Icones et barre des tachent clignotent

fabinou40 Messages postés 13 Statut Membre -  
 InfernO.vir -
Bonjour,

j'ai déjà parcourru bon nombre des rubriques à ce sujet mais je n'arrive pas à solutionner mes problèmes pc

Mes icones et bureau clignotent à interval régulier.
Le plupart des logiciel ne sont plus exécutables.

Sans vous dire j'ai déjà fait de multiples scans et détruits bons nombres de spyware, malware et autres mais le problème persiste.

Je recherche donc un docteur informatique pour soigner ma petite bécane

D'avance merci.

Fabian
Configuration: Windows XP
Internet Explorer 7.0

22 réponses

  • 1
  • 2
  1. InfernO.vir
     
    "Le plupart des logiciel ne sont plus exécutables."

    As-tu un message d'erreur ? du genre "l'application **** n'est pas une application Win32 valide" ?

    -Télécharge HiJackThis de Merijn sur ton bureau.

    -Renomme-le par exemple en heaven.exe pour contrer une infection Vundo

    - Double-clic sur Heaven.exe

    - Génère un rapport en suivant ces indications :
    - Exécute le et clique sur Do a scan and save log file.
    - Le rapport s'ouvre sur le Bloc-Note

    - Colle le rapport ici, pour cela :
    - Menu Edition / Selectionner Tout
    - Menu Edition / copier
    - Ici dans un nouveau message : clic droit / coller

    Aide :N'hésite pas à consulter l'aide HiJackThisl

    0
  2. sherred Messages postés 8605 Statut Membre 351
     
    et bien on va commencer par le debut
    1er télechargez hijackthis
    https://www.clubic.com/telecharger-fiche17891-hijackthis.html

    Lancez HijackThis en double cliquant sur son icône puis cliquez sur le bouton "Do a system scan only"
    Le rapport est retranscrit aussitôt apres le scan dans une fenêtre de type Bloc-notes
    il vous suffit de realiser un copier/coller et de le poster dans le forum

    2eme telechargez malwarebytes
    http://ftpclubic22.clubic.com/...
    aprés mise a jour faite un scan (de preference redemarrer sans echec pour faire le scan ) supprimez ce qu'il trouve et copier /coller les resultats

    3eme attendre nos reponses sur la suite de la procedure
    0
  3. fabinou40 Messages postés 13 Statut Membre
     
    voici le résultat après avoir scanner avec Hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:47:08, on 13/10/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
    C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
    C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe
    C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe
    C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe
    C:\WINDOWS\explorer.exe
    K:\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [flockbox] D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe /a
    O4 - HKLM\..\Run: [Getca] C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [Arovax AntiSpyware] C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe /s
    O4 - HKCU\..\Policies\Explorer\Run: [pg32.exe] C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {1663B0BC-2CCE-4227-99BB-6E8B34FAC9E4} (COPPDetector Control) - https://drm.bittorrent.com/toaster/activex/COPPDetector.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Belkin 54Mbps Wireless USB Network Service (Belkin 54Mbps Wireless USB) - Unknown owner - C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe
    O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: NMSAccess - Unknown owner - C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: SPM License Server (spmd) - mental images GmbH - C:\WINDOWS\system32\spm\spmdib.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    0
  4. InfernO.vir
     
    -Telecharge MBAM--> http://www.malwarebytes.org/mbam/program/mbam-setup.exe

    -Mets-le a jour

    -Execute un scan complet en mode sans echec

    -Supprime tout ce qu'il te trouve (liste en rouge) en cochant de vant les infections et en cliquant sur "supprimer la selection"

    -Poste le rapport

    NOTE : Le scan peut durer plusieurs heures selon l'espace occupé !

    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. fabinou40 Messages postés 13 Statut Membre
     
    bonjour,

    le scan avec mbam a donné ceci :

    Malwarebytes' Anti-Malware 1.28
    Version de la base de données: 1134
    Windows 5.1.2600 Service Pack 3

    13/10/2008 11:44:56
    mbam-log-2008-10-13 (11-44-56).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 244015
    Temps écoulé: 21 minute(s), 42 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 1
    Clé(s) du Registre infectée(s): 5
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 2
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 3

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\opnOIcbb.dll (Trojan.Vundo.H) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{abd03ce4-8057-45d3-8fa8-98e9d2aca394} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{abd03ce4-8057-45d3-8fa8-98e9d2aca394} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0ecc7d05-c233-4723-9c21-5b2b8b4da993} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a4bd7956-7aee-4814-8326-74a3e11c68d9} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\opnoicbb -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\opnoicbb -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\opnOIcbb.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\bbcIOnpo.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\bbcIOnpo.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

    bien à vous
    0
  7. fabinou40 Messages postés 13 Statut Membre
     
    bonjour,

    le scan avec mbam a donné ceci :

    Malwarebytes' Anti-Malware 1.28
    Version de la base de données: 1134
    Windows 5.1.2600 Service Pack 3

    13/10/2008 11:44:56
    mbam-log-2008-10-13 (11-44-56).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 244015
    Temps écoulé: 21 minute(s), 42 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 1
    Clé(s) du Registre infectée(s): 5
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 2
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 3

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\opnOIcbb.dll (Trojan.Vundo.H) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{abd03ce4-8057-45d3-8fa8-98e9d2aca394} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{abd03ce4-8057-45d3-8fa8-98e9d2aca394} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0ecc7d05-c233-4723-9c21-5b2b8b4da993} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a4bd7956-7aee-4814-8326-74a3e11c68d9} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\opnoicbb -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\opnoicbb -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\opnOIcbb.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\bbcIOnpo.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\bbcIOnpo.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

    bien à vous
    0
  8. InfernO.vir
     
    Désactive les logiciels de protection (Antivirus, Antispywares) puis :

    -Télécharge Combofix sUBs : combofix.exel

    et sauvegarde le sur ton bureau et pas ailleurs!

    -Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.

    -Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

    -Copie/colle un nouveau rapport HiJackThis avec.

    0
  9. fabinou40 Messages postés 13 Statut Membre
     
    rapport de combofix :

    ComboFix 08-10-11.04 - Fabian 2008-10-13 12:05:30.2 - [color=red][b]FAT32[/b][/color]x86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.268 [GMT 2:00]
    Lancé depuis: C:\Documents and Settings\Fabian\Bureau\ComboFix.exe
    * Un nouveau point de restauration a été créé

    [COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Temp\abW9
    C:\WINDOWS\system32\MSINET.oca
    C:\WINDOWS\system32\rMa05yy
    C:\WINDOWS\system32\rMa18yy

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_BOONTY_GAMES
    -------\Legacy_NPF
    -------\Service_Boonty Games
    -------\Service_NPF

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-13 au 2008-10-13 ))))))))))))))))))))))))))))))))))))
    .

    2101-04-29 16:27 . 2007-11-24 13:31 3,120 --a------ C:\WINDOWS\MF_C421.lfa
    2101-04-29 16:27 . 2007-11-24 13:31 3,120 --a------ C:\WINDOWS\MF_C420.lfa
    2008-10-13 10:55 . 2008-10-13 10:55 <REP> d-------- C:\WINDOWS\options
    2008-10-13 10:05 . 2008-10-13 10:05 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
    2008-10-13 10:04 . 2003-10-13 15:30 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll
    2008-10-13 10:04 . 2004-04-30 15:12 40,960 --a------ C:\WINDOWS\system32\B11gUSB.dll
    2008-10-13 10:04 . 2003-09-25 23:28 31,930 --a------ C:\WINDOWS\system32\GTNDIS3.VXD
    2008-10-13 10:04 . 2003-09-25 22:15 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys
    2008-10-13 09:10 . 2008-10-13 09:10 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
    2008-10-13 08:34 . 2008-10-13 08:34 <REP> d-------- C:\Program Files\Yahoo!
    2008-10-13 08:34 . 2008-10-13 08:34 <REP> d-------- C:\Program Files\Arovax AntiSpyware
    2008-10-13 08:20 . 2008-10-13 09:26 1,606 --a------ C:\WINDOWS\system32\tmp.reg
    2008-10-13 08:00 . 2008-10-13 08:00 <REP> d-------- C:\Program Files\CCleaner
    2008-10-12 21:44 . 2008-10-12 21:45 0 --a------ C:\WINDOWS\system32\atiicdxx.dat
    2008-10-12 20:33 . 2008-10-12 20:33 0 --a------ C:\WINDOWS\system32\drivers\uhfepyd.sys
    2008-10-12 20:30 . 2008-10-12 20:30 <REP> d-------- C:\Documents and Settings\julien.ACER-5C89C15659\Application Data\Malwarebytes
    2008-10-12 20:17 . 2008-10-12 20:17 <REP> d-------- C:\!KillBox
    2008-10-12 20:09 . 2008-10-12 20:09 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Spyware Terminator
    2008-10-10 14:48 . 2008-10-10 14:48 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-10 14:48 . 2008-10-10 14:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-10 14:48 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-10-10 14:48 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-10-10 14:44 . 2008-10-10 14:44 <REP> d--hs---- C:\FOUND.006
    2008-10-10 13:46 . 2008-10-10 13:46 <REP> d--hs---- C:\FOUND.005
    2008-10-10 13:35 . 2008-10-10 13:49 346 --ahs---- C:\WINDOWS\system32\waGilnnn.ini
    2008-10-10 13:16 . 2008-10-10 13:16 <REP> d-------- C:\Program Files\Exterminate It!
    2008-10-10 12:15 . 2008-10-10 12:15 <REP> d-------- C:\Program Files\Spyware Doctor
    2008-10-10 12:15 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-10-10 12:15 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-10-10 12:15 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2008-10-10 12:15 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2008-10-10 12:11 . 2008-10-10 12:11 <REP> d-------- C:\Program Files\Enigma Software Group
    2008-10-10 08:56 . 2008-10-10 08:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
    2008-10-09 16:02 . 2008-10-09 16:02 42 --a------ C:\WINDOWS\system32\RegistryEasy.lie
    2008-10-09 15:56 . 2008-10-09 15:56 <REP> d-------- C:\Program Files\Registry Easy
    2008-10-09 15:21 . 2008-10-09 15:21 <REP> d--hs---- C:\Documents and Settings\Fabian\PrivacIE
    2008-10-09 15:14 . 2008-04-14 04:33 81,920 --a------ C:\WINDOWS\system32\ieencode.dll
    2008-10-09 08:16 . 2008-10-09 08:16 <REP> d--hs---- C:\FOUND.004
    2008-10-09 07:59 . 2008-10-09 07:59 <REP> d-------- C:\Program Files\Common Files
    2008-10-08 15:05 . 2008-10-08 15:05 <REP> d-------- C:\Program Files\Rockstar Games
    2008-10-08 14:49 . 2008-10-08 14:49 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
    2008-10-03 10:44 . 2008-10-03 10:44 <REP> d-------- C:\Documents and Settings\Fabian\Tracing
    2008-10-03 10:39 . 2008-10-03 10:39 <REP> d-------- C:\Program Files\Microsoft
    2008-10-03 10:33 . 2008-10-03 10:33 <REP> d-------- C:\Program Files\Fichiers communs\Windows Live
    2008-10-01 09:46 . 2008-10-01 09:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-10-01 09:31 . 2008-10-01 09:31 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
    2008-10-01 07:43 . 2008-10-01 07:43 <REP> d--hs---- C:\FOUND.003
    2008-09-29 15:00 . 2008-09-29 15:00 <REP> d--hs---- C:\FOUND.002
    2008-09-24 15:48 . 2008-09-24 15:48 <REP> d--hs---- C:\FOUND.001
    2008-09-19 08:02 . 2003-11-20 15:28 651,264 --a------ C:\WINDOWS\system32\libeay32.dll
    2008-09-19 08:02 . 2003-11-20 15:28 507,904 --a------ C:\WINDOWS\system32\AegisE5.dll
    2008-09-19 08:02 . 2003-11-20 15:28 147,456 --a------ C:\WINDOWS\system32\ssleay32.dll
    2008-09-19 08:02 . 2003-11-20 15:28 15,781 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys
    2008-09-16 08:15 . 2008-09-16 08:16 <REP> d-------- C:\Program Files\PIXELA
    2008-09-16 08:15 . 2002-04-07 13:26 106,496 --a------ C:\WINDOWS\system32\FPXS2Pro.dll
    2008-09-16 08:14 . 2008-09-16 08:14 <REP> d-------- C:\Program Files\REGSHAVE
    2008-09-16 08:14 . 2001-11-25 13:11 81,924 --------- C:\WINDOWS\system32\drivers\VC4CB104.SYS
    2008-09-16 08:14 . 2002-02-27 13:27 65,536 --------- C:\WINDOWS\system32\FINFCHECK.dll
    2008-09-16 08:14 . 2002-06-25 10:06 45,056 --------- C:\WINDOWS\system32\FINFCOPY.dll
    2008-09-16 08:11 . 2002-02-05 18:33 69,632 --------- C:\WINDOWS\system32\FREGSHEX.DLL
    2008-09-16 08:11 . 2002-02-13 12:00 45,056 --------- C:\WINDOWS\system32\FCLKBTN.DLL
    2008-09-16 07:47 . 2004-08-05 05:00 149,376 --a------ C:\WINDOWS\system32\drivers\tffsport.sys
    2008-09-16 07:47 . 2004-08-05 05:00 149,376 --a------ C:\WINDOWS\system32\dllcache\tffsport.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-29 06:13 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
    2008-09-11 07:26 --------- d-----w C:\Program Files\Photo to Sketch Pro
    2008-09-11 07:18 --------- d-----w C:\Program Files\Photo To Sketch
    2008-09-09 10:22 --------- d-----w C:\Program Files\Easy Mosaic
    2008-09-09 06:55 --------- d-----w C:\Program Files\WinZip Self-Extractor
    2008-09-08 22:03 51,712 ----a-w C:\WINDOWS\system32\sirenacm.dll
    2008-09-05 14:04 288,768 ----a-w C:\WINDOWS\WLXPGSS.SCR
    2008-09-04 06:16 --------- d-----w C:\Program Files\AxBx
    2008-08-29 15:13 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2008-08-29 15:04 --------- d-----w C:\Program Files\Sega
    2008-08-29 09:00 141,312 ----a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
    2008-08-25 13:26 --------- d-----w C:\Program Files\StofWare
    2008-08-25 09:13 2,946,544 ----a-w C:\Documents and Settings\Fabian\setup.exe
    2008-08-22 13:02 --------- d-----w C:\Program Files\Elaborate Bytes
    2008-08-19 14:58 45,056 ----a-w C:\WINDOWS\system32\UninstallBeetle.exe
    2008-08-05 15:55 265,720 ----a-w C:\WINDOWS\system32\msdbg2.dll
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
    2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
    2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
    2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
    2007-12-31 16:10 15,397 ----a-w C:\Program Files\settings.dat
    2005-02-16 09:06 218,112 ----a-w C:\Documents and Settings\Fabian\scanner.exe
    2005-02-15 09:16 290,304 ----a-w C:\Program Files\UPHClean-Setup.msi
    2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
    2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
    2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
    2008-08-21 15:15 94736 --a------ C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{21FA44EF-376D-4D53-9B0F-8A89D3229068}"= "C:\Program Files\Windows Live\Toolbar\wltcore.dll" [2008-09-02 953360]

    [HKEY_CLASSES_ROOT\clsid\{21fa44ef-376d-4d53-9b0f-8a89d3229068}]
    [HKEY_CLASSES_ROOT\TypeLib\{182E05A4-F4FF-4F73-8C84-D36B87D915AF}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
    "Arovax AntiSpyware"="C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe" [2007-09-21 1966080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-10-07 131072]
    "SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-05-05 1817600]
    "flockbox"="D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe" [2007-12-14 1071472]

    [HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
    "pg32.exe"="C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe" [2008-10-08 84992]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "NoSecCPL"= 0 (0x0)
    "NoDevMgrPage"= 0 (0x0)
    "NoConfigPage"= 0 (0x0)
    "NoVirtMemPage"= 0 (0x0)
    "NoFileSysPage"= 0 (0x0)
    "NoNetSetup"= 0 (0x0)
    "NoNetSetupIDPage"= 0 (0x0)
    "NoNetSetupSecurityPage"= 0 (0x0)
    "NoWorkgroupContents"= 0 (0x0)
    "NoEntireNetwork"= 0 (0x0)
    "NoFileSharingControl"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoFavoritesMenu"= 0 (0x0)
    "NoSMMyPictures"= 0 (0x0)
    "NoStartMenuMyMusic"= 0 (0x0)
    "NoRecentDocsNetHood"= 0 (0x0)
    "NoInstrumentation"= 0 (0x0)
    "NoSimpleStartMenu"= 0 (0x0)
    "NoResolveTrack"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMBalloonTip"= 0 (0x0)
    "NoFavoritesMenu"= 0 (0x0)
    "NoSMMyPictures"= 0 (0x0)
    "NoStartMenuMyMusic"= 0 (0x0)
    "NoRecentDocsNetHood"= 0 (0x0)
    "NoUserNameInStartMenu"= 1 (0x1)
    "NoInstrumentation"= 0 (0x0)
    "NoStartMenuPinnedList"= 0 (0x0)
    "ForceStartMenuLogoff"= 0 (0x0)
    "RestrictRun"= 0 (0x0)
    "NoCommonGroups"= 1 (0x1)
    "NoResolveTrack"= 1 (0x1)
    "NoThumbnailCache"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoLogOff"= 0 (0x0)
    "NoClose"= 0 (0x0)
    "NoSetFolders"= 0 (0x0)
    "NoFavoritesMenu"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.I420"= i420vfw.dll
    "msvideo7"= STV680tg.dll
    "vidc.yv12"= yv12vfw.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
    backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Belkin Wireless USB Utility.lnk]
    backup=C:\WINDOWS\pss\Belkin Wireless USB Utility.lnkCommon Startup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Antivirus Pro

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    --a------ 2007-10-02 14:45 67488 C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
    --a------ 2008-07-18 10:21 268672 C:\Program Files\Alcohol Soft\Alcohol 120\AxCmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
    --a------ 2001-12-06 14:09 45056 C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
    --a------ 2006-11-13 14:07 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-08-08 22:08 413696 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Boonty Games"=3 (0x3)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\WINDOWS\\System32\\dpnsvr.exe"=
    "C:\\Program Files\\Opera\\Opera.exe"=
    "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Sega\\OutRun2006 Coast 2 Coast\\OR2006C2C.EXE"=
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "6346:TCP"= 6346:TCP:Shereaza
    "6346:UDP"= 6346:UDP:shareaza
    "4242:TCP"= 4242:TCP:4242
    "4242:UDP"= 4242:UDP:4242
    "86:TCP"= 86:TCP:BroadCam Web Server
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R0 MPRIFL;MPRIFL;C:\WINDOWS\system32\DRIVERS\MPRIFL.SYS [2007-12-13 17264]
    R0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2005-02-11 16640]
    R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
    R0 tffsport;M-Systems DiskOnChip 2000;C:\WINDOWS\system32\DRIVERS\tffsport.sys [2004-08-05 149376]
    R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-08-29 141312]
    R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-10-02 124832]
    R2 Dnscache;Client DNS;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    S1 d06264f0;d06264f0;C:\WINDOWS\system32\drivers\d06264f0.sys [ ]
    S2 Belkin 54Mbps Wireless USB;Belkin 54Mbps Wireless USB Network Service;C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe [ ]
    S3 AmeAtmPc;AmeAtmPc;C:\WINDOWS\system32\DRIVERS\AmeAtmPc.sys [2002-12-17 118391]
    S3 AtmElan;Réseau émulant ATM;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2008-04-13 55808]
    S3 AtmLane;Émulation réseau ATM;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2008-04-13 55808]
    S3 camfilt2;camfilt2;C:\WINDOWS\system32\DRIVERS\camfilt2.sys [ ]
    S3 int15.sys;int15.sys;C:\Program Files\acer\eRecovery\int15.sys [2005-01-13 69632]
    S3 msloop;Pilote de carte de bouclage Microsoft;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 4992]
    S3 XDva120;XDva120;C:\WINDOWS\system32\XDva120.sys [ ]
    .
    Contenu du dossier 'Tâches planifiées'

    2008-10-09 C:\WINDOWS\Tasks\Schedule Task Weekly.job
    - C:\Program Files\Registry Easy\RE.exe [2008-09-23 16:30]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{320E933A-03B1-423F-8A3E-10EA29EC5EA4} - (no file)
    BHO-{4EC7AF3E-0521-4CAD-A677-BD12B42EDBAA} - (no file)
    WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
    HKLM-Run-Getca - C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe
    ShellExecuteHooks-{EA5FB64B-1CA5-4939-A93A-9E76234B0A67} - (no file)
    Notify-dimsntfy - (no file)
    Notify-xxywVlJB - (no file)
    MSConfigStartUp-Getca - C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe

    .
    ------- Examen supplémentaire -------
    .
    FireFox -: Profile - C:\Documents and Settings\Fabian\Application Data\Mozilla\Firefox\Profiles\ko4nh5rh.default\
    FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-13 12:11:39
    Windows 5.1.2600 Service Pack 3 FAT NTAPI

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    ------------------------ Autres processus actifs ------------------------
    .
    C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-10-13 12:13:19 - La machine a redémarré
    ComboFix-quarantined-files.txt 2008-10-13 10:13:18
    ComboFix2.txt 2007-11-30 11:44:06

    Avant-CF: 18.508.382.208 octets libres
    Après-CF: 20,047,855,616 octets libres

    295 --- E O F --- 2008-10-10 06:00:10

    rapport de Hujackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:15:58, on 13/10/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
    D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe
    C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\explorer.exe
    K:\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
    O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [flockbox] D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe /a
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [Arovax AntiSpyware] C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe /s
    O4 - HKCU\..\Policies\Explorer\Run: [pg32.exe] C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {1663B0BC-2CCE-4227-99BB-6E8B34FAC9E4} (COPPDetector Control) - https://drm.bittorrent.com/toaster/activex/COPPDetector.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Belkin 54Mbps Wireless USB Network Service (Belkin 54Mbps Wireless USB) - Unknown owner - C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe (file missing)
    O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: NMSAccess - Unknown owner - C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: SPM License Server (spmd) - mental images GmbH - C:\WINDOWS\system32\spm\spmdib.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    0
  10. fabinou40 Messages postés 13 Statut Membre
     
    rapport de combofix :

    ComboFix 08-10-11.04 - Fabian 2008-10-13 12:05:30.2 - [color=red][b]FAT32[/b][/color]x86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.268 [GMT 2:00]
    Lancé depuis: C:\Documents and Settings\Fabian\Bureau\ComboFix.exe
    * Un nouveau point de restauration a été créé

    [COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Temp\abW9
    C:\WINDOWS\system32\MSINET.oca
    C:\WINDOWS\system32\rMa05yy
    C:\WINDOWS\system32\rMa18yy

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_BOONTY_GAMES
    -------\Legacy_NPF
    -------\Service_Boonty Games
    -------\Service_NPF

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-13 au 2008-10-13 ))))))))))))))))))))))))))))))))))))
    .

    2101-04-29 16:27 . 2007-11-24 13:31 3,120 --a------ C:\WINDOWS\MF_C421.lfa
    2101-04-29 16:27 . 2007-11-24 13:31 3,120 --a------ C:\WINDOWS\MF_C420.lfa
    2008-10-13 10:55 . 2008-10-13 10:55 <REP> d-------- C:\WINDOWS\options
    2008-10-13 10:05 . 2008-10-13 10:05 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
    2008-10-13 10:04 . 2003-10-13 15:30 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll
    2008-10-13 10:04 . 2004-04-30 15:12 40,960 --a------ C:\WINDOWS\system32\B11gUSB.dll
    2008-10-13 10:04 . 2003-09-25 23:28 31,930 --a------ C:\WINDOWS\system32\GTNDIS3.VXD
    2008-10-13 10:04 . 2003-09-25 22:15 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys
    2008-10-13 09:10 . 2008-10-13 09:10 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
    2008-10-13 08:34 . 2008-10-13 08:34 <REP> d-------- C:\Program Files\Yahoo!
    2008-10-13 08:34 . 2008-10-13 08:34 <REP> d-------- C:\Program Files\Arovax AntiSpyware
    2008-10-13 08:20 . 2008-10-13 09:26 1,606 --a------ C:\WINDOWS\system32\tmp.reg
    2008-10-13 08:00 . 2008-10-13 08:00 <REP> d-------- C:\Program Files\CCleaner
    2008-10-12 21:44 . 2008-10-12 21:45 0 --a------ C:\WINDOWS\system32\atiicdxx.dat
    2008-10-12 20:33 . 2008-10-12 20:33 0 --a------ C:\WINDOWS\system32\drivers\uhfepyd.sys
    2008-10-12 20:30 . 2008-10-12 20:30 <REP> d-------- C:\Documents and Settings\julien.ACER-5C89C15659\Application Data\Malwarebytes
    2008-10-12 20:17 . 2008-10-12 20:17 <REP> d-------- C:\!KillBox
    2008-10-12 20:09 . 2008-10-12 20:09 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Spyware Terminator
    2008-10-10 14:48 . 2008-10-10 14:48 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-10 14:48 . 2008-10-10 14:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-10 14:48 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-10-10 14:48 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-10-10 14:44 . 2008-10-10 14:44 <REP> d--hs---- C:\FOUND.006
    2008-10-10 13:46 . 2008-10-10 13:46 <REP> d--hs---- C:\FOUND.005
    2008-10-10 13:35 . 2008-10-10 13:49 346 --ahs---- C:\WINDOWS\system32\waGilnnn.ini
    2008-10-10 13:16 . 2008-10-10 13:16 <REP> d-------- C:\Program Files\Exterminate It!
    2008-10-10 12:15 . 2008-10-10 12:15 <REP> d-------- C:\Program Files\Spyware Doctor
    2008-10-10 12:15 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-10-10 12:15 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-10-10 12:15 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2008-10-10 12:15 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2008-10-10 12:11 . 2008-10-10 12:11 <REP> d-------- C:\Program Files\Enigma Software Group
    2008-10-10 08:56 . 2008-10-10 08:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
    2008-10-09 16:02 . 2008-10-09 16:02 42 --a------ C:\WINDOWS\system32\RegistryEasy.lie
    2008-10-09 15:56 . 2008-10-09 15:56 <REP> d-------- C:\Program Files\Registry Easy
    2008-10-09 15:21 . 2008-10-09 15:21 <REP> d--hs---- C:\Documents and Settings\Fabian\PrivacIE
    2008-10-09 15:14 . 2008-04-14 04:33 81,920 --a------ C:\WINDOWS\system32\ieencode.dll
    2008-10-09 08:16 . 2008-10-09 08:16 <REP> d--hs---- C:\FOUND.004
    2008-10-09 07:59 . 2008-10-09 07:59 <REP> d-------- C:\Program Files\Common Files
    2008-10-08 15:05 . 2008-10-08 15:05 <REP> d-------- C:\Program Files\Rockstar Games
    2008-10-08 14:49 . 2008-10-08 14:49 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
    2008-10-03 10:44 . 2008-10-03 10:44 <REP> d-------- C:\Documents and Settings\Fabian\Tracing
    2008-10-03 10:39 . 2008-10-03 10:39 <REP> d-------- C:\Program Files\Microsoft
    2008-10-03 10:33 . 2008-10-03 10:33 <REP> d-------- C:\Program Files\Fichiers communs\Windows Live
    2008-10-01 09:46 . 2008-10-01 09:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-10-01 09:31 . 2008-10-01 09:31 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
    2008-10-01 07:43 . 2008-10-01 07:43 <REP> d--hs---- C:\FOUND.003
    2008-09-29 15:00 . 2008-09-29 15:00 <REP> d--hs---- C:\FOUND.002
    2008-09-24 15:48 . 2008-09-24 15:48 <REP> d--hs---- C:\FOUND.001
    2008-09-19 08:02 . 2003-11-20 15:28 651,264 --a------ C:\WINDOWS\system32\libeay32.dll
    2008-09-19 08:02 . 2003-11-20 15:28 507,904 --a------ C:\WINDOWS\system32\AegisE5.dll
    2008-09-19 08:02 . 2003-11-20 15:28 147,456 --a------ C:\WINDOWS\system32\ssleay32.dll
    2008-09-19 08:02 . 2003-11-20 15:28 15,781 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys
    2008-09-16 08:15 . 2008-09-16 08:16 <REP> d-------- C:\Program Files\PIXELA
    2008-09-16 08:15 . 2002-04-07 13:26 106,496 --a------ C:\WINDOWS\system32\FPXS2Pro.dll
    2008-09-16 08:14 . 2008-09-16 08:14 <REP> d-------- C:\Program Files\REGSHAVE
    2008-09-16 08:14 . 2001-11-25 13:11 81,924 --------- C:\WINDOWS\system32\drivers\VC4CB104.SYS
    2008-09-16 08:14 . 2002-02-27 13:27 65,536 --------- C:\WINDOWS\system32\FINFCHECK.dll
    2008-09-16 08:14 . 2002-06-25 10:06 45,056 --------- C:\WINDOWS\system32\FINFCOPY.dll
    2008-09-16 08:11 . 2002-02-05 18:33 69,632 --------- C:\WINDOWS\system32\FREGSHEX.DLL
    2008-09-16 08:11 . 2002-02-13 12:00 45,056 --------- C:\WINDOWS\system32\FCLKBTN.DLL
    2008-09-16 07:47 . 2004-08-05 05:00 149,376 --a------ C:\WINDOWS\system32\drivers\tffsport.sys
    2008-09-16 07:47 . 2004-08-05 05:00 149,376 --a------ C:\WINDOWS\system32\dllcache\tffsport.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-29 06:13 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
    2008-09-11 07:26 --------- d-----w C:\Program Files\Photo to Sketch Pro
    2008-09-11 07:18 --------- d-----w C:\Program Files\Photo To Sketch
    2008-09-09 10:22 --------- d-----w C:\Program Files\Easy Mosaic
    2008-09-09 06:55 --------- d-----w C:\Program Files\WinZip Self-Extractor
    2008-09-08 22:03 51,712 ----a-w C:\WINDOWS\system32\sirenacm.dll
    2008-09-05 14:04 288,768 ----a-w C:\WINDOWS\WLXPGSS.SCR
    2008-09-04 06:16 --------- d-----w C:\Program Files\AxBx
    2008-08-29 15:13 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2008-08-29 15:04 --------- d-----w C:\Program Files\Sega
    2008-08-29 09:00 141,312 ----a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
    2008-08-25 13:26 --------- d-----w C:\Program Files\StofWare
    2008-08-25 09:13 2,946,544 ----a-w C:\Documents and Settings\Fabian\setup.exe
    2008-08-22 13:02 --------- d-----w C:\Program Files\Elaborate Bytes
    2008-08-19 14:58 45,056 ----a-w C:\WINDOWS\system32\UninstallBeetle.exe
    2008-08-05 15:55 265,720 ----a-w C:\WINDOWS\system32\msdbg2.dll
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
    2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
    2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
    2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
    2007-12-31 16:10 15,397 ----a-w C:\Program Files\settings.dat
    2005-02-16 09:06 218,112 ----a-w C:\Documents and Settings\Fabian\scanner.exe
    2005-02-15 09:16 290,304 ----a-w C:\Program Files\UPHClean-Setup.msi
    2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
    2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
    2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
    2008-08-21 15:15 94736 --a------ C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{21FA44EF-376D-4D53-9B0F-8A89D3229068}"= "C:\Program Files\Windows Live\Toolbar\wltcore.dll" [2008-09-02 953360]

    [HKEY_CLASSES_ROOT\clsid\{21fa44ef-376d-4d53-9b0f-8a89d3229068}]
    [HKEY_CLASSES_ROOT\TypeLib\{182E05A4-F4FF-4F73-8C84-D36B87D915AF}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
    "Arovax AntiSpyware"="C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe" [2007-09-21 1966080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-10-07 131072]
    "SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-05-05 1817600]
    "flockbox"="D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe" [2007-12-14 1071472]

    [HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
    "pg32.exe"="C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe" [2008-10-08 84992]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "NoSecCPL"= 0 (0x0)
    "NoDevMgrPage"= 0 (0x0)
    "NoConfigPage"= 0 (0x0)
    "NoVirtMemPage"= 0 (0x0)
    "NoFileSysPage"= 0 (0x0)
    "NoNetSetup"= 0 (0x0)
    "NoNetSetupIDPage"= 0 (0x0)
    "NoNetSetupSecurityPage"= 0 (0x0)
    "NoWorkgroupContents"= 0 (0x0)
    "NoEntireNetwork"= 0 (0x0)
    "NoFileSharingControl"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoFavoritesMenu"= 0 (0x0)
    "NoSMMyPictures"= 0 (0x0)
    "NoStartMenuMyMusic"= 0 (0x0)
    "NoRecentDocsNetHood"= 0 (0x0)
    "NoInstrumentation"= 0 (0x0)
    "NoSimpleStartMenu"= 0 (0x0)
    "NoResolveTrack"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMBalloonTip"= 0 (0x0)
    "NoFavoritesMenu"= 0 (0x0)
    "NoSMMyPictures"= 0 (0x0)
    "NoStartMenuMyMusic"= 0 (0x0)
    "NoRecentDocsNetHood"= 0 (0x0)
    "NoUserNameInStartMenu"= 1 (0x1)
    "NoInstrumentation"= 0 (0x0)
    "NoStartMenuPinnedList"= 0 (0x0)
    "ForceStartMenuLogoff"= 0 (0x0)
    "RestrictRun"= 0 (0x0)
    "NoCommonGroups"= 1 (0x1)
    "NoResolveTrack"= 1 (0x1)
    "NoThumbnailCache"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoLogOff"= 0 (0x0)
    "NoClose"= 0 (0x0)
    "NoSetFolders"= 0 (0x0)
    "NoFavoritesMenu"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.I420"= i420vfw.dll
    "msvideo7"= STV680tg.dll
    "vidc.yv12"= yv12vfw.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
    backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Belkin Wireless USB Utility.lnk]
    backup=C:\WINDOWS\pss\Belkin Wireless USB Utility.lnkCommon Startup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Antivirus Pro

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    --a------ 2007-10-02 14:45 67488 C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
    --a------ 2008-07-18 10:21 268672 C:\Program Files\Alcohol Soft\Alcohol 120\AxCmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
    --a------ 2001-12-06 14:09 45056 C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
    --a------ 2006-11-13 14:07 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-08-08 22:08 413696 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Boonty Games"=3 (0x3)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\WINDOWS\\System32\\dpnsvr.exe"=
    "C:\\Program Files\\Opera\\Opera.exe"=
    "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Sega\\OutRun2006 Coast 2 Coast\\OR2006C2C.EXE"=
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "6346:TCP"= 6346:TCP:Shereaza
    "6346:UDP"= 6346:UDP:shareaza
    "4242:TCP"= 4242:TCP:4242
    "4242:UDP"= 4242:UDP:4242
    "86:TCP"= 86:TCP:BroadCam Web Server
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R0 MPRIFL;MPRIFL;C:\WINDOWS\system32\DRIVERS\MPRIFL.SYS [2007-12-13 17264]
    R0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2005-02-11 16640]
    R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
    R0 tffsport;M-Systems DiskOnChip 2000;C:\WINDOWS\system32\DRIVERS\tffsport.sys [2004-08-05 149376]
    R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-08-29 141312]
    R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-10-02 124832]
    R2 Dnscache;Client DNS;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    S1 d06264f0;d06264f0;C:\WINDOWS\system32\drivers\d06264f0.sys [ ]
    S2 Belkin 54Mbps Wireless USB;Belkin 54Mbps Wireless USB Network Service;C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe [ ]
    S3 AmeAtmPc;AmeAtmPc;C:\WINDOWS\system32\DRIVERS\AmeAtmPc.sys [2002-12-17 118391]
    S3 AtmElan;Réseau émulant ATM;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2008-04-13 55808]
    S3 AtmLane;Émulation réseau ATM;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2008-04-13 55808]
    S3 camfilt2;camfilt2;C:\WINDOWS\system32\DRIVERS\camfilt2.sys [ ]
    S3 int15.sys;int15.sys;C:\Program Files\acer\eRecovery\int15.sys [2005-01-13 69632]
    S3 msloop;Pilote de carte de bouclage Microsoft;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 4992]
    S3 XDva120;XDva120;C:\WINDOWS\system32\XDva120.sys [ ]
    .
    Contenu du dossier 'Tâches planifiées'

    2008-10-09 C:\WINDOWS\Tasks\Schedule Task Weekly.job
    - C:\Program Files\Registry Easy\RE.exe [2008-09-23 16:30]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{320E933A-03B1-423F-8A3E-10EA29EC5EA4} - (no file)
    BHO-{4EC7AF3E-0521-4CAD-A677-BD12B42EDBAA} - (no file)
    WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
    HKLM-Run-Getca - C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe
    ShellExecuteHooks-{EA5FB64B-1CA5-4939-A93A-9E76234B0A67} - (no file)
    Notify-dimsntfy - (no file)
    Notify-xxywVlJB - (no file)
    MSConfigStartUp-Getca - C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe

    .
    ------- Examen supplémentaire -------
    .
    FireFox -: Profile - C:\Documents and Settings\Fabian\Application Data\Mozilla\Firefox\Profiles\ko4nh5rh.default\
    FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-13 12:11:39
    Windows 5.1.2600 Service Pack 3 FAT NTAPI

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    ------------------------ Autres processus actifs ------------------------
    .
    C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-10-13 12:13:19 - La machine a redémarré
    ComboFix-quarantined-files.txt 2008-10-13 10:13:18
    ComboFix2.txt 2007-11-30 11:44:06

    Avant-CF: 18.508.382.208 octets libres
    Après-CF: 20,047,855,616 octets libres

    295 --- E O F --- 2008-10-10 06:00:10

    rapport de Hujackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:15:58, on 13/10/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
    D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe
    C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\explorer.exe
    K:\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
    O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [flockbox] D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe /a
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [Arovax AntiSpyware] C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe /s
    O4 - HKCU\..\Policies\Explorer\Run: [pg32.exe] C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {1663B0BC-2CCE-4227-99BB-6E8B34FAC9E4} (COPPDetector Control) - https://drm.bittorrent.com/toaster/activex/COPPDetector.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Belkin 54Mbps Wireless USB Network Service (Belkin 54Mbps Wireless USB) - Unknown owner - C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe (file missing)
    O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: NMSAccess - Unknown owner - C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: SPM License Server (spmd) - mental images GmbH - C:\WINDOWS\system32\spm\spmdib.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    0
  11. fabinou40 Messages postés 13 Statut Membre
     
    rapport de combofix :

    ComboFix 08-10-11.04 - Fabian 2008-10-13 12:05:30.2 - [color=red][b]FAT32[/b][/color]x86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.268 [GMT 2:00]
    Lancé depuis: C:\Documents and Settings\Fabian\Bureau\ComboFix.exe
    * Un nouveau point de restauration a été créé

    [COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Temp\abW9
    C:\WINDOWS\system32\MSINET.oca
    C:\WINDOWS\system32\rMa05yy
    C:\WINDOWS\system32\rMa18yy

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_BOONTY_GAMES
    -------\Legacy_NPF
    -------\Service_Boonty Games
    -------\Service_NPF

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-13 au 2008-10-13 ))))))))))))))))))))))))))))))))))))
    .

    2101-04-29 16:27 . 2007-11-24 13:31 3,120 --a------ C:\WINDOWS\MF_C421.lfa
    2101-04-29 16:27 . 2007-11-24 13:31 3,120 --a------ C:\WINDOWS\MF_C420.lfa
    2008-10-13 10:55 . 2008-10-13 10:55 <REP> d-------- C:\WINDOWS\options
    2008-10-13 10:05 . 2008-10-13 10:05 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
    2008-10-13 10:04 . 2003-10-13 15:30 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll
    2008-10-13 10:04 . 2004-04-30 15:12 40,960 --a------ C:\WINDOWS\system32\B11gUSB.dll
    2008-10-13 10:04 . 2003-09-25 23:28 31,930 --a------ C:\WINDOWS\system32\GTNDIS3.VXD
    2008-10-13 10:04 . 2003-09-25 22:15 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys
    2008-10-13 09:10 . 2008-10-13 09:10 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
    2008-10-13 08:34 . 2008-10-13 08:34 <REP> d-------- C:\Program Files\Yahoo!
    2008-10-13 08:34 . 2008-10-13 08:34 <REP> d-------- C:\Program Files\Arovax AntiSpyware
    2008-10-13 08:20 . 2008-10-13 09:26 1,606 --a------ C:\WINDOWS\system32\tmp.reg
    2008-10-13 08:00 . 2008-10-13 08:00 <REP> d-------- C:\Program Files\CCleaner
    2008-10-12 21:44 . 2008-10-12 21:45 0 --a------ C:\WINDOWS\system32\atiicdxx.dat
    2008-10-12 20:33 . 2008-10-12 20:33 0 --a------ C:\WINDOWS\system32\drivers\uhfepyd.sys
    2008-10-12 20:30 . 2008-10-12 20:30 <REP> d-------- C:\Documents and Settings\julien.ACER-5C89C15659\Application Data\Malwarebytes
    2008-10-12 20:17 . 2008-10-12 20:17 <REP> d-------- C:\!KillBox
    2008-10-12 20:09 . 2008-10-12 20:09 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Spyware Terminator
    2008-10-10 14:48 . 2008-10-10 14:48 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-10 14:48 . 2008-10-10 14:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-10 14:48 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-10-10 14:48 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-10-10 14:44 . 2008-10-10 14:44 <REP> d--hs---- C:\FOUND.006
    2008-10-10 13:46 . 2008-10-10 13:46 <REP> d--hs---- C:\FOUND.005
    2008-10-10 13:35 . 2008-10-10 13:49 346 --ahs---- C:\WINDOWS\system32\waGilnnn.ini
    2008-10-10 13:16 . 2008-10-10 13:16 <REP> d-------- C:\Program Files\Exterminate It!
    2008-10-10 12:15 . 2008-10-10 12:15 <REP> d-------- C:\Program Files\Spyware Doctor
    2008-10-10 12:15 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-10-10 12:15 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-10-10 12:15 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2008-10-10 12:15 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2008-10-10 12:11 . 2008-10-10 12:11 <REP> d-------- C:\Program Files\Enigma Software Group
    2008-10-10 08:56 . 2008-10-10 08:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
    2008-10-09 16:02 . 2008-10-09 16:02 42 --a------ C:\WINDOWS\system32\RegistryEasy.lie
    2008-10-09 15:56 . 2008-10-09 15:56 <REP> d-------- C:\Program Files\Registry Easy
    2008-10-09 15:21 . 2008-10-09 15:21 <REP> d--hs---- C:\Documents and Settings\Fabian\PrivacIE
    2008-10-09 15:14 . 2008-04-14 04:33 81,920 --a------ C:\WINDOWS\system32\ieencode.dll
    2008-10-09 08:16 . 2008-10-09 08:16 <REP> d--hs---- C:\FOUND.004
    2008-10-09 07:59 . 2008-10-09 07:59 <REP> d-------- C:\Program Files\Common Files
    2008-10-08 15:05 . 2008-10-08 15:05 <REP> d-------- C:\Program Files\Rockstar Games
    2008-10-08 14:49 . 2008-10-08 14:49 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
    2008-10-03 10:44 . 2008-10-03 10:44 <REP> d-------- C:\Documents and Settings\Fabian\Tracing
    2008-10-03 10:39 . 2008-10-03 10:39 <REP> d-------- C:\Program Files\Microsoft
    2008-10-03 10:33 . 2008-10-03 10:33 <REP> d-------- C:\Program Files\Fichiers communs\Windows Live
    2008-10-01 09:46 . 2008-10-01 09:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-10-01 09:31 . 2008-10-01 09:31 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
    2008-10-01 07:43 . 2008-10-01 07:43 <REP> d--hs---- C:\FOUND.003
    2008-09-29 15:00 . 2008-09-29 15:00 <REP> d--hs---- C:\FOUND.002
    2008-09-24 15:48 . 2008-09-24 15:48 <REP> d--hs---- C:\FOUND.001
    2008-09-19 08:02 . 2003-11-20 15:28 651,264 --a------ C:\WINDOWS\system32\libeay32.dll
    2008-09-19 08:02 . 2003-11-20 15:28 507,904 --a------ C:\WINDOWS\system32\AegisE5.dll
    2008-09-19 08:02 . 2003-11-20 15:28 147,456 --a------ C:\WINDOWS\system32\ssleay32.dll
    2008-09-19 08:02 . 2003-11-20 15:28 15,781 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys
    2008-09-16 08:15 . 2008-09-16 08:16 <REP> d-------- C:\Program Files\PIXELA
    2008-09-16 08:15 . 2002-04-07 13:26 106,496 --a------ C:\WINDOWS\system32\FPXS2Pro.dll
    2008-09-16 08:14 . 2008-09-16 08:14 <REP> d-------- C:\Program Files\REGSHAVE
    2008-09-16 08:14 . 2001-11-25 13:11 81,924 --------- C:\WINDOWS\system32\drivers\VC4CB104.SYS
    2008-09-16 08:14 . 2002-02-27 13:27 65,536 --------- C:\WINDOWS\system32\FINFCHECK.dll
    2008-09-16 08:14 . 2002-06-25 10:06 45,056 --------- C:\WINDOWS\system32\FINFCOPY.dll
    2008-09-16 08:11 . 2002-02-05 18:33 69,632 --------- C:\WINDOWS\system32\FREGSHEX.DLL
    2008-09-16 08:11 . 2002-02-13 12:00 45,056 --------- C:\WINDOWS\system32\FCLKBTN.DLL
    2008-09-16 07:47 . 2004-08-05 05:00 149,376 --a------ C:\WINDOWS\system32\drivers\tffsport.sys
    2008-09-16 07:47 . 2004-08-05 05:00 149,376 --a------ C:\WINDOWS\system32\dllcache\tffsport.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-29 06:13 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
    2008-09-11 07:26 --------- d-----w C:\Program Files\Photo to Sketch Pro
    2008-09-11 07:18 --------- d-----w C:\Program Files\Photo To Sketch
    2008-09-09 10:22 --------- d-----w C:\Program Files\Easy Mosaic
    2008-09-09 06:55 --------- d-----w C:\Program Files\WinZip Self-Extractor
    2008-09-08 22:03 51,712 ----a-w C:\WINDOWS\system32\sirenacm.dll
    2008-09-05 14:04 288,768 ----a-w C:\WINDOWS\WLXPGSS.SCR
    2008-09-04 06:16 --------- d-----w C:\Program Files\AxBx
    2008-08-29 15:13 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2008-08-29 15:04 --------- d-----w C:\Program Files\Sega
    2008-08-29 09:00 141,312 ----a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
    2008-08-25 13:26 --------- d-----w C:\Program Files\StofWare
    2008-08-25 09:13 2,946,544 ----a-w C:\Documents and Settings\Fabian\setup.exe
    2008-08-22 13:02 --------- d-----w C:\Program Files\Elaborate Bytes
    2008-08-19 14:58 45,056 ----a-w C:\WINDOWS\system32\UninstallBeetle.exe
    2008-08-05 15:55 265,720 ----a-w C:\WINDOWS\system32\msdbg2.dll
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
    2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
    2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
    2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
    2007-12-31 16:10 15,397 ----a-w C:\Program Files\settings.dat
    2005-02-16 09:06 218,112 ----a-w C:\Documents and Settings\Fabian\scanner.exe
    2005-02-15 09:16 290,304 ----a-w C:\Program Files\UPHClean-Setup.msi
    2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
    2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
    2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
    2008-08-21 15:15 94736 --a------ C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{21FA44EF-376D-4D53-9B0F-8A89D3229068}"= "C:\Program Files\Windows Live\Toolbar\wltcore.dll" [2008-09-02 953360]

    [HKEY_CLASSES_ROOT\clsid\{21fa44ef-376d-4d53-9b0f-8a89d3229068}]
    [HKEY_CLASSES_ROOT\TypeLib\{182E05A4-F4FF-4F73-8C84-D36B87D915AF}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
    "Arovax AntiSpyware"="C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe" [2007-09-21 1966080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-10-07 131072]
    "SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-05-05 1817600]
    "flockbox"="D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe" [2007-12-14 1071472]

    [HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
    "pg32.exe"="C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe" [2008-10-08 84992]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "NoSecCPL"= 0 (0x0)
    "NoDevMgrPage"= 0 (0x0)
    "NoConfigPage"= 0 (0x0)
    "NoVirtMemPage"= 0 (0x0)
    "NoFileSysPage"= 0 (0x0)
    "NoNetSetup"= 0 (0x0)
    "NoNetSetupIDPage"= 0 (0x0)
    "NoNetSetupSecurityPage"= 0 (0x0)
    "NoWorkgroupContents"= 0 (0x0)
    "NoEntireNetwork"= 0 (0x0)
    "NoFileSharingControl"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoFavoritesMenu"= 0 (0x0)
    "NoSMMyPictures"= 0 (0x0)
    "NoStartMenuMyMusic"= 0 (0x0)
    "NoRecentDocsNetHood"= 0 (0x0)
    "NoInstrumentation"= 0 (0x0)
    "NoSimpleStartMenu"= 0 (0x0)
    "NoResolveTrack"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMBalloonTip"= 0 (0x0)
    "NoFavoritesMenu"= 0 (0x0)
    "NoSMMyPictures"= 0 (0x0)
    "NoStartMenuMyMusic"= 0 (0x0)
    "NoRecentDocsNetHood"= 0 (0x0)
    "NoUserNameInStartMenu"= 1 (0x1)
    "NoInstrumentation"= 0 (0x0)
    "NoStartMenuPinnedList"= 0 (0x0)
    "ForceStartMenuLogoff"= 0 (0x0)
    "RestrictRun"= 0 (0x0)
    "NoCommonGroups"= 1 (0x1)
    "NoResolveTrack"= 1 (0x1)
    "NoThumbnailCache"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoLogOff"= 0 (0x0)
    "NoClose"= 0 (0x0)
    "NoSetFolders"= 0 (0x0)
    "NoFavoritesMenu"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.I420"= i420vfw.dll
    "msvideo7"= STV680tg.dll
    "vidc.yv12"= yv12vfw.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
    backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Belkin Wireless USB Utility.lnk]
    backup=C:\WINDOWS\pss\Belkin Wireless USB Utility.lnkCommon Startup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Antivirus Pro

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    --a------ 2007-10-02 14:45 67488 C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
    --a------ 2008-07-18 10:21 268672 C:\Program Files\Alcohol Soft\Alcohol 120\AxCmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
    --a------ 2001-12-06 14:09 45056 C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
    --a------ 2006-11-13 14:07 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-08-08 22:08 413696 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Boonty Games"=3 (0x3)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\WINDOWS\\System32\\dpnsvr.exe"=
    "C:\\Program Files\\Opera\\Opera.exe"=
    "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Sega\\OutRun2006 Coast 2 Coast\\OR2006C2C.EXE"=
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "6346:TCP"= 6346:TCP:Shereaza
    "6346:UDP"= 6346:UDP:shareaza
    "4242:TCP"= 4242:TCP:4242
    "4242:UDP"= 4242:UDP:4242
    "86:TCP"= 86:TCP:BroadCam Web Server
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R0 MPRIFL;MPRIFL;C:\WINDOWS\system32\DRIVERS\MPRIFL.SYS [2007-12-13 17264]
    R0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2005-02-11 16640]
    R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
    R0 tffsport;M-Systems DiskOnChip 2000;C:\WINDOWS\system32\DRIVERS\tffsport.sys [2004-08-05 149376]
    R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-08-29 141312]
    R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-10-02 124832]
    R2 Dnscache;Client DNS;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    S1 d06264f0;d06264f0;C:\WINDOWS\system32\drivers\d06264f0.sys [ ]
    S2 Belkin 54Mbps Wireless USB;Belkin 54Mbps Wireless USB Network Service;C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe [ ]
    S3 AmeAtmPc;AmeAtmPc;C:\WINDOWS\system32\DRIVERS\AmeAtmPc.sys [2002-12-17 118391]
    S3 AtmElan;Réseau émulant ATM;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2008-04-13 55808]
    S3 AtmLane;Émulation réseau ATM;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2008-04-13 55808]
    S3 camfilt2;camfilt2;C:\WINDOWS\system32\DRIVERS\camfilt2.sys [ ]
    S3 int15.sys;int15.sys;C:\Program Files\acer\eRecovery\int15.sys [2005-01-13 69632]
    S3 msloop;Pilote de carte de bouclage Microsoft;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 4992]
    S3 XDva120;XDva120;C:\WINDOWS\system32\XDva120.sys [ ]
    .
    Contenu du dossier 'Tâches planifiées'

    2008-10-09 C:\WINDOWS\Tasks\Schedule Task Weekly.job
    - C:\Program Files\Registry Easy\RE.exe [2008-09-23 16:30]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{320E933A-03B1-423F-8A3E-10EA29EC5EA4} - (no file)
    BHO-{4EC7AF3E-0521-4CAD-A677-BD12B42EDBAA} - (no file)
    WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
    HKLM-Run-Getca - C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe
    ShellExecuteHooks-{EA5FB64B-1CA5-4939-A93A-9E76234B0A67} - (no file)
    Notify-dimsntfy - (no file)
    Notify-xxywVlJB - (no file)
    MSConfigStartUp-Getca - C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe

    .
    ------- Examen supplémentaire -------
    .
    FireFox -: Profile - C:\Documents and Settings\Fabian\Application Data\Mozilla\Firefox\Profiles\ko4nh5rh.default\
    FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-13 12:11:39
    Windows 5.1.2600 Service Pack 3 FAT NTAPI

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    ------------------------ Autres processus actifs ------------------------
    .
    C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-10-13 12:13:19 - La machine a redémarré
    ComboFix-quarantined-files.txt 2008-10-13 10:13:18
    ComboFix2.txt 2007-11-30 11:44:06

    Avant-CF: 18.508.382.208 octets libres
    Après-CF: 20,047,855,616 octets libres

    295 --- E O F --- 2008-10-10 06:00:10

    rapport de Hujackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:15:58, on 13/10/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
    D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe
    C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\explorer.exe
    K:\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
    O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [flockbox] D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe /a
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [Arovax AntiSpyware] C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe /s
    O4 - HKCU\..\Policies\Explorer\Run: [pg32.exe] C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {1663B0BC-2CCE-4227-99BB-6E8B34FAC9E4} (COPPDetector Control) - https://drm.bittorrent.com/toaster/activex/COPPDetector.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Belkin 54Mbps Wireless USB Network Service (Belkin 54Mbps Wireless USB) - Unknown owner - C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe (file missing)
    O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: NMSAccess - Unknown owner - C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: SPM License Server (spmd) - mental images GmbH - C:\WINDOWS\system32\spm\spmdib.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    0
  12. fabinou40 Messages postés 13 Statut Membre
     
    rapport de combofix :

    ComboFix 08-10-11.04 - Fabian 2008-10-13 12:05:30.2 - [color=red][b]FAT32[/b][/color]x86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.268 [GMT 2:00]
    Lancé depuis: C:\Documents and Settings\Fabian\Bureau\ComboFix.exe
    * Un nouveau point de restauration a été créé

    [COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Temp\abW9
    C:\WINDOWS\system32\MSINET.oca
    C:\WINDOWS\system32\rMa05yy
    C:\WINDOWS\system32\rMa18yy

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_BOONTY_GAMES
    -------\Legacy_NPF
    -------\Service_Boonty Games
    -------\Service_NPF

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-13 au 2008-10-13 ))))))))))))))))))))))))))))))))))))
    .

    2101-04-29 16:27 . 2007-11-24 13:31 3,120 --a------ C:\WINDOWS\MF_C421.lfa
    2101-04-29 16:27 . 2007-11-24 13:31 3,120 --a------ C:\WINDOWS\MF_C420.lfa
    2008-10-13 10:55 . 2008-10-13 10:55 <REP> d-------- C:\WINDOWS\options
    2008-10-13 10:05 . 2008-10-13 10:05 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
    2008-10-13 10:04 . 2003-10-13 15:30 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll
    2008-10-13 10:04 . 2004-04-30 15:12 40,960 --a------ C:\WINDOWS\system32\B11gUSB.dll
    2008-10-13 10:04 . 2003-09-25 23:28 31,930 --a------ C:\WINDOWS\system32\GTNDIS3.VXD
    2008-10-13 10:04 . 2003-09-25 22:15 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys
    2008-10-13 09:10 . 2008-10-13 09:10 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
    2008-10-13 08:34 . 2008-10-13 08:34 <REP> d-------- C:\Program Files\Yahoo!
    2008-10-13 08:34 . 2008-10-13 08:34 <REP> d-------- C:\Program Files\Arovax AntiSpyware
    2008-10-13 08:20 . 2008-10-13 09:26 1,606 --a------ C:\WINDOWS\system32\tmp.reg
    2008-10-13 08:00 . 2008-10-13 08:00 <REP> d-------- C:\Program Files\CCleaner
    2008-10-12 21:44 . 2008-10-12 21:45 0 --a------ C:\WINDOWS\system32\atiicdxx.dat
    2008-10-12 20:33 . 2008-10-12 20:33 0 --a------ C:\WINDOWS\system32\drivers\uhfepyd.sys
    2008-10-12 20:30 . 2008-10-12 20:30 <REP> d-------- C:\Documents and Settings\julien.ACER-5C89C15659\Application Data\Malwarebytes
    2008-10-12 20:17 . 2008-10-12 20:17 <REP> d-------- C:\!KillBox
    2008-10-12 20:09 . 2008-10-12 20:09 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Spyware Terminator
    2008-10-10 14:48 . 2008-10-10 14:48 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-10 14:48 . 2008-10-10 14:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-10 14:48 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-10-10 14:48 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-10-10 14:44 . 2008-10-10 14:44 <REP> d--hs---- C:\FOUND.006
    2008-10-10 13:46 . 2008-10-10 13:46 <REP> d--hs---- C:\FOUND.005
    2008-10-10 13:35 . 2008-10-10 13:49 346 --ahs---- C:\WINDOWS\system32\waGilnnn.ini
    2008-10-10 13:16 . 2008-10-10 13:16 <REP> d-------- C:\Program Files\Exterminate It!
    2008-10-10 12:15 . 2008-10-10 12:15 <REP> d-------- C:\Program Files\Spyware Doctor
    2008-10-10 12:15 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-10-10 12:15 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-10-10 12:15 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2008-10-10 12:15 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2008-10-10 12:11 . 2008-10-10 12:11 <REP> d-------- C:\Program Files\Enigma Software Group
    2008-10-10 08:56 . 2008-10-10 08:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
    2008-10-09 16:02 . 2008-10-09 16:02 42 --a------ C:\WINDOWS\system32\RegistryEasy.lie
    2008-10-09 15:56 . 2008-10-09 15:56 <REP> d-------- C:\Program Files\Registry Easy
    2008-10-09 15:21 . 2008-10-09 15:21 <REP> d--hs---- C:\Documents and Settings\Fabian\PrivacIE
    2008-10-09 15:14 . 2008-04-14 04:33 81,920 --a------ C:\WINDOWS\system32\ieencode.dll
    2008-10-09 08:16 . 2008-10-09 08:16 <REP> d--hs---- C:\FOUND.004
    2008-10-09 07:59 . 2008-10-09 07:59 <REP> d-------- C:\Program Files\Common Files
    2008-10-08 15:05 . 2008-10-08 15:05 <REP> d-------- C:\Program Files\Rockstar Games
    2008-10-08 14:49 . 2008-10-08 14:49 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
    2008-10-03 10:44 . 2008-10-03 10:44 <REP> d-------- C:\Documents and Settings\Fabian\Tracing
    2008-10-03 10:39 . 2008-10-03 10:39 <REP> d-------- C:\Program Files\Microsoft
    2008-10-03 10:33 . 2008-10-03 10:33 <REP> d-------- C:\Program Files\Fichiers communs\Windows Live
    2008-10-01 09:46 . 2008-10-01 09:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-10-01 09:31 . 2008-10-01 09:31 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
    2008-10-01 07:43 . 2008-10-01 07:43 <REP> d--hs---- C:\FOUND.003
    2008-09-29 15:00 . 2008-09-29 15:00 <REP> d--hs---- C:\FOUND.002
    2008-09-24 15:48 . 2008-09-24 15:48 <REP> d--hs---- C:\FOUND.001
    2008-09-19 08:02 . 2003-11-20 15:28 651,264 --a------ C:\WINDOWS\system32\libeay32.dll
    2008-09-19 08:02 . 2003-11-20 15:28 507,904 --a------ C:\WINDOWS\system32\AegisE5.dll
    2008-09-19 08:02 . 2003-11-20 15:28 147,456 --a------ C:\WINDOWS\system32\ssleay32.dll
    2008-09-19 08:02 . 2003-11-20 15:28 15,781 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys
    2008-09-16 08:15 . 2008-09-16 08:16 <REP> d-------- C:\Program Files\PIXELA
    2008-09-16 08:15 . 2002-04-07 13:26 106,496 --a------ C:\WINDOWS\system32\FPXS2Pro.dll
    2008-09-16 08:14 . 2008-09-16 08:14 <REP> d-------- C:\Program Files\REGSHAVE
    2008-09-16 08:14 . 2001-11-25 13:11 81,924 --------- C:\WINDOWS\system32\drivers\VC4CB104.SYS
    2008-09-16 08:14 . 2002-02-27 13:27 65,536 --------- C:\WINDOWS\system32\FINFCHECK.dll
    2008-09-16 08:14 . 2002-06-25 10:06 45,056 --------- C:\WINDOWS\system32\FINFCOPY.dll
    2008-09-16 08:11 . 2002-02-05 18:33 69,632 --------- C:\WINDOWS\system32\FREGSHEX.DLL
    2008-09-16 08:11 . 2002-02-13 12:00 45,056 --------- C:\WINDOWS\system32\FCLKBTN.DLL
    2008-09-16 07:47 . 2004-08-05 05:00 149,376 --a------ C:\WINDOWS\system32\drivers\tffsport.sys
    2008-09-16 07:47 . 2004-08-05 05:00 149,376 --a------ C:\WINDOWS\system32\dllcache\tffsport.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-29 06:13 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
    2008-09-11 07:26 --------- d-----w C:\Program Files\Photo to Sketch Pro
    2008-09-11 07:18 --------- d-----w C:\Program Files\Photo To Sketch
    2008-09-09 10:22 --------- d-----w C:\Program Files\Easy Mosaic
    2008-09-09 06:55 --------- d-----w C:\Program Files\WinZip Self-Extractor
    2008-09-08 22:03 51,712 ----a-w C:\WINDOWS\system32\sirenacm.dll
    2008-09-05 14:04 288,768 ----a-w C:\WINDOWS\WLXPGSS.SCR
    2008-09-04 06:16 --------- d-----w C:\Program Files\AxBx
    2008-08-29 15:13 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2008-08-29 15:04 --------- d-----w C:\Program Files\Sega
    2008-08-29 09:00 141,312 ----a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
    2008-08-25 13:26 --------- d-----w C:\Program Files\StofWare
    2008-08-25 09:13 2,946,544 ----a-w C:\Documents and Settings\Fabian\setup.exe
    2008-08-22 13:02 --------- d-----w C:\Program Files\Elaborate Bytes
    2008-08-19 14:58 45,056 ----a-w C:\WINDOWS\system32\UninstallBeetle.exe
    2008-08-05 15:55 265,720 ----a-w C:\WINDOWS\system32\msdbg2.dll
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
    2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
    2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
    2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
    2007-12-31 16:10 15,397 ----a-w C:\Program Files\settings.dat
    2005-02-16 09:06 218,112 ----a-w C:\Documents and Settings\Fabian\scanner.exe
    2005-02-15 09:16 290,304 ----a-w C:\Program Files\UPHClean-Setup.msi
    2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
    2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
    2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
    2008-08-21 15:15 94736 --a------ C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{21FA44EF-376D-4D53-9B0F-8A89D3229068}"= "C:\Program Files\Windows Live\Toolbar\wltcore.dll" [2008-09-02 953360]

    [HKEY_CLASSES_ROOT\clsid\{21fa44ef-376d-4d53-9b0f-8a89d3229068}]
    [HKEY_CLASSES_ROOT\TypeLib\{182E05A4-F4FF-4F73-8C84-D36B87D915AF}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
    "Arovax AntiSpyware"="C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe" [2007-09-21 1966080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-10-07 131072]
    "SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-05-05 1817600]
    "flockbox"="D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe" [2007-12-14 1071472]

    [HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
    "pg32.exe"="C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe" [2008-10-08 84992]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "NoSecCPL"= 0 (0x0)
    "NoDevMgrPage"= 0 (0x0)
    "NoConfigPage"= 0 (0x0)
    "NoVirtMemPage"= 0 (0x0)
    "NoFileSysPage"= 0 (0x0)
    "NoNetSetup"= 0 (0x0)
    "NoNetSetupIDPage"= 0 (0x0)
    "NoNetSetupSecurityPage"= 0 (0x0)
    "NoWorkgroupContents"= 0 (0x0)
    "NoEntireNetwork"= 0 (0x0)
    "NoFileSharingControl"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoFavoritesMenu"= 0 (0x0)
    "NoSMMyPictures"= 0 (0x0)
    "NoStartMenuMyMusic"= 0 (0x0)
    "NoRecentDocsNetHood"= 0 (0x0)
    "NoInstrumentation"= 0 (0x0)
    "NoSimpleStartMenu"= 0 (0x0)
    "NoResolveTrack"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMBalloonTip"= 0 (0x0)
    "NoFavoritesMenu"= 0 (0x0)
    "NoSMMyPictures"= 0 (0x0)
    "NoStartMenuMyMusic"= 0 (0x0)
    "NoRecentDocsNetHood"= 0 (0x0)
    "NoUserNameInStartMenu"= 1 (0x1)
    "NoInstrumentation"= 0 (0x0)
    "NoStartMenuPinnedList"= 0 (0x0)
    "ForceStartMenuLogoff"= 0 (0x0)
    "RestrictRun"= 0 (0x0)
    "NoCommonGroups"= 1 (0x1)
    "NoResolveTrack"= 1 (0x1)
    "NoThumbnailCache"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoLogOff"= 0 (0x0)
    "NoClose"= 0 (0x0)
    "NoSetFolders"= 0 (0x0)
    "NoFavoritesMenu"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.I420"= i420vfw.dll
    "msvideo7"= STV680tg.dll
    "vidc.yv12"= yv12vfw.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
    backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Belkin Wireless USB Utility.lnk]
    backup=C:\WINDOWS\pss\Belkin Wireless USB Utility.lnkCommon Startup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Antivirus Pro

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    --a------ 2007-10-02 14:45 67488 C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
    --a------ 2008-07-18 10:21 268672 C:\Program Files\Alcohol Soft\Alcohol 120\AxCmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
    --a------ 2001-12-06 14:09 45056 C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
    --a------ 2006-11-13 14:07 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-08-08 22:08 413696 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Boonty Games"=3 (0x3)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\WINDOWS\\System32\\dpnsvr.exe"=
    "C:\\Program Files\\Opera\\Opera.exe"=
    "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Sega\\OutRun2006 Coast 2 Coast\\OR2006C2C.EXE"=
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "6346:TCP"= 6346:TCP:Shereaza
    "6346:UDP"= 6346:UDP:shareaza
    "4242:TCP"= 4242:TCP:4242
    "4242:UDP"= 4242:UDP:4242
    "86:TCP"= 86:TCP:BroadCam Web Server
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R0 MPRIFL;MPRIFL;C:\WINDOWS\system32\DRIVERS\MPRIFL.SYS [2007-12-13 17264]
    R0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2005-02-11 16640]
    R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
    R0 tffsport;M-Systems DiskOnChip 2000;C:\WINDOWS\system32\DRIVERS\tffsport.sys [2004-08-05 149376]
    R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-08-29 141312]
    R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-10-02 124832]
    R2 Dnscache;Client DNS;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    S1 d06264f0;d06264f0;C:\WINDOWS\system32\drivers\d06264f0.sys [ ]
    S2 Belkin 54Mbps Wireless USB;Belkin 54Mbps Wireless USB Network Service;C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe [ ]
    S3 AmeAtmPc;AmeAtmPc;C:\WINDOWS\system32\DRIVERS\AmeAtmPc.sys [2002-12-17 118391]
    S3 AtmElan;Réseau émulant ATM;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2008-04-13 55808]
    S3 AtmLane;Émulation réseau ATM;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2008-04-13 55808]
    S3 camfilt2;camfilt2;C:\WINDOWS\system32\DRIVERS\camfilt2.sys [ ]
    S3 int15.sys;int15.sys;C:\Program Files\acer\eRecovery\int15.sys [2005-01-13 69632]
    S3 msloop;Pilote de carte de bouclage Microsoft;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 4992]
    S3 XDva120;XDva120;C:\WINDOWS\system32\XDva120.sys [ ]
    .
    Contenu du dossier 'Tâches planifiées'

    2008-10-09 C:\WINDOWS\Tasks\Schedule Task Weekly.job
    - C:\Program Files\Registry Easy\RE.exe [2008-09-23 16:30]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{320E933A-03B1-423F-8A3E-10EA29EC5EA4} - (no file)
    BHO-{4EC7AF3E-0521-4CAD-A677-BD12B42EDBAA} - (no file)
    WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
    HKLM-Run-Getca - C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe
    ShellExecuteHooks-{EA5FB64B-1CA5-4939-A93A-9E76234B0A67} - (no file)
    Notify-dimsntfy - (no file)
    Notify-xxywVlJB - (no file)
    MSConfigStartUp-Getca - C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe

    .
    ------- Examen supplémentaire -------
    .
    FireFox -: Profile - C:\Documents and Settings\Fabian\Application Data\Mozilla\Firefox\Profiles\ko4nh5rh.default\
    FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-13 12:11:39
    Windows 5.1.2600 Service Pack 3 FAT NTAPI

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    ------------------------ Autres processus actifs ------------------------
    .
    C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-10-13 12:13:19 - La machine a redémarré
    ComboFix-quarantined-files.txt 2008-10-13 10:13:18
    ComboFix2.txt 2007-11-30 11:44:06

    Avant-CF: 18.508.382.208 octets libres
    Après-CF: 20,047,855,616 octets libres

    295 --- E O F --- 2008-10-10 06:00:10

    rapport de Hujackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:15:58, on 13/10/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
    D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe
    C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\explorer.exe
    K:\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
    O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [flockbox] D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe /a
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [Arovax AntiSpyware] C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe /s
    O4 - HKCU\..\Policies\Explorer\Run: [pg32.exe] C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {1663B0BC-2CCE-4227-99BB-6E8B34FAC9E4} (COPPDetector Control) - https://drm.bittorrent.com/toaster/activex/COPPDetector.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Belkin 54Mbps Wireless USB Network Service (Belkin 54Mbps Wireless USB) - Unknown owner - C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe (file missing)
    O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: NMSAccess - Unknown owner - C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: SPM License Server (spmd) - mental images GmbH - C:\WINDOWS\system32\spm\spmdib.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    0
  13. fabinou40 Messages postés 13 Statut Membre
     
    rapport de combofix :

    ComboFix 08-10-11.04 - Fabian 2008-10-13 12:05:30.2 - [color=red][b]FAT32[/b][/color]x86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.268 [GMT 2:00]
    Lancé depuis: C:\Documents and Settings\Fabian\Bureau\ComboFix.exe
    * Un nouveau point de restauration a été créé

    [COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Temp\abW9
    C:\WINDOWS\system32\MSINET.oca
    C:\WINDOWS\system32\rMa05yy
    C:\WINDOWS\system32\rMa18yy

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_BOONTY_GAMES
    -------\Legacy_NPF
    -------\Service_Boonty Games
    -------\Service_NPF

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-13 au 2008-10-13 ))))))))))))))))))))))))))))))))))))
    .

    2101-04-29 16:27 . 2007-11-24 13:31 3,120 --a------ C:\WINDOWS\MF_C421.lfa
    2101-04-29 16:27 . 2007-11-24 13:31 3,120 --a------ C:\WINDOWS\MF_C420.lfa
    2008-10-13 10:55 . 2008-10-13 10:55 <REP> d-------- C:\WINDOWS\options
    2008-10-13 10:05 . 2008-10-13 10:05 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
    2008-10-13 10:04 . 2003-10-13 15:30 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll
    2008-10-13 10:04 . 2004-04-30 15:12 40,960 --a------ C:\WINDOWS\system32\B11gUSB.dll
    2008-10-13 10:04 . 2003-09-25 23:28 31,930 --a------ C:\WINDOWS\system32\GTNDIS3.VXD
    2008-10-13 10:04 . 2003-09-25 22:15 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys
    2008-10-13 09:10 . 2008-10-13 09:10 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
    2008-10-13 08:34 . 2008-10-13 08:34 <REP> d-------- C:\Program Files\Yahoo!
    2008-10-13 08:34 . 2008-10-13 08:34 <REP> d-------- C:\Program Files\Arovax AntiSpyware
    2008-10-13 08:20 . 2008-10-13 09:26 1,606 --a------ C:\WINDOWS\system32\tmp.reg
    2008-10-13 08:00 . 2008-10-13 08:00 <REP> d-------- C:\Program Files\CCleaner
    2008-10-12 21:44 . 2008-10-12 21:45 0 --a------ C:\WINDOWS\system32\atiicdxx.dat
    2008-10-12 20:33 . 2008-10-12 20:33 0 --a------ C:\WINDOWS\system32\drivers\uhfepyd.sys
    2008-10-12 20:30 . 2008-10-12 20:30 <REP> d-------- C:\Documents and Settings\julien.ACER-5C89C15659\Application Data\Malwarebytes
    2008-10-12 20:17 . 2008-10-12 20:17 <REP> d-------- C:\!KillBox
    2008-10-12 20:09 . 2008-10-12 20:09 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Spyware Terminator
    2008-10-10 14:48 . 2008-10-10 14:48 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-10 14:48 . 2008-10-10 14:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-10 14:48 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-10-10 14:48 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-10-10 14:44 . 2008-10-10 14:44 <REP> d--hs---- C:\FOUND.006
    2008-10-10 13:46 . 2008-10-10 13:46 <REP> d--hs---- C:\FOUND.005
    2008-10-10 13:35 . 2008-10-10 13:49 346 --ahs---- C:\WINDOWS\system32\waGilnnn.ini
    2008-10-10 13:16 . 2008-10-10 13:16 <REP> d-------- C:\Program Files\Exterminate It!
    2008-10-10 12:15 . 2008-10-10 12:15 <REP> d-------- C:\Program Files\Spyware Doctor
    2008-10-10 12:15 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-10-10 12:15 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-10-10 12:15 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2008-10-10 12:15 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2008-10-10 12:11 . 2008-10-10 12:11 <REP> d-------- C:\Program Files\Enigma Software Group
    2008-10-10 08:56 . 2008-10-10 08:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
    2008-10-09 16:02 . 2008-10-09 16:02 42 --a------ C:\WINDOWS\system32\RegistryEasy.lie
    2008-10-09 15:56 . 2008-10-09 15:56 <REP> d-------- C:\Program Files\Registry Easy
    2008-10-09 15:21 . 2008-10-09 15:21 <REP> d--hs---- C:\Documents and Settings\Fabian\PrivacIE
    2008-10-09 15:14 . 2008-04-14 04:33 81,920 --a------ C:\WINDOWS\system32\ieencode.dll
    2008-10-09 08:16 . 2008-10-09 08:16 <REP> d--hs---- C:\FOUND.004
    2008-10-09 07:59 . 2008-10-09 07:59 <REP> d-------- C:\Program Files\Common Files
    2008-10-08 15:05 . 2008-10-08 15:05 <REP> d-------- C:\Program Files\Rockstar Games
    2008-10-08 14:49 . 2008-10-08 14:49 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
    2008-10-03 10:44 . 2008-10-03 10:44 <REP> d-------- C:\Documents and Settings\Fabian\Tracing
    2008-10-03 10:39 . 2008-10-03 10:39 <REP> d-------- C:\Program Files\Microsoft
    2008-10-03 10:33 . 2008-10-03 10:33 <REP> d-------- C:\Program Files\Fichiers communs\Windows Live
    2008-10-01 09:46 . 2008-10-01 09:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-10-01 09:31 . 2008-10-01 09:31 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
    2008-10-01 07:43 . 2008-10-01 07:43 <REP> d--hs---- C:\FOUND.003
    2008-09-29 15:00 . 2008-09-29 15:00 <REP> d--hs---- C:\FOUND.002
    2008-09-24 15:48 . 2008-09-24 15:48 <REP> d--hs---- C:\FOUND.001
    2008-09-19 08:02 . 2003-11-20 15:28 651,264 --a------ C:\WINDOWS\system32\libeay32.dll
    2008-09-19 08:02 . 2003-11-20 15:28 507,904 --a------ C:\WINDOWS\system32\AegisE5.dll
    2008-09-19 08:02 . 2003-11-20 15:28 147,456 --a------ C:\WINDOWS\system32\ssleay32.dll
    2008-09-19 08:02 . 2003-11-20 15:28 15,781 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys
    2008-09-16 08:15 . 2008-09-16 08:16 <REP> d-------- C:\Program Files\PIXELA
    2008-09-16 08:15 . 2002-04-07 13:26 106,496 --a------ C:\WINDOWS\system32\FPXS2Pro.dll
    2008-09-16 08:14 . 2008-09-16 08:14 <REP> d-------- C:\Program Files\REGSHAVE
    2008-09-16 08:14 . 2001-11-25 13:11 81,924 --------- C:\WINDOWS\system32\drivers\VC4CB104.SYS
    2008-09-16 08:14 . 2002-02-27 13:27 65,536 --------- C:\WINDOWS\system32\FINFCHECK.dll
    2008-09-16 08:14 . 2002-06-25 10:06 45,056 --------- C:\WINDOWS\system32\FINFCOPY.dll
    2008-09-16 08:11 . 2002-02-05 18:33 69,632 --------- C:\WINDOWS\system32\FREGSHEX.DLL
    2008-09-16 08:11 . 2002-02-13 12:00 45,056 --------- C:\WINDOWS\system32\FCLKBTN.DLL
    2008-09-16 07:47 . 2004-08-05 05:00 149,376 --a------ C:\WINDOWS\system32\drivers\tffsport.sys
    2008-09-16 07:47 . 2004-08-05 05:00 149,376 --a------ C:\WINDOWS\system32\dllcache\tffsport.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-29 06:13 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
    2008-09-11 07:26 --------- d-----w C:\Program Files\Photo to Sketch Pro
    2008-09-11 07:18 --------- d-----w C:\Program Files\Photo To Sketch
    2008-09-09 10:22 --------- d-----w C:\Program Files\Easy Mosaic
    2008-09-09 06:55 --------- d-----w C:\Program Files\WinZip Self-Extractor
    2008-09-08 22:03 51,712 ----a-w C:\WINDOWS\system32\sirenacm.dll
    2008-09-05 14:04 288,768 ----a-w C:\WINDOWS\WLXPGSS.SCR
    2008-09-04 06:16 --------- d-----w C:\Program Files\AxBx
    2008-08-29 15:13 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2008-08-29 15:04 --------- d-----w C:\Program Files\Sega
    2008-08-29 09:00 141,312 ----a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
    2008-08-25 13:26 --------- d-----w C:\Program Files\StofWare
    2008-08-25 09:13 2,946,544 ----a-w C:\Documents and Settings\Fabian\setup.exe
    2008-08-22 13:02 --------- d-----w C:\Program Files\Elaborate Bytes
    2008-08-19 14:58 45,056 ----a-w C:\WINDOWS\system32\UninstallBeetle.exe
    2008-08-05 15:55 265,720 ----a-w C:\WINDOWS\system32\msdbg2.dll
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
    2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
    2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
    2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
    2007-12-31 16:10 15,397 ----a-w C:\Program Files\settings.dat
    2005-02-16 09:06 218,112 ----a-w C:\Documents and Settings\Fabian\scanner.exe
    2005-02-15 09:16 290,304 ----a-w C:\Program Files\UPHClean-Setup.msi
    2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
    2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
    2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
    2008-08-21 15:15 94736 --a------ C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{21FA44EF-376D-4D53-9B0F-8A89D3229068}"= "C:\Program Files\Windows Live\Toolbar\wltcore.dll" [2008-09-02 953360]

    [HKEY_CLASSES_ROOT\clsid\{21fa44ef-376d-4d53-9b0f-8a89d3229068}]
    [HKEY_CLASSES_ROOT\TypeLib\{182E05A4-F4FF-4F73-8C84-D36B87D915AF}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
    "Arovax AntiSpyware"="C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe" [2007-09-21 1966080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-10-07 131072]
    "SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-05-05 1817600]
    "flockbox"="D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe" [2007-12-14 1071472]

    [HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
    "pg32.exe"="C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe" [2008-10-08 84992]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "NoSecCPL"= 0 (0x0)
    "NoDevMgrPage"= 0 (0x0)
    "NoConfigPage"= 0 (0x0)
    "NoVirtMemPage"= 0 (0x0)
    "NoFileSysPage"= 0 (0x0)
    "NoNetSetup"= 0 (0x0)
    "NoNetSetupIDPage"= 0 (0x0)
    "NoNetSetupSecurityPage"= 0 (0x0)
    "NoWorkgroupContents"= 0 (0x0)
    "NoEntireNetwork"= 0 (0x0)
    "NoFileSharingControl"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoFavoritesMenu"= 0 (0x0)
    "NoSMMyPictures"= 0 (0x0)
    "NoStartMenuMyMusic"= 0 (0x0)
    "NoRecentDocsNetHood"= 0 (0x0)
    "NoInstrumentation"= 0 (0x0)
    "NoSimpleStartMenu"= 0 (0x0)
    "NoResolveTrack"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMBalloonTip"= 0 (0x0)
    "NoFavoritesMenu"= 0 (0x0)
    "NoSMMyPictures"= 0 (0x0)
    "NoStartMenuMyMusic"= 0 (0x0)
    "NoRecentDocsNetHood"= 0 (0x0)
    "NoUserNameInStartMenu"= 1 (0x1)
    "NoInstrumentation"= 0 (0x0)
    "NoStartMenuPinnedList"= 0 (0x0)
    "ForceStartMenuLogoff"= 0 (0x0)
    "RestrictRun"= 0 (0x0)
    "NoCommonGroups"= 1 (0x1)
    "NoResolveTrack"= 1 (0x1)
    "NoThumbnailCache"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoLogOff"= 0 (0x0)
    "NoClose"= 0 (0x0)
    "NoSetFolders"= 0 (0x0)
    "NoFavoritesMenu"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.I420"= i420vfw.dll
    "msvideo7"= STV680tg.dll
    "vidc.yv12"= yv12vfw.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
    backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Belkin Wireless USB Utility.lnk]
    backup=C:\WINDOWS\pss\Belkin Wireless USB Utility.lnkCommon Startup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Antivirus Pro

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    --a------ 2007-10-02 14:45 67488 C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
    --a------ 2008-07-18 10:21 268672 C:\Program Files\Alcohol Soft\Alcohol 120\AxCmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
    --a------ 2001-12-06 14:09 45056 C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
    --a------ 2006-11-13 14:07 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-08-08 22:08 413696 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Boonty Games"=3 (0x3)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\WINDOWS\\System32\\dpnsvr.exe"=
    "C:\\Program Files\\Opera\\Opera.exe"=
    "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Sega\\OutRun2006 Coast 2 Coast\\OR2006C2C.EXE"=
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "6346:TCP"= 6346:TCP:Shereaza
    "6346:UDP"= 6346:UDP:shareaza
    "4242:TCP"= 4242:TCP:4242
    "4242:UDP"= 4242:UDP:4242
    "86:TCP"= 86:TCP:BroadCam Web Server
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R0 MPRIFL;MPRIFL;C:\WINDOWS\system32\DRIVERS\MPRIFL.SYS [2007-12-13 17264]
    R0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2005-02-11 16640]
    R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
    R0 tffsport;M-Systems DiskOnChip 2000;C:\WINDOWS\system32\DRIVERS\tffsport.sys [2004-08-05 149376]
    R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-08-29 141312]
    R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-10-02 124832]
    R2 Dnscache;Client DNS;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    S1 d06264f0;d06264f0;C:\WINDOWS\system32\drivers\d06264f0.sys [ ]
    S2 Belkin 54Mbps Wireless USB;Belkin 54Mbps Wireless USB Network Service;C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe [ ]
    S3 AmeAtmPc;AmeAtmPc;C:\WINDOWS\system32\DRIVERS\AmeAtmPc.sys [2002-12-17 118391]
    S3 AtmElan;Réseau émulant ATM;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2008-04-13 55808]
    S3 AtmLane;Émulation réseau ATM;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2008-04-13 55808]
    S3 camfilt2;camfilt2;C:\WINDOWS\system32\DRIVERS\camfilt2.sys [ ]
    S3 int15.sys;int15.sys;C:\Program Files\acer\eRecovery\int15.sys [2005-01-13 69632]
    S3 msloop;Pilote de carte de bouclage Microsoft;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 4992]
    S3 XDva120;XDva120;C:\WINDOWS\system32\XDva120.sys [ ]
    .
    Contenu du dossier 'Tâches planifiées'

    2008-10-09 C:\WINDOWS\Tasks\Schedule Task Weekly.job
    - C:\Program Files\Registry Easy\RE.exe [2008-09-23 16:30]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{320E933A-03B1-423F-8A3E-10EA29EC5EA4} - (no file)
    BHO-{4EC7AF3E-0521-4CAD-A677-BD12B42EDBAA} - (no file)
    WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
    HKLM-Run-Getca - C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe
    ShellExecuteHooks-{EA5FB64B-1CA5-4939-A93A-9E76234B0A67} - (no file)
    Notify-dimsntfy - (no file)
    Notify-xxywVlJB - (no file)
    MSConfigStartUp-Getca - C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe

    .
    ------- Examen supplémentaire -------
    .
    FireFox -: Profile - C:\Documents and Settings\Fabian\Application Data\Mozilla\Firefox\Profiles\ko4nh5rh.default\
    FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-13 12:11:39
    Windows 5.1.2600 Service Pack 3 FAT NTAPI

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    ------------------------ Autres processus actifs ------------------------
    .
    C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-10-13 12:13:19 - La machine a redémarré
    ComboFix-quarantined-files.txt 2008-10-13 10:13:18
    ComboFix2.txt 2007-11-30 11:44:06

    Avant-CF: 18.508.382.208 octets libres
    Après-CF: 20,047,855,616 octets libres

    295 --- E O F --- 2008-10-10 06:00:10

    rapport de Hujackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:15:58, on 13/10/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
    D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe
    C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\explorer.exe
    K:\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
    O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [flockbox] D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe /a
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [Arovax AntiSpyware] C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe /s
    O4 - HKCU\..\Policies\Explorer\Run: [pg32.exe] C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {1663B0BC-2CCE-4227-99BB-6E8B34FAC9E4} (COPPDetector Control) - https://drm.bittorrent.com/toaster/activex/COPPDetector.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Belkin 54Mbps Wireless USB Network Service (Belkin 54Mbps Wireless USB) - Unknown owner - C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe (file missing)
    O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: NMSAccess - Unknown owner - C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: SPM License Server (spmd) - mental images GmbH - C:\WINDOWS\system32\spm\spmdib.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    0
  14. InfernO.vir
     
    -Télécharge OTMoveIt de OldTimer.--> http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe

    -Sauvegarde le sur ton Bureau.

    -Double-Clique sur OTMoveIt.exe pour le lancer.

    -Copie le chemin des fichiers suivants en selectionnant TOUT et en appuyant sur CTRL+C (ou, après avoir sélectionner, clique-droit et choisis Copier) :

    C:\WINDOWS\MF_C420.lfa
    C:\WINDOWS\MF_C421.lfa
    C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
    C:\WINDOWS\system32\drivers\uhfepyd.sys
    C:\WINDOWS\system32\waGilnnn.ini
    C:\Documents and Settings\Fabian\setup.exe
    C:\Documents and Settings\Fabian\scanner.exe


    -Retourne dans OTMoveit, fais un clique-droit dans la fenêtre "Paste List of Files/Folders to be moved" et choisis Coller.

    -Clique sur le bouton rouge Moveit!.

    -Ferme OTMoveIt.

    Note : Si un fichier ou un dossier ne peut être déplacer immédiatement il te sera demander de redémarrer ta machine pour finir le processus. Si c'est le cas, choisis Yes.

    Poste nous le rapport de OTMoveIT dispo ici : C:\_OTMoveIt\MovedFiles

    0
  15. fabinou40
     
    résultat avec otmoveit

    C:\WINDOWS\MF_C420.lfa moved successfully.
    C:\WINDOWS\MF_C421.lfa moved successfully.
    C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185} moved successfully.
    C:\WINDOWS\system32\drivers\uhfepyd.sys moved successfully.
    C:\WINDOWS\system32\waGilnnn.ini moved successfully.
    C:\Documents and Settings\Fabian\setup.exe moved successfully.
    C:\Documents and Settings\Fabian\scanner.exe moved successfully.
    File/Folder not found.

    OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10132008_131301
    0
  16. fabinou40 Messages postés 13 Statut Membre
     
    résultat après OTmoveit :

    C:\WINDOWS\MF_C420.lfa moved successfully.
    C:\WINDOWS\MF_C421.lfa moved successfully.
    C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185} moved successfully.
    C:\WINDOWS\system32\drivers\uhfepyd.sys moved successfully.
    C:\WINDOWS\system32\waGilnnn.ini moved successfully.
    C:\Documents and Settings\Fabian\setup.exe moved successfully.
    C:\Documents and Settings\Fabian\scanner.exe moved successfully.
    File/Folder not found.

    OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10132008_131301
    0
  17. fabinou40 Messages postés 13 Statut Membre
     
    hijackthis donne ceci :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:18:29, on 13/10/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
    D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe
    C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe
    C:\Program Files\BELKIN USB Wireless Monitor\WLanCfgG.exe
    C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Opera\opera.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\eMule\emule.exe
    C:\Documents and Settings\Fabian\Bureau\OTMoveIt2.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    K:\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
    O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [flockbox] D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe /a
    O4 - HKLM\..\Run: [Getca] C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [Arovax AntiSpyware] C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe /s
    O4 - HKCU\..\Policies\Explorer\Run: [pg32.exe] C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {1663B0BC-2CCE-4227-99BB-6E8B34FAC9E4} (COPPDetector Control) - https://drm.bittorrent.com/toaster/activex/COPPDetector.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Belkin 54Mbps Wireless USB Network Service (Belkin 54Mbps Wireless USB) - Unknown owner - C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe
    O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: NMSAccess - Unknown owner - C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: SPM License Server (spmd) - mental images GmbH - C:\WINDOWS\system32\spm\spmdib.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    0
  18. fabinou40 Messages postés 13 Statut Membre
     
    hijackthis donne ceci :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:18:29, on 13/10/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
    D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe
    C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe
    C:\Program Files\BELKIN USB Wireless Monitor\WLanCfgG.exe
    C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Opera\opera.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\eMule\emule.exe
    C:\Documents and Settings\Fabian\Bureau\OTMoveIt2.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    K:\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
    O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [flockbox] D:\Documents and Settings\Fabian\My Lockbox\flockbox.exe /a
    O4 - HKLM\..\Run: [Getca] C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [Arovax AntiSpyware] C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe /s
    O4 - HKCU\..\Policies\Explorer\Run: [pg32.exe] C:\Documents and Settings\Fabian\Local Settings\Application Data\Microsoft\Windows\pg32.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {1663B0BC-2CCE-4227-99BB-6E8B34FAC9E4} (COPPDetector Control) - https://drm.bittorrent.com/toaster/activex/COPPDetector.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Belkin 54Mbps Wireless USB Network Service (Belkin 54Mbps Wireless USB) - Unknown owner - C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe
    O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: NMSAccess - Unknown owner - C:\Program Files\StudioLine Photo Classic\NMSAccess.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: SPM License Server (spmd) - mental images GmbH - C:\WINDOWS\system32\spm\spmdib.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    0
  • 1
  • 2