"NoInstrumentation"= 0 (0x0)
"NoStartMenuPinnedList"= 0 (0x0)
"ForceStartMenuLogoff"= 0 (0x0)
"RestrictRun"= 0 (0x0)
"NoCommonGroups"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoThumbnailCache"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 0 (0x0)
"NoClose"= 0 (0x0)
"NoSetFolders"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"msvideo7"= STV680tg.dll
"vidc.yv12"= yv12vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Belkin Wireless USB Utility.lnk]
backup=C:\WINDOWS\pss\Belkin Wireless USB Utility.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Antivirus Pro
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-10-02 14:45 67488 C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2008-07-18 10:21 268672 C:\Program Files\Alcohol Soft\Alcohol 120\AxCmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
--a------ 2001-12-06 14:09 45056 C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 14:07 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-08-08 22:08 413696 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Boonty Games"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\System32\\dpnsvr.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Sega\\OutRun2006 Coast 2 Coast\\OR2006C2C.EXE"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:TCP"= 6346:TCP:Shereaza
"6346:UDP"= 6346:UDP:shareaza
"4242:TCP"= 4242:TCP:4242
"4242:UDP"= 4242:UDP:4242
"86:TCP"= 86:TCP:BroadCam Web Server
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 MPRIFL;MPRIFL;C:\WINDOWS\system32\DRIVERS\MPRIFL.SYS [2007-12-13 17264]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2005-02-11 16640]
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
R0 tffsport;M-Systems DiskOnChip 2000;C:\WINDOWS\system32\DRIVERS\tffsport.sys [2004-08-05 149376]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-08-29 141312]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-10-02 124832]
R2 Dnscache;Client DNS;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S1 d06264f0;d06264f0;C:\WINDOWS\system32\drivers\d06264f0.sys [ ]
S2 Belkin 54Mbps Wireless USB;Belkin 54Mbps Wireless USB Network Service;C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe [ ]
S3 AmeAtmPc;AmeAtmPc;C:\WINDOWS\system32\DRIVERS\AmeAtmPc.sys [2002-12-17 118391]
S3 AtmElan;Réseau émulant ATM;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2008-04-13 55808]
S3 AtmLane;Émulation réseau ATM;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2008-04-13 55808]
S3 camfilt2;camfilt2;C:\WINDOWS\system32\DRIVERS\camfilt2.sys [ ]
S3 int15.sys;int15.sys;C:\Program Files\acer\eRecovery\int15.sys [2005-01-13 69632]
S3 msloop;Pilote de carte de bouclage Microsoft;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 4992]
S3 XDva120;XDva120;C:\WINDOWS\system32\XDva120.sys [ ]
.
Contenu du dossier 'Tâches planifiées'
2008-10-09 C:\WINDOWS\Tasks\Schedule Task Weekly.job
- C:\Program Files\Registry Easy\RE.exe [2008-09-23 16:30]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{320E933A-03B1-423F-8A3E-10EA29EC5EA4} - (no file)
BHO-{4EC7AF3E-0521-4CAD-A677-BD12B42EDBAA} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-Getca - C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe
ShellExecuteHooks-{EA5FB64B-1CA5-4939-A93A-9E76234B0A67} - (no file)
Notify-dimsntfy - (no file)
Notify-xxywVlJB - (no file)
MSConfigStartUp-Getca - C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Fabian\Application Data\Mozilla\Firefox\Profiles\ko4nh5rh.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-13 12:11:39
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Heure de fin: 2008-10-13 12:13:19 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-13 10:13:18
ComboFix2.txt 2007-11-30 11:44:06
Avant-CF: 18.508.382.208 octets libres
Après-CF: 20,047,855,616 octets libres
295 --- E O F --- 2008-10-10 06:00:10
rapport de Hujackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:58, on 13/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe
C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
K:\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [flockbox] D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe /a
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Arovax AntiSpyware] C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe /s
O4 - HKCU\..\Policies\Explorer\Run: [pg32.exe] C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {1663B0BC-2CCE-4227-99BB-6E8B34FAC9E4} (COPPDetector Control) - https://drm.bittorrent.com/toaster/activex/COPPDetector.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Belkin 54Mbps Wireless USB Network Service (Belkin 54Mbps Wireless USB) - Unknown owner - C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe (file missing)
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SPM License Server (spmd) - mental images GmbH - C:\WINDOWS\system32\spm\spmdib.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
ComboFix 08-10-11.04 - Fabian 2008-10-13 12:05:30.2 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.268 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Fabian\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Temp\abW9
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\rMa05yy
C:\WINDOWS\system32\rMa18yy
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Legacy_NPF
-------\Service_Boonty Games
-------\Service_NPF
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-13 au 2008-10-13 ))))))))))))))))))))))))))))))))))))
.
2101-04-29 16:27 . 2007-11-24 13:31 3,120 --a------ C:\WINDOWS\MF_C421.lfa
2101-04-29 16:27 . 2007-11-24 13:31 3,120 --a------ C:\WINDOWS\MF_C420.lfa
2008-10-13 10:55 . 2008-10-13 10:55 <REP> d-------- C:\WINDOWS\options
2008-10-13 10:05 . 2008-10-13 10:05 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-10-13 10:04 . 2003-10-13 15:30 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2008-10-13 10:04 . 2004-04-30 15:12 40,960 --a------ C:\WINDOWS\system32\B11gUSB.dll
2008-10-13 10:04 . 2003-09-25 23:28 31,930 --a------ C:\WINDOWS\system32\GTNDIS3.VXD
2008-10-13 10:04 . 2003-09-25 22:15 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys
2008-10-13 09:10 . 2008-10-13 09:10 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-10-13 08:34 . 2008-10-13 08:34 <REP> d-------- C:\Program Files\Yahoo!
2008-10-13 08:34 . 2008-10-13 08:34 <REP> d-------- C:\Program Files\Arovax AntiSpyware
2008-10-13 08:20 . 2008-10-13 09:26 1,606 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-13 08:00 . 2008-10-13 08:00 <REP> d-------- C:\Program Files\CCleaner
2008-10-12 21:44 . 2008-10-12 21:45 0 --a------ C:\WINDOWS\system32\atiicdxx.dat
2008-10-12 20:33 . 2008-10-12 20:33 0 --a------ C:\WINDOWS\system32\drivers\uhfepyd.sys
2008-10-12 20:30 . 2008-10-12 20:30 <REP> d-------- C:\Documents and Settings\julien.ACER-5C89C15659\Application Data\Malwarebytes
2008-10-12 20:17 . 2008-10-12 20:17 <REP> d-------- C:\!KillBox
2008-10-12 20:09 . 2008-10-12 20:09 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Spyware Terminator
2008-10-10 14:48 . 2008-10-10 14:48 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-10 14:48 . 2008-10-10 14:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-10 14:48 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-10 14:48 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-10 14:44 . 2008-10-10 14:44 <REP> d--hs---- C:\FOUND.006
2008-10-10 13:46 . 2008-10-10 13:46 <REP> d--hs---- C:\FOUND.005
2008-10-10 13:35 . 2008-10-10 13:49 346 --ahs---- C:\WINDOWS\system32\waGilnnn.ini
2008-10-10 13:16 . 2008-10-10 13:16 <REP> d-------- C:\Program Files\Exterminate It!
2008-10-10 12:15 . 2008-10-10 12:15 <REP> d-------- C:\Program Files\Spyware Doctor
2008-10-10 12:15 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-10-10 12:15 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-10-10 12:15 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-10-10 12:15 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-10-10 12:11 . 2008-10-10 12:11 <REP> d-------- C:\Program Files\Enigma Software Group
2008-10-10 08:56 . 2008-10-10 08:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-10-09 16:02 . 2008-10-09 16:02 42 --a------ C:\WINDOWS\system32\RegistryEasy.lie
2008-10-09 15:56 . 2008-10-09 15:56 <REP> d-------- C:\Program Files\Registry Easy
2008-10-09 15:21 . 2008-10-09 15:21 <REP> d--hs---- C:\Documents and Settings\Fabian\PrivacIE
2008-10-09 15:14 . 2008-04-14 04:33 81,920 --a------ C:\WINDOWS\system32\ieencode.dll
2008-10-09 08:16 . 2008-10-09 08:16 <REP> d--hs---- C:\FOUND.004
2008-10-09 07:59 . 2008-10-09 07:59 <REP> d-------- C:\Program Files\Common Files
2008-10-08 15:05 . 2008-10-08 15:05 <REP> d-------- C:\Program Files\Rockstar Games
2008-10-08 14:49 . 2008-10-08 14:49 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2008-10-03 10:44 . 2008-10-03 10:44 <REP> d-------- C:\Documents and Settings\Fabian\Tracing
2008-10-03 10:39 . 2008-10-03 10:39 <REP> d-------- C:\Program Files\Microsoft
2008-10-03 10:33 . 2008-10-03 10:33 <REP> d-------- C:\Program Files\Fichiers communs\Windows Live
2008-10-01 09:46 . 2008-10-01 09:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-10-01 09:31 . 2008-10-01 09:31 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-10-01 07:43 . 2008-10-01 07:43 <REP> d--hs---- C:\FOUND.003
2008-09-29 15:00 . 2008-09-29 15:00 <REP> d--hs---- C:\FOUND.002
2008-09-24 15:48 . 2008-09-24 15:48 <REP> d--hs---- C:\FOUND.001
2008-09-19 08:02 . 2003-11-20 15:28 651,264 --a------ C:\WINDOWS\system32\libeay32.dll
2008-09-19 08:02 . 2003-11-20 15:28 507,904 --a------ C:\WINDOWS\system32\AegisE5.dll
2008-09-19 08:02 . 2003-11-20 15:28 147,456 --a------ C:\WINDOWS\system32\ssleay32.dll
2008-09-19 08:02 . 2003-11-20 15:28 15,781 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys
2008-09-16 08:15 . 2008-09-16 08:16 <REP> d-------- C:\Program Files\PIXELA
2008-09-16 08:15 . 2002-04-07 13:26 106,496 --a------ C:\WINDOWS\system32\FPXS2Pro.dll
2008-09-16 08:14 . 2008-09-16 08:14 <REP> d-------- C:\Program Files\REGSHAVE
2008-09-16 08:14 . 2001-11-25 13:11 81,924 --------- C:\WINDOWS\system32\drivers\VC4CB104.SYS
2008-09-16 08:14 . 2002-02-27 13:27 65,536 --------- C:\WINDOWS\system32\FINFCHECK.dll
2008-09-16 08:14 . 2002-06-25 10:06 45,056 --------- C:\WINDOWS\system32\FINFCOPY.dll
2008-09-16 08:11 . 2002-02-05 18:33 69,632 --------- C:\WINDOWS\system32\FREGSHEX.DLL
2008-09-16 08:11 . 2002-02-13 12:00 45,056 --------- C:\WINDOWS\system32\FCLKBTN.DLL
2008-09-16 07:47 . 2004-08-05 05:00 149,376 --a------ C:\WINDOWS\system32\drivers\tffsport.sys
2008-09-16 07:47 . 2004-08-05 05:00 149,376 --a------ C:\WINDOWS\system32\dllcache\tffsport.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-29 06:13 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-09-11 07:26 --------- d-----w C:\Program Files\Photo to Sketch Pro
2008-09-11 07:18 --------- d-----w C:\Program Files\Photo To Sketch
2008-09-09 10:22 --------- d-----w C:\Program Files\Easy Mosaic
2008-09-09 06:55 --------- d-----w C:\Program Files\WinZip Self-Extractor
2008-09-08 22:03 51,712 ----a-w C:\WINDOWS\system32\sirenacm.dll
2008-09-05 14:04 288,768 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-09-04 06:16 --------- d-----w C:\Program Files\AxBx
2008-08-29 15:13 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-08-29 15:04 --------- d-----w C:\Program Files\Sega
2008-08-29 09:00 141,312 ----a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-08-25 13:26 --------- d-----w C:\Program Files\StofWare
2008-08-25 09:13 2,946,544 ----a-w C:\Documents and Settings\Fabian\setup.exe
2008-08-22 13:02 --------- d-----w C:\Program Files\Elaborate Bytes
2008-08-19 14:58 45,056 ----a-w C:\WINDOWS\system32\UninstallBeetle.exe
2008-08-05 15:55 265,720 ----a-w C:\WINDOWS\system32\msdbg2.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2007-12-31 16:10 15,397 ----a-w C:\Program Files\settings.dat
2005-02-16 09:06 218,112 ----a-w C:\Documents and Settings\Fabian\scanner.exe
2005-02-15 09:16 290,304 ----a-w C:\Program Files\UPHClean-Setup.msi
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
2008-08-21 15:15 94736 --a------ C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"= "C:\Program Files\Windows Live\Toolbar\wltcore.dll" [2008-09-02 953360]
[HKEY_CLASSES_ROOT\clsid\{21fa44ef-376d-4d53-9b0f-8a89d3229068}]
[HKEY_CLASSES_ROOT\TypeLib\{182E05A4-F4FF-4F73-8C84-D36B87D915AF}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Arovax AntiSpyware"="C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe" [2007-09-21 1966080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-10-07 131072]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-05-05 1817600]
"flockbox"="D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe" [2007-12-14 1071472]
[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"pg32.exe"="C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe" [2008-10-08 84992]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCPL"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoNetSetup"= 0 (0x0)
"NoNetSetupIDPage"= 0 (0x0)
"NoNetSetupSecurityPage"= 0 (0x0)
"NoWorkgroupContents"= 0 (0x0)
"NoEntireNetwork"= 0 (0x0)
"NoFileSharingControl"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoInstrumentation"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoUserNameInStartMenu"= 1 (0x1)
"NoInstrumentation"= 0 (0x0)
"NoStartMenuPinnedList"= 0 (0x0)
"ForceStartMenuLogoff"= 0 (0x0)
"RestrictRun"= 0 (0x0)
"NoCommonGroups"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoThumbnailCache"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 0 (0x0)
"NoClose"= 0 (0x0)
"NoSetFolders"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"msvideo7"= STV680tg.dll
"vidc.yv12"= yv12vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Belkin Wireless USB Utility.lnk]
backup=C:\WINDOWS\pss\Belkin Wireless USB Utility.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Antivirus Pro
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-10-02 14:45 67488 C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2008-07-18 10:21 268672 C:\Program Files\Alcohol Soft\Alcohol 120\AxCmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
--a------ 2001-12-06 14:09 45056 C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 14:07 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-08-08 22:08 413696 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Boonty Games"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\System32\\dpnsvr.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Sega\\OutRun2006 Coast 2 Coast\\OR2006C2C.EXE"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:TCP"= 6346:TCP:Shereaza
"6346:UDP"= 6346:UDP:shareaza
"4242:TCP"= 4242:TCP:4242
"4242:UDP"= 4242:UDP:4242
"86:TCP"= 86:TCP:BroadCam Web Server
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 MPRIFL;MPRIFL;C:\WINDOWS\system32\DRIVERS\MPRIFL.SYS [2007-12-13 17264]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2005-02-11 16640]
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
R0 tffsport;M-Systems DiskOnChip 2000;C:\WINDOWS\system32\DRIVERS\tffsport.sys [2004-08-05 149376]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-08-29 141312]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-10-02 124832]
R2 Dnscache;Client DNS;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S1 d06264f0;d06264f0;C:\WINDOWS\system32\drivers\d06264f0.sys [ ]
S2 Belkin 54Mbps Wireless USB;Belkin 54Mbps Wireless USB Network Service;C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe [ ]
S3 AmeAtmPc;AmeAtmPc;C:\WINDOWS\system32\DRIVERS\AmeAtmPc.sys [2002-12-17 118391]
S3 AtmElan;Réseau émulant ATM;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2008-04-13 55808]
S3 AtmLane;Émulation réseau ATM;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2008-04-13 55808]
S3 camfilt2;camfilt2;C:\WINDOWS\system32\DRIVERS\camfilt2.sys [ ]
S3 int15.sys;int15.sys;C:\Program Files\acer\eRecovery\int15.sys [2005-01-13 69632]
S3 msloop;Pilote de carte de bouclage Microsoft;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 4992]
S3 XDva120;XDva120;C:\WINDOWS\system32\XDva120.sys [ ]
.
Contenu du dossier 'Tâches planifiées'
2008-10-09 C:\WINDOWS\Tasks\Schedule Task Weekly.job
- C:\Program Files\Registry Easy\RE.exe [2008-09-23 16:30]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{320E933A-03B1-423F-8A3E-10EA29EC5EA4} - (no file)
BHO-{4EC7AF3E-0521-4CAD-A677-BD12B42EDBAA} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-Getca - C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe
ShellExecuteHooks-{EA5FB64B-1CA5-4939-A93A-9E76234B0A67} - (no file)
Notify-dimsntfy - (no file)
Notify-xxywVlJB - (no file)
MSConfigStartUp-Getca - C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Fabian\Application Data\Mozilla\Firefox\Profiles\ko4nh5rh.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-13 12:11:39
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Heure de fin: 2008-10-13 12:13:19 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-13 10:13:18
ComboFix2.txt 2007-11-30 11:44:06
Avant-CF: 18.508.382.208 octets libres
Après-CF: 20,047,855,616 octets libres
295 --- E O F --- 2008-10-10 06:00:10
rapport de Hujackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:58, on 13/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe
C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
K:\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [flockbox] D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe /a
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Arovax AntiSpyware] C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe /s
O4 - HKCU\..\Policies\Explorer\Run: [pg32.exe] C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {1663B0BC-2CCE-4227-99BB-6E8B34FAC9E4} (COPPDetector Control) - https://drm.bittorrent.com/toaster/activex/COPPDetector.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Belkin 54Mbps Wireless USB Network Service (Belkin 54Mbps Wireless USB) - Unknown owner - C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe (file missing)
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SPM License Server (spmd) - mental images GmbH - C:\WINDOWS\system32\spm\spmdib.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
fabinou40
Messages postés
13
Date d'inscription
lundi 13 octobre 2008
Statut
Membre
Dernière intervention
13 octobre 2008
13 oct. 2008 à 12:17
13 oct. 2008 à 12:17
rapport de combofix :
ComboFix 08-10-11.04 - Fabian 2008-10-13 12:05:30.2 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.268 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Fabian\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Temp\abW9
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\rMa05yy
C:\WINDOWS\system32\rMa18yy
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Legacy_NPF
-------\Service_Boonty Games
-------\Service_NPF
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-13 au 2008-10-13 ))))))))))))))))))))))))))))))))))))
.
2101-04-29 16:27 . 2007-11-24 13:31 3,120 --a------ C:\WINDOWS\MF_C421.lfa
2101-04-29 16:27 . 2007-11-24 13:31 3,120 --a------ C:\WINDOWS\MF_C420.lfa
2008-10-13 10:55 . 2008-10-13 10:55 <REP> d-------- C:\WINDOWS\options
2008-10-13 10:05 . 2008-10-13 10:05 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-10-13 10:04 . 2003-10-13 15:30 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2008-10-13 10:04 . 2004-04-30 15:12 40,960 --a------ C:\WINDOWS\system32\B11gUSB.dll
2008-10-13 10:04 . 2003-09-25 23:28 31,930 --a------ C:\WINDOWS\system32\GTNDIS3.VXD
2008-10-13 10:04 . 2003-09-25 22:15 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys
2008-10-13 09:10 . 2008-10-13 09:10 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-10-13 08:34 . 2008-10-13 08:34 <REP> d-------- C:\Program Files\Yahoo!
2008-10-13 08:34 . 2008-10-13 08:34 <REP> d-------- C:\Program Files\Arovax AntiSpyware
2008-10-13 08:20 . 2008-10-13 09:26 1,606 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-13 08:00 . 2008-10-13 08:00 <REP> d-------- C:\Program Files\CCleaner
2008-10-12 21:44 . 2008-10-12 21:45 0 --a------ C:\WINDOWS\system32\atiicdxx.dat
2008-10-12 20:33 . 2008-10-12 20:33 0 --a------ C:\WINDOWS\system32\drivers\uhfepyd.sys
2008-10-12 20:30 . 2008-10-12 20:30 <REP> d-------- C:\Documents and Settings\julien.ACER-5C89C15659\Application Data\Malwarebytes
2008-10-12 20:17 . 2008-10-12 20:17 <REP> d-------- C:\!KillBox
2008-10-12 20:09 . 2008-10-12 20:09 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Spyware Terminator
2008-10-10 14:48 . 2008-10-10 14:48 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-10 14:48 . 2008-10-10 14:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-10 14:48 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-10 14:48 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-10 14:44 . 2008-10-10 14:44 <REP> d--hs---- C:\FOUND.006
2008-10-10 13:46 . 2008-10-10 13:46 <REP> d--hs---- C:\FOUND.005
2008-10-10 13:35 . 2008-10-10 13:49 346 --ahs---- C:\WINDOWS\system32\waGilnnn.ini
2008-10-10 13:16 . 2008-10-10 13:16 <REP> d-------- C:\Program Files\Exterminate It!
2008-10-10 12:15 . 2008-10-10 12:15 <REP> d-------- C:\Program Files\Spyware Doctor
2008-10-10 12:15 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-10-10 12:15 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-10-10 12:15 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-10-10 12:15 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-10-10 12:11 . 2008-10-10 12:11 <REP> d-------- C:\Program Files\Enigma Software Group
2008-10-10 08:56 . 2008-10-10 08:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-10-09 16:02 . 2008-10-09 16:02 42 --a------ C:\WINDOWS\system32\RegistryEasy.lie
2008-10-09 15:56 . 2008-10-09 15:56 <REP> d-------- C:\Program Files\Registry Easy
2008-10-09 15:21 . 2008-10-09 15:21 <REP> d--hs---- C:\Documents and Settings\Fabian\PrivacIE
2008-10-09 15:14 . 2008-04-14 04:33 81,920 --a------ C:\WINDOWS\system32\ieencode.dll
2008-10-09 08:16 . 2008-10-09 08:16 <REP> d--hs---- C:\FOUND.004
2008-10-09 07:59 . 2008-10-09 07:59 <REP> d-------- C:\Program Files\Common Files
2008-10-08 15:05 . 2008-10-08 15:05 <REP> d-------- C:\Program Files\Rockstar Games
2008-10-08 14:49 . 2008-10-08 14:49 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2008-10-03 10:44 . 2008-10-03 10:44 <REP> d-------- C:\Documents and Settings\Fabian\Tracing
2008-10-03 10:39 . 2008-10-03 10:39 <REP> d-------- C:\Program Files\Microsoft
2008-10-03 10:33 . 2008-10-03 10:33 <REP> d-------- C:\Program Files\Fichiers communs\Windows Live
2008-10-01 09:46 . 2008-10-01 09:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-10-01 09:31 . 2008-10-01 09:31 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-10-01 07:43 . 2008-10-01 07:43 <REP> d--hs---- C:\FOUND.003
2008-09-29 15:00 . 2008-09-29 15:00 <REP> d--hs---- C:\FOUND.002
2008-09-24 15:48 . 2008-09-24 15:48 <REP> d--hs---- C:\FOUND.001
2008-09-19 08:02 . 2003-11-20 15:28 651,264 --a------ C:\WINDOWS\system32\libeay32.dll
2008-09-19 08:02 . 2003-11-20 15:28 507,904 --a------ C:\WINDOWS\system32\AegisE5.dll
2008-09-19 08:02 . 2003-11-20 15:28 147,456 --a------ C:\WINDOWS\system32\ssleay32.dll
2008-09-19 08:02 . 2003-11-20 15:28 15,781 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys
2008-09-16 08:15 . 2008-09-16 08:16 <REP> d-------- C:\Program Files\PIXELA
2008-09-16 08:15 . 2002-04-07 13:26 106,496 --a------ C:\WINDOWS\system32\FPXS2Pro.dll
2008-09-16 08:14 . 2008-09-16 08:14 <REP> d-------- C:\Program Files\REGSHAVE
2008-09-16 08:14 . 2001-11-25 13:11 81,924 --------- C:\WINDOWS\system32\drivers\VC4CB104.SYS
2008-09-16 08:14 . 2002-02-27 13:27 65,536 --------- C:\WINDOWS\system32\FINFCHECK.dll
2008-09-16 08:14 . 2002-06-25 10:06 45,056 --------- C:\WINDOWS\system32\FINFCOPY.dll
2008-09-16 08:11 . 2002-02-05 18:33 69,632 --------- C:\WINDOWS\system32\FREGSHEX.DLL
2008-09-16 08:11 . 2002-02-13 12:00 45,056 --------- C:\WINDOWS\system32\FCLKBTN.DLL
2008-09-16 07:47 . 2004-08-05 05:00 149,376 --a------ C:\WINDOWS\system32\drivers\tffsport.sys
2008-09-16 07:47 . 2004-08-05 05:00 149,376 --a------ C:\WINDOWS\system32\dllcache\tffsport.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-29 06:13 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-09-11 07:26 --------- d-----w C:\Program Files\Photo to Sketch Pro
2008-09-11 07:18 --------- d-----w C:\Program Files\Photo To Sketch
2008-09-09 10:22 --------- d-----w C:\Program Files\Easy Mosaic
2008-09-09 06:55 --------- d-----w C:\Program Files\WinZip Self-Extractor
2008-09-08 22:03 51,712 ----a-w C:\WINDOWS\system32\sirenacm.dll
2008-09-05 14:04 288,768 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-09-04 06:16 --------- d-----w C:\Program Files\AxBx
2008-08-29 15:13 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-08-29 15:04 --------- d-----w C:\Program Files\Sega
2008-08-29 09:00 141,312 ----a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-08-25 13:26 --------- d-----w C:\Program Files\StofWare
2008-08-25 09:13 2,946,544 ----a-w C:\Documents and Settings\Fabian\setup.exe
2008-08-22 13:02 --------- d-----w C:\Program Files\Elaborate Bytes
2008-08-19 14:58 45,056 ----a-w C:\WINDOWS\system32\UninstallBeetle.exe
2008-08-05 15:55 265,720 ----a-w C:\WINDOWS\system32\msdbg2.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2007-12-31 16:10 15,397 ----a-w C:\Program Files\settings.dat
2005-02-16 09:06 218,112 ----a-w C:\Documents and Settings\Fabian\scanner.exe
2005-02-15 09:16 290,304 ----a-w C:\Program Files\UPHClean-Setup.msi
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
2008-08-21 15:15 94736 --a------ C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"= "C:\Program Files\Windows Live\Toolbar\wltcore.dll" [2008-09-02 953360]
[HKEY_CLASSES_ROOT\clsid\{21fa44ef-376d-4d53-9b0f-8a89d3229068}]
[HKEY_CLASSES_ROOT\TypeLib\{182E05A4-F4FF-4F73-8C84-D36B87D915AF}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Arovax AntiSpyware"="C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe" [2007-09-21 1966080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-10-07 131072]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-05-05 1817600]
"flockbox"="D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe" [2007-12-14 1071472]
[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"pg32.exe"="C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe" [2008-10-08 84992]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCPL"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoNetSetup"= 0 (0x0)
"NoNetSetupIDPage"= 0 (0x0)
"NoNetSetupSecurityPage"= 0 (0x0)
"NoWorkgroupContents"= 0 (0x0)
"NoEntireNetwork"= 0 (0x0)
"NoFileSharingControl"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoInstrumentation"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoUserNameInStartMenu"= 1 (0x1)
"NoInstrumentation"= 0 (0x0)
"NoStartMenuPinnedList"= 0 (0x0)
"ForceStartMenuLogoff"= 0 (0x0)
"RestrictRun"= 0 (0x0)
"NoCommonGroups"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoThumbnailCache"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 0 (0x0)
"NoClose"= 0 (0x0)
"NoSetFolders"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"msvideo7"= STV680tg.dll
"vidc.yv12"= yv12vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Belkin Wireless USB Utility.lnk]
backup=C:\WINDOWS\pss\Belkin Wireless USB Utility.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Antivirus Pro
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-10-02 14:45 67488 C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2008-07-18 10:21 268672 C:\Program Files\Alcohol Soft\Alcohol 120\AxCmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
--a------ 2001-12-06 14:09 45056 C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 14:07 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-08-08 22:08 413696 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Boonty Games"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\System32\\dpnsvr.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Sega\\OutRun2006 Coast 2 Coast\\OR2006C2C.EXE"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:TCP"= 6346:TCP:Shereaza
"6346:UDP"= 6346:UDP:shareaza
"4242:TCP"= 4242:TCP:4242
"4242:UDP"= 4242:UDP:4242
"86:TCP"= 86:TCP:BroadCam Web Server
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 MPRIFL;MPRIFL;C:\WINDOWS\system32\DRIVERS\MPRIFL.SYS [2007-12-13 17264]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2005-02-11 16640]
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
R0 tffsport;M-Systems DiskOnChip 2000;C:\WINDOWS\system32\DRIVERS\tffsport.sys [2004-08-05 149376]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-08-29 141312]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-10-02 124832]
R2 Dnscache;Client DNS;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S1 d06264f0;d06264f0;C:\WINDOWS\system32\drivers\d06264f0.sys [ ]
S2 Belkin 54Mbps Wireless USB;Belkin 54Mbps Wireless USB Network Service;C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe [ ]
S3 AmeAtmPc;AmeAtmPc;C:\WINDOWS\system32\DRIVERS\AmeAtmPc.sys [2002-12-17 118391]
S3 AtmElan;Réseau émulant ATM;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2008-04-13 55808]
S3 AtmLane;Émulation réseau ATM;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2008-04-13 55808]
S3 camfilt2;camfilt2;C:\WINDOWS\system32\DRIVERS\camfilt2.sys [ ]
S3 int15.sys;int15.sys;C:\Program Files\acer\eRecovery\int15.sys [2005-01-13 69632]
S3 msloop;Pilote de carte de bouclage Microsoft;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 4992]
S3 XDva120;XDva120;C:\WINDOWS\system32\XDva120.sys [ ]
.
Contenu du dossier 'Tâches planifiées'
2008-10-09 C:\WINDOWS\Tasks\Schedule Task Weekly.job
- C:\Program Files\Registry Easy\RE.exe [2008-09-23 16:30]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{320E933A-03B1-423F-8A3E-10EA29EC5EA4} - (no file)
BHO-{4EC7AF3E-0521-4CAD-A677-BD12B42EDBAA} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-Getca - C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe
ShellExecuteHooks-{EA5FB64B-1CA5-4939-A93A-9E76234B0A67} - (no file)
Notify-dimsntfy - (no file)
Notify-xxywVlJB - (no file)
MSConfigStartUp-Getca - C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Fabian\Application Data\Mozilla\Firefox\Profiles\ko4nh5rh.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-13 12:11:39
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Heure de fin: 2008-10-13 12:13:19 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-13 10:13:18
ComboFix2.txt 2007-11-30 11:44:06
Avant-CF: 18.508.382.208 octets libres
Après-CF: 20,047,855,616 octets libres
295 --- E O F --- 2008-10-10 06:00:10
rapport de Hujackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:58, on 13/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe
C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
K:\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [flockbox] D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe /a
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Arovax AntiSpyware] C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe /s
O4 - HKCU\..\Policies\Explorer\Run: [pg32.exe] C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {1663B0BC-2CCE-4227-99BB-6E8B34FAC9E4} (COPPDetector Control) - https://drm.bittorrent.com/toaster/activex/COPPDetector.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Belkin 54Mbps Wireless USB Network Service (Belkin 54Mbps Wireless USB) - Unknown owner - C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe (file missing)
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SPM License Server (spmd) - mental images GmbH - C:\WINDOWS\system32\spm\spmdib.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
ComboFix 08-10-11.04 - Fabian 2008-10-13 12:05:30.2 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.268 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Fabian\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Temp\abW9
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\rMa05yy
C:\WINDOWS\system32\rMa18yy
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Legacy_NPF
-------\Service_Boonty Games
-------\Service_NPF
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-13 au 2008-10-13 ))))))))))))))))))))))))))))))))))))
.
2101-04-29 16:27 . 2007-11-24 13:31 3,120 --a------ C:\WINDOWS\MF_C421.lfa
2101-04-29 16:27 . 2007-11-24 13:31 3,120 --a------ C:\WINDOWS\MF_C420.lfa
2008-10-13 10:55 . 2008-10-13 10:55 <REP> d-------- C:\WINDOWS\options
2008-10-13 10:05 . 2008-10-13 10:05 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-10-13 10:04 . 2003-10-13 15:30 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2008-10-13 10:04 . 2004-04-30 15:12 40,960 --a------ C:\WINDOWS\system32\B11gUSB.dll
2008-10-13 10:04 . 2003-09-25 23:28 31,930 --a------ C:\WINDOWS\system32\GTNDIS3.VXD
2008-10-13 10:04 . 2003-09-25 22:15 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys
2008-10-13 09:10 . 2008-10-13 09:10 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-10-13 08:34 . 2008-10-13 08:34 <REP> d-------- C:\Program Files\Yahoo!
2008-10-13 08:34 . 2008-10-13 08:34 <REP> d-------- C:\Program Files\Arovax AntiSpyware
2008-10-13 08:20 . 2008-10-13 09:26 1,606 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-13 08:00 . 2008-10-13 08:00 <REP> d-------- C:\Program Files\CCleaner
2008-10-12 21:44 . 2008-10-12 21:45 0 --a------ C:\WINDOWS\system32\atiicdxx.dat
2008-10-12 20:33 . 2008-10-12 20:33 0 --a------ C:\WINDOWS\system32\drivers\uhfepyd.sys
2008-10-12 20:30 . 2008-10-12 20:30 <REP> d-------- C:\Documents and Settings\julien.ACER-5C89C15659\Application Data\Malwarebytes
2008-10-12 20:17 . 2008-10-12 20:17 <REP> d-------- C:\!KillBox
2008-10-12 20:09 . 2008-10-12 20:09 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Spyware Terminator
2008-10-10 14:48 . 2008-10-10 14:48 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-10 14:48 . 2008-10-10 14:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-10 14:48 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-10 14:48 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-10 14:44 . 2008-10-10 14:44 <REP> d--hs---- C:\FOUND.006
2008-10-10 13:46 . 2008-10-10 13:46 <REP> d--hs---- C:\FOUND.005
2008-10-10 13:35 . 2008-10-10 13:49 346 --ahs---- C:\WINDOWS\system32\waGilnnn.ini
2008-10-10 13:16 . 2008-10-10 13:16 <REP> d-------- C:\Program Files\Exterminate It!
2008-10-10 12:15 . 2008-10-10 12:15 <REP> d-------- C:\Program Files\Spyware Doctor
2008-10-10 12:15 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-10-10 12:15 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-10-10 12:15 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-10-10 12:15 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-10-10 12:11 . 2008-10-10 12:11 <REP> d-------- C:\Program Files\Enigma Software Group
2008-10-10 08:56 . 2008-10-10 08:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-10-09 16:02 . 2008-10-09 16:02 42 --a------ C:\WINDOWS\system32\RegistryEasy.lie
2008-10-09 15:56 . 2008-10-09 15:56 <REP> d-------- C:\Program Files\Registry Easy
2008-10-09 15:21 . 2008-10-09 15:21 <REP> d--hs---- C:\Documents and Settings\Fabian\PrivacIE
2008-10-09 15:14 . 2008-04-14 04:33 81,920 --a------ C:\WINDOWS\system32\ieencode.dll
2008-10-09 08:16 . 2008-10-09 08:16 <REP> d--hs---- C:\FOUND.004
2008-10-09 07:59 . 2008-10-09 07:59 <REP> d-------- C:\Program Files\Common Files
2008-10-08 15:05 . 2008-10-08 15:05 <REP> d-------- C:\Program Files\Rockstar Games
2008-10-08 14:49 . 2008-10-08 14:49 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2008-10-03 10:44 . 2008-10-03 10:44 <REP> d-------- C:\Documents and Settings\Fabian\Tracing
2008-10-03 10:39 . 2008-10-03 10:39 <REP> d-------- C:\Program Files\Microsoft
2008-10-03 10:33 . 2008-10-03 10:33 <REP> d-------- C:\Program Files\Fichiers communs\Windows Live
2008-10-01 09:46 . 2008-10-01 09:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-10-01 09:31 . 2008-10-01 09:31 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-10-01 07:43 . 2008-10-01 07:43 <REP> d--hs---- C:\FOUND.003
2008-09-29 15:00 . 2008-09-29 15:00 <REP> d--hs---- C:\FOUND.002
2008-09-24 15:48 . 2008-09-24 15:48 <REP> d--hs---- C:\FOUND.001
2008-09-19 08:02 . 2003-11-20 15:28 651,264 --a------ C:\WINDOWS\system32\libeay32.dll
2008-09-19 08:02 . 2003-11-20 15:28 507,904 --a------ C:\WINDOWS\system32\AegisE5.dll
2008-09-19 08:02 . 2003-11-20 15:28 147,456 --a------ C:\WINDOWS\system32\ssleay32.dll
2008-09-19 08:02 . 2003-11-20 15:28 15,781 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys
2008-09-16 08:15 . 2008-09-16 08:16 <REP> d-------- C:\Program Files\PIXELA
2008-09-16 08:15 . 2002-04-07 13:26 106,496 --a------ C:\WINDOWS\system32\FPXS2Pro.dll
2008-09-16 08:14 . 2008-09-16 08:14 <REP> d-------- C:\Program Files\REGSHAVE
2008-09-16 08:14 . 2001-11-25 13:11 81,924 --------- C:\WINDOWS\system32\drivers\VC4CB104.SYS
2008-09-16 08:14 . 2002-02-27 13:27 65,536 --------- C:\WINDOWS\system32\FINFCHECK.dll
2008-09-16 08:14 . 2002-06-25 10:06 45,056 --------- C:\WINDOWS\system32\FINFCOPY.dll
2008-09-16 08:11 . 2002-02-05 18:33 69,632 --------- C:\WINDOWS\system32\FREGSHEX.DLL
2008-09-16 08:11 . 2002-02-13 12:00 45,056 --------- C:\WINDOWS\system32\FCLKBTN.DLL
2008-09-16 07:47 . 2004-08-05 05:00 149,376 --a------ C:\WINDOWS\system32\drivers\tffsport.sys
2008-09-16 07:47 . 2004-08-05 05:00 149,376 --a------ C:\WINDOWS\system32\dllcache\tffsport.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-29 06:13 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-09-11 07:26 --------- d-----w C:\Program Files\Photo to Sketch Pro
2008-09-11 07:18 --------- d-----w C:\Program Files\Photo To Sketch
2008-09-09 10:22 --------- d-----w C:\Program Files\Easy Mosaic
2008-09-09 06:55 --------- d-----w C:\Program Files\WinZip Self-Extractor
2008-09-08 22:03 51,712 ----a-w C:\WINDOWS\system32\sirenacm.dll
2008-09-05 14:04 288,768 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-09-04 06:16 --------- d-----w C:\Program Files\AxBx
2008-08-29 15:13 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-08-29 15:04 --------- d-----w C:\Program Files\Sega
2008-08-29 09:00 141,312 ----a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-08-25 13:26 --------- d-----w C:\Program Files\StofWare
2008-08-25 09:13 2,946,544 ----a-w C:\Documents and Settings\Fabian\setup.exe
2008-08-22 13:02 --------- d-----w C:\Program Files\Elaborate Bytes
2008-08-19 14:58 45,056 ----a-w C:\WINDOWS\system32\UninstallBeetle.exe
2008-08-05 15:55 265,720 ----a-w C:\WINDOWS\system32\msdbg2.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2007-12-31 16:10 15,397 ----a-w C:\Program Files\settings.dat
2005-02-16 09:06 218,112 ----a-w C:\Documents and Settings\Fabian\scanner.exe
2005-02-15 09:16 290,304 ----a-w C:\Program Files\UPHClean-Setup.msi
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
2008-08-21 15:15 94736 --a------ C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"= "C:\Program Files\Windows Live\Toolbar\wltcore.dll" [2008-09-02 953360]
[HKEY_CLASSES_ROOT\clsid\{21fa44ef-376d-4d53-9b0f-8a89d3229068}]
[HKEY_CLASSES_ROOT\TypeLib\{182E05A4-F4FF-4F73-8C84-D36B87D915AF}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Arovax AntiSpyware"="C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe" [2007-09-21 1966080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-10-07 131072]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-05-05 1817600]
"flockbox"="D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe" [2007-12-14 1071472]
[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"pg32.exe"="C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe" [2008-10-08 84992]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCPL"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoNetSetup"= 0 (0x0)
"NoNetSetupIDPage"= 0 (0x0)
"NoNetSetupSecurityPage"= 0 (0x0)
"NoWorkgroupContents"= 0 (0x0)
"NoEntireNetwork"= 0 (0x0)
"NoFileSharingControl"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoInstrumentation"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoUserNameInStartMenu"= 1 (0x1)
"NoInstrumentation"= 0 (0x0)
"NoStartMenuPinnedList"= 0 (0x0)
"ForceStartMenuLogoff"= 0 (0x0)
"RestrictRun"= 0 (0x0)
"NoCommonGroups"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoThumbnailCache"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 0 (0x0)
"NoClose"= 0 (0x0)
"NoSetFolders"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"msvideo7"= STV680tg.dll
"vidc.yv12"= yv12vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Belkin Wireless USB Utility.lnk]
backup=C:\WINDOWS\pss\Belkin Wireless USB Utility.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Antivirus Pro
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-10-02 14:45 67488 C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2008-07-18 10:21 268672 C:\Program Files\Alcohol Soft\Alcohol 120\AxCmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
--a------ 2001-12-06 14:09 45056 C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 14:07 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-08-08 22:08 413696 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Boonty Games"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\System32\\dpnsvr.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Sega\\OutRun2006 Coast 2 Coast\\OR2006C2C.EXE"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:TCP"= 6346:TCP:Shereaza
"6346:UDP"= 6346:UDP:shareaza
"4242:TCP"= 4242:TCP:4242
"4242:UDP"= 4242:UDP:4242
"86:TCP"= 86:TCP:BroadCam Web Server
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 MPRIFL;MPRIFL;C:\WINDOWS\system32\DRIVERS\MPRIFL.SYS [2007-12-13 17264]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2005-02-11 16640]
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
R0 tffsport;M-Systems DiskOnChip 2000;C:\WINDOWS\system32\DRIVERS\tffsport.sys [2004-08-05 149376]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-08-29 141312]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-10-02 124832]
R2 Dnscache;Client DNS;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S1 d06264f0;d06264f0;C:\WINDOWS\system32\drivers\d06264f0.sys [ ]
S2 Belkin 54Mbps Wireless USB;Belkin 54Mbps Wireless USB Network Service;C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe [ ]
S3 AmeAtmPc;AmeAtmPc;C:\WINDOWS\system32\DRIVERS\AmeAtmPc.sys [2002-12-17 118391]
S3 AtmElan;Réseau émulant ATM;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2008-04-13 55808]
S3 AtmLane;Émulation réseau ATM;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2008-04-13 55808]
S3 camfilt2;camfilt2;C:\WINDOWS\system32\DRIVERS\camfilt2.sys [ ]
S3 int15.sys;int15.sys;C:\Program Files\acer\eRecovery\int15.sys [2005-01-13 69632]
S3 msloop;Pilote de carte de bouclage Microsoft;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 4992]
S3 XDva120;XDva120;C:\WINDOWS\system32\XDva120.sys [ ]
.
Contenu du dossier 'Tâches planifiées'
2008-10-09 C:\WINDOWS\Tasks\Schedule Task Weekly.job
- C:\Program Files\Registry Easy\RE.exe [2008-09-23 16:30]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{320E933A-03B1-423F-8A3E-10EA29EC5EA4} - (no file)
BHO-{4EC7AF3E-0521-4CAD-A677-BD12B42EDBAA} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-Getca - C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe
ShellExecuteHooks-{EA5FB64B-1CA5-4939-A93A-9E76234B0A67} - (no file)
Notify-dimsntfy - (no file)
Notify-xxywVlJB - (no file)
MSConfigStartUp-Getca - C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Fabian\Application Data\Mozilla\Firefox\Profiles\ko4nh5rh.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-13 12:11:39
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Heure de fin: 2008-10-13 12:13:19 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-13 10:13:18
ComboFix2.txt 2007-11-30 11:44:06
Avant-CF: 18.508.382.208 octets libres
Après-CF: 20,047,855,616 octets libres
295 --- E O F --- 2008-10-10 06:00:10
rapport de Hujackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:58, on 13/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe
C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
K:\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [flockbox] D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe /a
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Arovax AntiSpyware] C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe /s
O4 - HKCU\..\Policies\Explorer\Run: [pg32.exe] C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {1663B0BC-2CCE-4227-99BB-6E8B34FAC9E4} (COPPDetector Control) - https://drm.bittorrent.com/toaster/activex/COPPDetector.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Belkin 54Mbps Wireless USB Network Service (Belkin 54Mbps Wireless USB) - Unknown owner - C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe (file missing)
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SPM License Server (spmd) - mental images GmbH - C:\WINDOWS\system32\spm\spmdib.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
fabinou40
Messages postés
13
Date d'inscription
lundi 13 octobre 2008
Statut
Membre
Dernière intervention
13 octobre 2008
13 oct. 2008 à 12:17
13 oct. 2008 à 12:17
rapport de combofix :
ComboFix 08-10-11.04 - Fabian 2008-10-13 12:05:30.2 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.268 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Fabian\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Temp\abW9
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\rMa05yy
C:\WINDOWS\system32\rMa18yy
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Legacy_NPF
-------\Service_Boonty Games
-------\Service_NPF
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-13 au 2008-10-13 ))))))))))))))))))))))))))))))))))))
.
2101-04-29 16:27 . 2007-11-24 13:31 3,120 --a------ C:\WINDOWS\MF_C421.lfa
2101-04-29 16:27 . 2007-11-24 13:31 3,120 --a------ C:\WINDOWS\MF_C420.lfa
2008-10-13 10:55 . 2008-10-13 10:55 <REP> d-------- C:\WINDOWS\options
2008-10-13 10:05 . 2008-10-13 10:05 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-10-13 10:04 . 2003-10-13 15:30 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2008-10-13 10:04 . 2004-04-30 15:12 40,960 --a------ C:\WINDOWS\system32\B11gUSB.dll
2008-10-13 10:04 . 2003-09-25 23:28 31,930 --a------ C:\WINDOWS\system32\GTNDIS3.VXD
2008-10-13 10:04 . 2003-09-25 22:15 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys
2008-10-13 09:10 . 2008-10-13 09:10 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-10-13 08:34 . 2008-10-13 08:34 <REP> d-------- C:\Program Files\Yahoo!
2008-10-13 08:34 . 2008-10-13 08:34 <REP> d-------- C:\Program Files\Arovax AntiSpyware
2008-10-13 08:20 . 2008-10-13 09:26 1,606 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-13 08:00 . 2008-10-13 08:00 <REP> d-------- C:\Program Files\CCleaner
2008-10-12 21:44 . 2008-10-12 21:45 0 --a------ C:\WINDOWS\system32\atiicdxx.dat
2008-10-12 20:33 . 2008-10-12 20:33 0 --a------ C:\WINDOWS\system32\drivers\uhfepyd.sys
2008-10-12 20:30 . 2008-10-12 20:30 <REP> d-------- C:\Documents and Settings\julien.ACER-5C89C15659\Application Data\Malwarebytes
2008-10-12 20:17 . 2008-10-12 20:17 <REP> d-------- C:\!KillBox
2008-10-12 20:09 . 2008-10-12 20:09 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Spyware Terminator
2008-10-10 14:48 . 2008-10-10 14:48 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-10 14:48 . 2008-10-10 14:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-10 14:48 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-10 14:48 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-10 14:44 . 2008-10-10 14:44 <REP> d--hs---- C:\FOUND.006
2008-10-10 13:46 . 2008-10-10 13:46 <REP> d--hs---- C:\FOUND.005
2008-10-10 13:35 . 2008-10-10 13:49 346 --ahs---- C:\WINDOWS\system32\waGilnnn.ini
2008-10-10 13:16 . 2008-10-10 13:16 <REP> d-------- C:\Program Files\Exterminate It!
2008-10-10 12:15 . 2008-10-10 12:15 <REP> d-------- C:\Program Files\Spyware Doctor
2008-10-10 12:15 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-10-10 12:15 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-10-10 12:15 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-10-10 12:15 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-10-10 12:11 . 2008-10-10 12:11 <REP> d-------- C:\Program Files\Enigma Software Group
2008-10-10 08:56 . 2008-10-10 08:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-10-09 16:02 . 2008-10-09 16:02 42 --a------ C:\WINDOWS\system32\RegistryEasy.lie
2008-10-09 15:56 . 2008-10-09 15:56 <REP> d-------- C:\Program Files\Registry Easy
2008-10-09 15:21 . 2008-10-09 15:21 <REP> d--hs---- C:\Documents and Settings\Fabian\PrivacIE
2008-10-09 15:14 . 2008-04-14 04:33 81,920 --a------ C:\WINDOWS\system32\ieencode.dll
2008-10-09 08:16 . 2008-10-09 08:16 <REP> d--hs---- C:\FOUND.004
2008-10-09 07:59 . 2008-10-09 07:59 <REP> d-------- C:\Program Files\Common Files
2008-10-08 15:05 . 2008-10-08 15:05 <REP> d-------- C:\Program Files\Rockstar Games
2008-10-08 14:49 . 2008-10-08 14:49 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2008-10-03 10:44 . 2008-10-03 10:44 <REP> d-------- C:\Documents and Settings\Fabian\Tracing
2008-10-03 10:39 . 2008-10-03 10:39 <REP> d-------- C:\Program Files\Microsoft
2008-10-03 10:33 . 2008-10-03 10:33 <REP> d-------- C:\Program Files\Fichiers communs\Windows Live
2008-10-01 09:46 . 2008-10-01 09:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-10-01 09:31 . 2008-10-01 09:31 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-10-01 07:43 . 2008-10-01 07:43 <REP> d--hs---- C:\FOUND.003
2008-09-29 15:00 . 2008-09-29 15:00 <REP> d--hs---- C:\FOUND.002
2008-09-24 15:48 . 2008-09-24 15:48 <REP> d--hs---- C:\FOUND.001
2008-09-19 08:02 . 2003-11-20 15:28 651,264 --a------ C:\WINDOWS\system32\libeay32.dll
2008-09-19 08:02 . 2003-11-20 15:28 507,904 --a------ C:\WINDOWS\system32\AegisE5.dll
2008-09-19 08:02 . 2003-11-20 15:28 147,456 --a------ C:\WINDOWS\system32\ssleay32.dll
2008-09-19 08:02 . 2003-11-20 15:28 15,781 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys
2008-09-16 08:15 . 2008-09-16 08:16 <REP> d-------- C:\Program Files\PIXELA
2008-09-16 08:15 . 2002-04-07 13:26 106,496 --a------ C:\WINDOWS\system32\FPXS2Pro.dll
2008-09-16 08:14 . 2008-09-16 08:14 <REP> d-------- C:\Program Files\REGSHAVE
2008-09-16 08:14 . 2001-11-25 13:11 81,924 --------- C:\WINDOWS\system32\drivers\VC4CB104.SYS
2008-09-16 08:14 . 2002-02-27 13:27 65,536 --------- C:\WINDOWS\system32\FINFCHECK.dll
2008-09-16 08:14 . 2002-06-25 10:06 45,056 --------- C:\WINDOWS\system32\FINFCOPY.dll
2008-09-16 08:11 . 2002-02-05 18:33 69,632 --------- C:\WINDOWS\system32\FREGSHEX.DLL
2008-09-16 08:11 . 2002-02-13 12:00 45,056 --------- C:\WINDOWS\system32\FCLKBTN.DLL
2008-09-16 07:47 . 2004-08-05 05:00 149,376 --a------ C:\WINDOWS\system32\drivers\tffsport.sys
2008-09-16 07:47 . 2004-08-05 05:00 149,376 --a------ C:\WINDOWS\system32\dllcache\tffsport.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-29 06:13 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-09-11 07:26 --------- d-----w C:\Program Files\Photo to Sketch Pro
2008-09-11 07:18 --------- d-----w C:\Program Files\Photo To Sketch
2008-09-09 10:22 --------- d-----w C:\Program Files\Easy Mosaic
2008-09-09 06:55 --------- d-----w C:\Program Files\WinZip Self-Extractor
2008-09-08 22:03 51,712 ----a-w C:\WINDOWS\system32\sirenacm.dll
2008-09-05 14:04 288,768 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-09-04 06:16 --------- d-----w C:\Program Files\AxBx
2008-08-29 15:13 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-08-29 15:04 --------- d-----w C:\Program Files\Sega
2008-08-29 09:00 141,312 ----a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-08-25 13:26 --------- d-----w C:\Program Files\StofWare
2008-08-25 09:13 2,946,544 ----a-w C:\Documents and Settings\Fabian\setup.exe
2008-08-22 13:02 --------- d-----w C:\Program Files\Elaborate Bytes
2008-08-19 14:58 45,056 ----a-w C:\WINDOWS\system32\UninstallBeetle.exe
2008-08-05 15:55 265,720 ----a-w C:\WINDOWS\system32\msdbg2.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2007-12-31 16:10 15,397 ----a-w C:\Program Files\settings.dat
2005-02-16 09:06 218,112 ----a-w C:\Documents and Settings\Fabian\scanner.exe
2005-02-15 09:16 290,304 ----a-w C:\Program Files\UPHClean-Setup.msi
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
2008-08-21 15:15 94736 --a------ C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"= "C:\Program Files\Windows Live\Toolbar\wltcore.dll" [2008-09-02 953360]
[HKEY_CLASSES_ROOT\clsid\{21fa44ef-376d-4d53-9b0f-8a89d3229068}]
[HKEY_CLASSES_ROOT\TypeLib\{182E05A4-F4FF-4F73-8C84-D36B87D915AF}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Arovax AntiSpyware"="C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe" [2007-09-21 1966080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-10-07 131072]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-05-05 1817600]
"flockbox"="D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe" [2007-12-14 1071472]
[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"pg32.exe"="C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe" [2008-10-08 84992]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCPL"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoNetSetup"= 0 (0x0)
"NoNetSetupIDPage"= 0 (0x0)
"NoNetSetupSecurityPage"= 0 (0x0)
"NoWorkgroupContents"= 0 (0x0)
"NoEntireNetwork"= 0 (0x0)
"NoFileSharingControl"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoInstrumentation"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoUserNameInStartMenu"= 1 (0x1)
"NoInstrumentation"= 0 (0x0)
"NoStartMenuPinnedList"= 0 (0x0)
"ForceStartMenuLogoff"= 0 (0x0)
"RestrictRun"= 0 (0x0)
"NoCommonGroups"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoThumbnailCache"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 0 (0x0)
"NoClose"= 0 (0x0)
"NoSetFolders"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"msvideo7"= STV680tg.dll
"vidc.yv12"= yv12vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Belkin Wireless USB Utility.lnk]
backup=C:\WINDOWS\pss\Belkin Wireless USB Utility.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Antivirus Pro
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-10-02 14:45 67488 C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2008-07-18 10:21 268672 C:\Program Files\Alcohol Soft\Alcohol 120\AxCmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
--a------ 2001-12-06 14:09 45056 C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 14:07 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-08-08 22:08 413696 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Boonty Games"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\System32\\dpnsvr.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Sega\\OutRun2006 Coast 2 Coast\\OR2006C2C.EXE"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:TCP"= 6346:TCP:Shereaza
"6346:UDP"= 6346:UDP:shareaza
"4242:TCP"= 4242:TCP:4242
"4242:UDP"= 4242:UDP:4242
"86:TCP"= 86:TCP:BroadCam Web Server
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 MPRIFL;MPRIFL;C:\WINDOWS\system32\DRIVERS\MPRIFL.SYS [2007-12-13 17264]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2005-02-11 16640]
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
R0 tffsport;M-Systems DiskOnChip 2000;C:\WINDOWS\system32\DRIVERS\tffsport.sys [2004-08-05 149376]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-08-29 141312]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-10-02 124832]
R2 Dnscache;Client DNS;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S1 d06264f0;d06264f0;C:\WINDOWS\system32\drivers\d06264f0.sys [ ]
S2 Belkin 54Mbps Wireless USB;Belkin 54Mbps Wireless USB Network Service;C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe [ ]
S3 AmeAtmPc;AmeAtmPc;C:\WINDOWS\system32\DRIVERS\AmeAtmPc.sys [2002-12-17 118391]
S3 AtmElan;Réseau émulant ATM;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2008-04-13 55808]
S3 AtmLane;Émulation réseau ATM;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2008-04-13 55808]
S3 camfilt2;camfilt2;C:\WINDOWS\system32\DRIVERS\camfilt2.sys [ ]
S3 int15.sys;int15.sys;C:\Program Files\acer\eRecovery\int15.sys [2005-01-13 69632]
S3 msloop;Pilote de carte de bouclage Microsoft;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 4992]
S3 XDva120;XDva120;C:\WINDOWS\system32\XDva120.sys [ ]
.
Contenu du dossier 'Tâches planifiées'
2008-10-09 C:\WINDOWS\Tasks\Schedule Task Weekly.job
- C:\Program Files\Registry Easy\RE.exe [2008-09-23 16:30]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{320E933A-03B1-423F-8A3E-10EA29EC5EA4} - (no file)
BHO-{4EC7AF3E-0521-4CAD-A677-BD12B42EDBAA} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-Getca - C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe
ShellExecuteHooks-{EA5FB64B-1CA5-4939-A93A-9E76234B0A67} - (no file)
Notify-dimsntfy - (no file)
Notify-xxywVlJB - (no file)
MSConfigStartUp-Getca - C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Fabian\Application Data\Mozilla\Firefox\Profiles\ko4nh5rh.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-13 12:11:39
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Heure de fin: 2008-10-13 12:13:19 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-13 10:13:18
ComboFix2.txt 2007-11-30 11:44:06
Avant-CF: 18.508.382.208 octets libres
Après-CF: 20,047,855,616 octets libres
295 --- E O F --- 2008-10-10 06:00:10
rapport de Hujackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:58, on 13/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe
C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
K:\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [flockbox] D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe /a
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Arovax AntiSpyware] C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe /s
O4 - HKCU\..\Policies\Explorer\Run: [pg32.exe] C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {1663B0BC-2CCE-4227-99BB-6E8B34FAC9E4} (COPPDetector Control) - https://drm.bittorrent.com/toaster/activex/COPPDetector.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Belkin 54Mbps Wireless USB Network Service (Belkin 54Mbps Wireless USB) - Unknown owner - C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe (file missing)
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SPM License Server (spmd) - mental images GmbH - C:\WINDOWS\system32\spm\spmdib.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
ComboFix 08-10-11.04 - Fabian 2008-10-13 12:05:30.2 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.268 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Fabian\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Temp\abW9
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\rMa05yy
C:\WINDOWS\system32\rMa18yy
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Legacy_NPF
-------\Service_Boonty Games
-------\Service_NPF
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-13 au 2008-10-13 ))))))))))))))))))))))))))))))))))))
.
2101-04-29 16:27 . 2007-11-24 13:31 3,120 --a------ C:\WINDOWS\MF_C421.lfa
2101-04-29 16:27 . 2007-11-24 13:31 3,120 --a------ C:\WINDOWS\MF_C420.lfa
2008-10-13 10:55 . 2008-10-13 10:55 <REP> d-------- C:\WINDOWS\options
2008-10-13 10:05 . 2008-10-13 10:05 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-10-13 10:04 . 2003-10-13 15:30 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2008-10-13 10:04 . 2004-04-30 15:12 40,960 --a------ C:\WINDOWS\system32\B11gUSB.dll
2008-10-13 10:04 . 2003-09-25 23:28 31,930 --a------ C:\WINDOWS\system32\GTNDIS3.VXD
2008-10-13 10:04 . 2003-09-25 22:15 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys
2008-10-13 09:10 . 2008-10-13 09:10 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-10-13 08:34 . 2008-10-13 08:34 <REP> d-------- C:\Program Files\Yahoo!
2008-10-13 08:34 . 2008-10-13 08:34 <REP> d-------- C:\Program Files\Arovax AntiSpyware
2008-10-13 08:20 . 2008-10-13 09:26 1,606 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-13 08:00 . 2008-10-13 08:00 <REP> d-------- C:\Program Files\CCleaner
2008-10-12 21:44 . 2008-10-12 21:45 0 --a------ C:\WINDOWS\system32\atiicdxx.dat
2008-10-12 20:33 . 2008-10-12 20:33 0 --a------ C:\WINDOWS\system32\drivers\uhfepyd.sys
2008-10-12 20:30 . 2008-10-12 20:30 <REP> d-------- C:\Documents and Settings\julien.ACER-5C89C15659\Application Data\Malwarebytes
2008-10-12 20:17 . 2008-10-12 20:17 <REP> d-------- C:\!KillBox
2008-10-12 20:09 . 2008-10-12 20:09 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Spyware Terminator
2008-10-10 14:48 . 2008-10-10 14:48 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-10 14:48 . 2008-10-10 14:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-10 14:48 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-10 14:48 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-10 14:44 . 2008-10-10 14:44 <REP> d--hs---- C:\FOUND.006
2008-10-10 13:46 . 2008-10-10 13:46 <REP> d--hs---- C:\FOUND.005
2008-10-10 13:35 . 2008-10-10 13:49 346 --ahs---- C:\WINDOWS\system32\waGilnnn.ini
2008-10-10 13:16 . 2008-10-10 13:16 <REP> d-------- C:\Program Files\Exterminate It!
2008-10-10 12:15 . 2008-10-10 12:15 <REP> d-------- C:\Program Files\Spyware Doctor
2008-10-10 12:15 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-10-10 12:15 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-10-10 12:15 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-10-10 12:15 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-10-10 12:11 . 2008-10-10 12:11 <REP> d-------- C:\Program Files\Enigma Software Group
2008-10-10 08:56 . 2008-10-10 08:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-10-09 16:02 . 2008-10-09 16:02 42 --a------ C:\WINDOWS\system32\RegistryEasy.lie
2008-10-09 15:56 . 2008-10-09 15:56 <REP> d-------- C:\Program Files\Registry Easy
2008-10-09 15:21 . 2008-10-09 15:21 <REP> d--hs---- C:\Documents and Settings\Fabian\PrivacIE
2008-10-09 15:14 . 2008-04-14 04:33 81,920 --a------ C:\WINDOWS\system32\ieencode.dll
2008-10-09 08:16 . 2008-10-09 08:16 <REP> d--hs---- C:\FOUND.004
2008-10-09 07:59 . 2008-10-09 07:59 <REP> d-------- C:\Program Files\Common Files
2008-10-08 15:05 . 2008-10-08 15:05 <REP> d-------- C:\Program Files\Rockstar Games
2008-10-08 14:49 . 2008-10-08 14:49 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2008-10-03 10:44 . 2008-10-03 10:44 <REP> d-------- C:\Documents and Settings\Fabian\Tracing
2008-10-03 10:39 . 2008-10-03 10:39 <REP> d-------- C:\Program Files\Microsoft
2008-10-03 10:33 . 2008-10-03 10:33 <REP> d-------- C:\Program Files\Fichiers communs\Windows Live
2008-10-01 09:46 . 2008-10-01 09:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-10-01 09:31 . 2008-10-01 09:31 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-10-01 07:43 . 2008-10-01 07:43 <REP> d--hs---- C:\FOUND.003
2008-09-29 15:00 . 2008-09-29 15:00 <REP> d--hs---- C:\FOUND.002
2008-09-24 15:48 . 2008-09-24 15:48 <REP> d--hs---- C:\FOUND.001
2008-09-19 08:02 . 2003-11-20 15:28 651,264 --a------ C:\WINDOWS\system32\libeay32.dll
2008-09-19 08:02 . 2003-11-20 15:28 507,904 --a------ C:\WINDOWS\system32\AegisE5.dll
2008-09-19 08:02 . 2003-11-20 15:28 147,456 --a------ C:\WINDOWS\system32\ssleay32.dll
2008-09-19 08:02 . 2003-11-20 15:28 15,781 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys
2008-09-16 08:15 . 2008-09-16 08:16 <REP> d-------- C:\Program Files\PIXELA
2008-09-16 08:15 . 2002-04-07 13:26 106,496 --a------ C:\WINDOWS\system32\FPXS2Pro.dll
2008-09-16 08:14 . 2008-09-16 08:14 <REP> d-------- C:\Program Files\REGSHAVE
2008-09-16 08:14 . 2001-11-25 13:11 81,924 --------- C:\WINDOWS\system32\drivers\VC4CB104.SYS
2008-09-16 08:14 . 2002-02-27 13:27 65,536 --------- C:\WINDOWS\system32\FINFCHECK.dll
2008-09-16 08:14 . 2002-06-25 10:06 45,056 --------- C:\WINDOWS\system32\FINFCOPY.dll
2008-09-16 08:11 . 2002-02-05 18:33 69,632 --------- C:\WINDOWS\system32\FREGSHEX.DLL
2008-09-16 08:11 . 2002-02-13 12:00 45,056 --------- C:\WINDOWS\system32\FCLKBTN.DLL
2008-09-16 07:47 . 2004-08-05 05:00 149,376 --a------ C:\WINDOWS\system32\drivers\tffsport.sys
2008-09-16 07:47 . 2004-08-05 05:00 149,376 --a------ C:\WINDOWS\system32\dllcache\tffsport.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-29 06:13 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-09-11 07:26 --------- d-----w C:\Program Files\Photo to Sketch Pro
2008-09-11 07:18 --------- d-----w C:\Program Files\Photo To Sketch
2008-09-09 10:22 --------- d-----w C:\Program Files\Easy Mosaic
2008-09-09 06:55 --------- d-----w C:\Program Files\WinZip Self-Extractor
2008-09-08 22:03 51,712 ----a-w C:\WINDOWS\system32\sirenacm.dll
2008-09-05 14:04 288,768 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-09-04 06:16 --------- d-----w C:\Program Files\AxBx
2008-08-29 15:13 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-08-29 15:04 --------- d-----w C:\Program Files\Sega
2008-08-29 09:00 141,312 ----a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-08-25 13:26 --------- d-----w C:\Program Files\StofWare
2008-08-25 09:13 2,946,544 ----a-w C:\Documents and Settings\Fabian\setup.exe
2008-08-22 13:02 --------- d-----w C:\Program Files\Elaborate Bytes
2008-08-19 14:58 45,056 ----a-w C:\WINDOWS\system32\UninstallBeetle.exe
2008-08-05 15:55 265,720 ----a-w C:\WINDOWS\system32\msdbg2.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2007-12-31 16:10 15,397 ----a-w C:\Program Files\settings.dat
2005-02-16 09:06 218,112 ----a-w C:\Documents and Settings\Fabian\scanner.exe
2005-02-15 09:16 290,304 ----a-w C:\Program Files\UPHClean-Setup.msi
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
2008-08-21 15:15 94736 --a------ C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"= "C:\Program Files\Windows Live\Toolbar\wltcore.dll" [2008-09-02 953360]
[HKEY_CLASSES_ROOT\clsid\{21fa44ef-376d-4d53-9b0f-8a89d3229068}]
[HKEY_CLASSES_ROOT\TypeLib\{182E05A4-F4FF-4F73-8C84-D36B87D915AF}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Arovax AntiSpyware"="C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe" [2007-09-21 1966080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-10-07 131072]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-05-05 1817600]
"flockbox"="D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe" [2007-12-14 1071472]
[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"pg32.exe"="C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe" [2008-10-08 84992]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCPL"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoNetSetup"= 0 (0x0)
"NoNetSetupIDPage"= 0 (0x0)
"NoNetSetupSecurityPage"= 0 (0x0)
"NoWorkgroupContents"= 0 (0x0)
"NoEntireNetwork"= 0 (0x0)
"NoFileSharingControl"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoInstrumentation"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoUserNameInStartMenu"= 1 (0x1)
"NoInstrumentation"= 0 (0x0)
"NoStartMenuPinnedList"= 0 (0x0)
"ForceStartMenuLogoff"= 0 (0x0)
"RestrictRun"= 0 (0x0)
"NoCommonGroups"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoThumbnailCache"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 0 (0x0)
"NoClose"= 0 (0x0)
"NoSetFolders"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"msvideo7"= STV680tg.dll
"vidc.yv12"= yv12vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Belkin Wireless USB Utility.lnk]
backup=C:\WINDOWS\pss\Belkin Wireless USB Utility.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Antivirus Pro
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-10-02 14:45 67488 C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2008-07-18 10:21 268672 C:\Program Files\Alcohol Soft\Alcohol 120\AxCmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
--a------ 2001-12-06 14:09 45056 C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 14:07 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-08-08 22:08 413696 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Boonty Games"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\System32\\dpnsvr.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Sega\\OutRun2006 Coast 2 Coast\\OR2006C2C.EXE"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:TCP"= 6346:TCP:Shereaza
"6346:UDP"= 6346:UDP:shareaza
"4242:TCP"= 4242:TCP:4242
"4242:UDP"= 4242:UDP:4242
"86:TCP"= 86:TCP:BroadCam Web Server
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 MPRIFL;MPRIFL;C:\WINDOWS\system32\DRIVERS\MPRIFL.SYS [2007-12-13 17264]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2005-02-11 16640]
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
R0 tffsport;M-Systems DiskOnChip 2000;C:\WINDOWS\system32\DRIVERS\tffsport.sys [2004-08-05 149376]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-08-29 141312]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-10-02 124832]
R2 Dnscache;Client DNS;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S1 d06264f0;d06264f0;C:\WINDOWS\system32\drivers\d06264f0.sys [ ]
S2 Belkin 54Mbps Wireless USB;Belkin 54Mbps Wireless USB Network Service;C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe [ ]
S3 AmeAtmPc;AmeAtmPc;C:\WINDOWS\system32\DRIVERS\AmeAtmPc.sys [2002-12-17 118391]
S3 AtmElan;Réseau émulant ATM;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2008-04-13 55808]
S3 AtmLane;Émulation réseau ATM;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2008-04-13 55808]
S3 camfilt2;camfilt2;C:\WINDOWS\system32\DRIVERS\camfilt2.sys [ ]
S3 int15.sys;int15.sys;C:\Program Files\acer\eRecovery\int15.sys [2005-01-13 69632]
S3 msloop;Pilote de carte de bouclage Microsoft;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 4992]
S3 XDva120;XDva120;C:\WINDOWS\system32\XDva120.sys [ ]
.
Contenu du dossier 'Tâches planifiées'
2008-10-09 C:\WINDOWS\Tasks\Schedule Task Weekly.job
- C:\Program Files\Registry Easy\RE.exe [2008-09-23 16:30]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{320E933A-03B1-423F-8A3E-10EA29EC5EA4} - (no file)
BHO-{4EC7AF3E-0521-4CAD-A677-BD12B42EDBAA} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-Getca - C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe
ShellExecuteHooks-{EA5FB64B-1CA5-4939-A93A-9E76234B0A67} - (no file)
Notify-dimsntfy - (no file)
Notify-xxywVlJB - (no file)
MSConfigStartUp-Getca - C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Fabian\Application Data\Mozilla\Firefox\Profiles\ko4nh5rh.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-13 12:11:39
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Heure de fin: 2008-10-13 12:13:19 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-13 10:13:18
ComboFix2.txt 2007-11-30 11:44:06
Avant-CF: 18.508.382.208 octets libres
Après-CF: 20,047,855,616 octets libres
295 --- E O F --- 2008-10-10 06:00:10
rapport de Hujackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:58, on 13/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe
C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
K:\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [flockbox] D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe /a
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Arovax AntiSpyware] C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe /s
O4 - HKCU\..\Policies\Explorer\Run: [pg32.exe] C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {1663B0BC-2CCE-4227-99BB-6E8B34FAC9E4} (COPPDetector Control) - https://drm.bittorrent.com/toaster/activex/COPPDetector.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Belkin 54Mbps Wireless USB Network Service (Belkin 54Mbps Wireless USB) - Unknown owner - C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe (file missing)
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SPM License Server (spmd) - mental images GmbH - C:\WINDOWS\system32\spm\spmdib.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Utilisateur anonyme
13 oct. 2008 à 13:00
13 oct. 2008 à 13:00
-Télécharge OTMoveIt de OldTimer.--> http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
-Sauvegarde le sur ton Bureau.
-Double-Clique sur OTMoveIt.exe pour le lancer.
-Copie le chemin des fichiers suivants en selectionnant TOUT et en appuyant sur CTRL+C (ou, après avoir sélectionner, clique-droit et choisis Copier) :
C:\WINDOWS\MF_C420.lfa
C:\WINDOWS\MF_C421.lfa
C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
C:\WINDOWS\system32\drivers\uhfepyd.sys
C:\WINDOWS\system32\waGilnnn.ini
C:\Documents and Settings\Fabian\setup.exe
C:\Documents and Settings\Fabian\scanner.exe
-Retourne dans OTMoveit, fais un clique-droit dans la fenêtre "Paste List of Files/Folders to be moved" et choisis Coller.
-Clique sur le bouton rouge Moveit!.
-Ferme OTMoveIt.
Note : Si un fichier ou un dossier ne peut être déplacer immédiatement il te sera demander de redémarrer ta machine pour finir le processus. Si c'est le cas, choisis Yes.
Poste nous le rapport de OTMoveIT dispo ici : C:\_OTMoveIt\MovedFiles
-Sauvegarde le sur ton Bureau.
-Double-Clique sur OTMoveIt.exe pour le lancer.
-Copie le chemin des fichiers suivants en selectionnant TOUT et en appuyant sur CTRL+C (ou, après avoir sélectionner, clique-droit et choisis Copier) :
C:\WINDOWS\MF_C420.lfa
C:\WINDOWS\MF_C421.lfa
C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
C:\WINDOWS\system32\drivers\uhfepyd.sys
C:\WINDOWS\system32\waGilnnn.ini
C:\Documents and Settings\Fabian\setup.exe
C:\Documents and Settings\Fabian\scanner.exe
-Retourne dans OTMoveit, fais un clique-droit dans la fenêtre "Paste List of Files/Folders to be moved" et choisis Coller.
-Clique sur le bouton rouge Moveit!.
-Ferme OTMoveIt.
Note : Si un fichier ou un dossier ne peut être déplacer immédiatement il te sera demander de redémarrer ta machine pour finir le processus. Si c'est le cas, choisis Yes.
Poste nous le rapport de OTMoveIT dispo ici : C:\_OTMoveIt\MovedFiles
résultat avec otmoveit
C:\WINDOWS\MF_C420.lfa moved successfully.
C:\WINDOWS\MF_C421.lfa moved successfully.
C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185} moved successfully.
C:\WINDOWS\system32\drivers\uhfepyd.sys moved successfully.
C:\WINDOWS\system32\waGilnnn.ini moved successfully.
C:\Documents and Settings\Fabian\setup.exe moved successfully.
C:\Documents and Settings\Fabian\scanner.exe moved successfully.
File/Folder not found.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10132008_131301
C:\WINDOWS\MF_C420.lfa moved successfully.
C:\WINDOWS\MF_C421.lfa moved successfully.
C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185} moved successfully.
C:\WINDOWS\system32\drivers\uhfepyd.sys moved successfully.
C:\WINDOWS\system32\waGilnnn.ini moved successfully.
C:\Documents and Settings\Fabian\setup.exe moved successfully.
C:\Documents and Settings\Fabian\scanner.exe moved successfully.
File/Folder not found.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10132008_131301
fabinou40
Messages postés
13
Date d'inscription
lundi 13 octobre 2008
Statut
Membre
Dernière intervention
13 octobre 2008
13 oct. 2008 à 13:17
13 oct. 2008 à 13:17
résultat après OTmoveit :
C:\WINDOWS\MF_C420.lfa moved successfully.
C:\WINDOWS\MF_C421.lfa moved successfully.
C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185} moved successfully.
C:\WINDOWS\system32\drivers\uhfepyd.sys moved successfully.
C:\WINDOWS\system32\waGilnnn.ini moved successfully.
C:\Documents and Settings\Fabian\setup.exe moved successfully.
C:\Documents and Settings\Fabian\scanner.exe moved successfully.
File/Folder not found.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10132008_131301
C:\WINDOWS\MF_C420.lfa moved successfully.
C:\WINDOWS\MF_C421.lfa moved successfully.
C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185} moved successfully.
C:\WINDOWS\system32\drivers\uhfepyd.sys moved successfully.
C:\WINDOWS\system32\waGilnnn.ini moved successfully.
C:\Documents and Settings\Fabian\setup.exe moved successfully.
C:\Documents and Settings\Fabian\scanner.exe moved successfully.
File/Folder not found.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10132008_131301
fabinou40
Messages postés
13
Date d'inscription
lundi 13 octobre 2008
Statut
Membre
Dernière intervention
13 octobre 2008
13 oct. 2008 à 13:20
13 oct. 2008 à 13:20
hijackthis donne ceci :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:18:29, on 13/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe
C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe
C:\Program Files\BELKIN USB Wireless Monitor\WLanCfgG.exe
C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera\opera.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\eMule\emule.exe
C:\Documents and Settings\Fabian\Bureau\OTMoveIt2.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
K:\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [flockbox] D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe /a
O4 - HKLM\..\Run: [Getca] C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Arovax AntiSpyware] C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe /s
O4 - HKCU\..\Policies\Explorer\Run: [pg32.exe] C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {1663B0BC-2CCE-4227-99BB-6E8B34FAC9E4} (COPPDetector Control) - https://drm.bittorrent.com/toaster/activex/COPPDetector.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Belkin 54Mbps Wireless USB Network Service (Belkin 54Mbps Wireless USB) - Unknown owner - C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SPM License Server (spmd) - mental images GmbH - C:\WINDOWS\system32\spm\spmdib.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:18:29, on 13/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe
C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe
C:\Program Files\BELKIN USB Wireless Monitor\WLanCfgG.exe
C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera\opera.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\eMule\emule.exe
C:\Documents and Settings\Fabian\Bureau\OTMoveIt2.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
K:\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [flockbox] D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe /a
O4 - HKLM\..\Run: [Getca] C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Arovax AntiSpyware] C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe /s
O4 - HKCU\..\Policies\Explorer\Run: [pg32.exe] C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {1663B0BC-2CCE-4227-99BB-6E8B34FAC9E4} (COPPDetector Control) - https://drm.bittorrent.com/toaster/activex/COPPDetector.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Belkin 54Mbps Wireless USB Network Service (Belkin 54Mbps Wireless USB) - Unknown owner - C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SPM License Server (spmd) - mental images GmbH - C:\WINDOWS\system32\spm\spmdib.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
fabinou40
Messages postés
13
Date d'inscription
lundi 13 octobre 2008
Statut
Membre
Dernière intervention
13 octobre 2008
13 oct. 2008 à 13:20
13 oct. 2008 à 13:20
hijackthis donne ceci :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:18:29, on 13/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe
C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe
C:\Program Files\BELKIN USB Wireless Monitor\WLanCfgG.exe
C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera\opera.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\eMule\emule.exe
C:\Documents and Settings\Fabian\Bureau\OTMoveIt2.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
K:\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [flockbox] D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe /a
O4 - HKLM\..\Run: [Getca] C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Arovax AntiSpyware] C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe /s
O4 - HKCU\..\Policies\Explorer\Run: [pg32.exe] C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {1663B0BC-2CCE-4227-99BB-6E8B34FAC9E4} (COPPDetector Control) - https://drm.bittorrent.com/toaster/activex/COPPDetector.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Belkin 54Mbps Wireless USB Network Service (Belkin 54Mbps Wireless USB) - Unknown owner - C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SPM License Server (spmd) - mental images GmbH - C:\WINDOWS\system32\spm\spmdib.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:18:29, on 13/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe
C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe
C:\Program Files\BELKIN USB Wireless Monitor\WLanCfgG.exe
C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera\opera.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\eMule\emule.exe
C:\Documents and Settings\Fabian\Bureau\OTMoveIt2.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
K:\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [flockbox] D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe /a
O4 - HKLM\..\Run: [Getca] C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Arovax AntiSpyware] C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe /s
O4 - HKCU\..\Policies\Explorer\Run: [pg32.exe] C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {1663B0BC-2CCE-4227-99BB-6E8B34FAC9E4} (COPPDetector Control) - https://drm.bittorrent.com/toaster/activex/COPPDetector.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Belkin 54Mbps Wireless USB Network Service (Belkin 54Mbps Wireless USB) - Unknown owner - C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SPM License Server (spmd) - mental images GmbH - C:\WINDOWS\system32\spm\spmdib.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe