Ouverture spontannée de page internet
Résolu/Fermé
A voir également:
- Ouverture spontannée de page internet
- Supprimer une page word - Guide
- Traduire une page internet - Guide
- Page d'ouverture google - Guide
- Gps sans internet - Guide
- Page d'accueil iphone - Guide
53 réponses
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 290
30 oct. 2008 à 16:20
30 oct. 2008 à 16:20
---> Télécharge HostsXpert sur ton Bureau :
http://www.funkytoad.com/download/HostsXpert.zip
---> Décompresse-le (Clic droit >> Extraire ici)
---> Double-clique sur HostsXpert pour le lancer
---> clique sur le bouton "Restore MS Hosts File" puis ferme le programme
PS : Avant de cliquer sur le bouton "Restore MS Hosts File", vérifie que le cadenas en haut à gauche soit ouvert sinon tu vas avoir un message d'erreur.
http://www.funkytoad.com/download/HostsXpert.zip
---> Décompresse-le (Clic droit >> Extraire ici)
---> Double-clique sur HostsXpert pour le lancer
---> clique sur le bouton "Restore MS Hosts File" puis ferme le programme
PS : Avant de cliquer sur le bouton "Restore MS Hosts File", vérifie que le cadenas en haut à gauche soit ouvert sinon tu vas avoir un message d'erreur.
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 290
30 oct. 2008 à 19:17
30 oct. 2008 à 19:17
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix\Combofix.txt
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix\Combofix.txt
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
voilà
ComboFix 08-10-30.09 - Denis 2008-10-30 19:31:22.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.178 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\Denis\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
* Resident AV is active
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Denis\Application Data\wqcekks.dat
C:\Documents and Settings\Denis\Application Data\wqcekks.exe
C:\Documents and Settings\Denis\Application Data\wqcekks_nav.dat
C:\Documents and Settings\Denis\Application Data\wqcekks_navps.dat
C:\Documents and Settings\Stéphane\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\IE4 Error Log.txt
C:\WINDOWS\start.exe
C:\WINDOWS\system32\Cfx32.lic
C:\WINDOWS\system32\cfx32.ocx
C:\WINDOWS\system32\drivers\Xprotector.sys
C:\WINDOWS\system32\mac.dll
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\system32\windows.scr
C:\WINDOWS\Web\default.htt
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Legacy_XPROTECTOR
-------\Service_NPF
-------\Service_XPROTECTOR
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-28 au 2008-10-30 ))))))))))))))))))))))))))))))))))))
.
2008-10-30 19:09 . 2008-10-30 19:09 <REP> d-------- C:\Documents and Settings\Enfants\Application Data\Spyware Terminator
2008-10-30 11:05 . 2008-10-30 11:05 <REP> d-------- C:\Documents and Settings\Denis\Application Data\Grisoft
2008-10-30 11:05 . 2008-10-30 11:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-10-30 11:05 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2008-10-30 01:14 . 2008-10-30 01:14 <REP> d-------- C:\Navipromo
2008-10-30 00:14 . 2008-10-30 00:14 <REP> d-------- C:\rsit
2008-10-30 00:04 . 2008-10-30 00:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\GARMIN
2008-10-30 00:03 . 2008-10-30 00:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-10-29 22:15 . 2008-10-29 22:15 <REP> d-------- C:\Program Files\Navilog1
2008-10-28 16:25 . 2008-10-28 16:25 <REP> d-------- C:\Intel
2008-10-28 13:58 . 2008-10-28 13:58 <REP> d-------- C:\carte mère GIGABYTE GA-8IPE1000-G
2008-10-27 17:08 . 2008-10-27 17:08 142 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.inf
2008-10-24 12:22 . 2008-10-15 18:35 337,408 --------- C:\WINDOWS\SYSTEM32\dllcache\netapi32.dll
2008-10-23 19:00 . 2008-10-23 19:01 <REP> d-------- C:\Program Files\Trend Micro
2008-10-16 12:33 . 2008-08-14 15:23 2,191,232 --------- C:\WINDOWS\SYSTEM32\dllcache\ntoskrnl.exe
2008-10-16 12:33 . 2008-08-14 15:23 2,147,328 --------- C:\WINDOWS\SYSTEM32\dllcache\ntkrnlmp.exe
2008-10-16 12:33 . 2008-08-14 15:23 2,068,096 --------- C:\WINDOWS\SYSTEM32\dllcache\ntkrnlpa.exe
2008-10-16 12:33 . 2008-08-14 15:23 2,025,984 --------- C:\WINDOWS\SYSTEM32\dllcache\ntkrpamp.exe
2008-10-15 20:44 . 2008-09-08 12:41 333,824 --------- C:\WINDOWS\SYSTEM32\dllcache\srv.sys
2008-10-15 20:39 . 2008-09-15 17:26 1,846,528 --------- C:\WINDOWS\SYSTEM32\dllcache\win32k.sys
2008-10-14 05:34 . 2008-10-14 05:34 <REP> d--hs---- C:\FOUND.001
2008-10-12 15:36 . 2008-10-12 22:59 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-10-09 15:25 . 2008-10-09 15:25 62,895 --a------ C:\FT_Splash.img
2008-10-09 15:16 . 2007-11-13 23:29 95,744 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\Gt51Ip.sys
2008-10-09 15:16 . 2007-11-13 23:29 51,968 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\gt72ubus.sys
2008-10-09 15:16 . 2007-11-13 23:29 8,064 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\gtptser.sys
2008-10-09 12:45 . 2008-10-09 12:45 <REP> d-------- C:\Documents and Settings\Michèle\Application Data\Spyware Terminator
2008-10-08 22:49 . 2008-10-08 22:49 <REP> d-------- C:\Icon 225 pilotes
2008-10-08 16:18 . 2008-10-08 16:18 <REP> d-------- C:\Program Files\Fichiers communs\France Telecom(2)
2008-10-08 11:28 . 2008-10-08 11:28 <REP> d-------- C:\Program Files\Orange
2008-10-08 11:25 . 2008-10-08 11:25 <REP> d-------- C:\Program Files\CardDetector
2008-10-06 09:24 . 2008-10-06 09:24 <REP> d-------- C:\Documents and Settings\Denis\Application Data\Malwarebytes
2008-10-06 09:24 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-10-06 09:23 . 2008-10-06 09:23 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-06 09:23 . 2008-10-06 09:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-06 09:23 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-10-05 10:54 . 2008-10-05 10:54 <REP> d-------- C:\Program Files\Spyware Terminator
2008-10-05 10:54 . 2008-10-05 10:54 <REP> d-------- C:\Documents and Settings\Denis\Application Data\Spyware Terminator
2008-10-05 10:54 . 2008-10-05 10:54 141,312 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sp_rsdrv2.sys
2008-10-04 17:35 . 2008-10-04 17:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-23 11:51 . 2008-09-23 11:51 <REP> d--hs---- C:\FOUND.000
2008-09-01 10:56 . 2008-04-13 20:45 26,112 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbser.sys
2008-09-01 10:56 . 2008-04-13 20:45 26,112 --a------ C:\WINDOWS\SYSTEM32\dllcache\usbser.sys
2008-09-01 10:55 . 2008-09-01 10:55 0 --ah----- C:\WINDOWS\SYSTEM32\DRIVERS\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-09-01 10:55 . 2008-09-01 10:55 0 --ah----- C:\WINDOWS\SYSTEM32\DRIVERS\Msft_Kernel_ccdcmb_01005.Wdf
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-03 18:12 6,066,176 ------w C:\WINDOWS\SYSTEM32\dllcache\ieframe.dll
2008-09-15 16:26 1,846,528 ----a-w C:\WINDOWS\SYSTEM32\WIN32K.SYS
2008-09-08 11:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-05 22:30 952,360 ------w C:\WINDOWS\SYSTEM32\dllcache\WgaTray.exe
2008-09-05 22:30 267,304 ------w C:\WINDOWS\SYSTEM32\dllcache\wgaLogon.dll
2008-08-31 20:56 79,304 ----a-w C:\Documents and Settings\Denis\Application Data\GDIPFONTCACHEV1.DAT
2008-08-31 20:56 --------- d-----w C:\Documents and Settings\Denis\Application Data\LEA
2008-08-31 20:55 --------- d-----w C:\Program Files\WinPcap
2008-08-31 20:55 --------- d-----w C:\Program Files\LEA
2008-08-31 20:55 --------- d-----w C:\Documents and Settings\Denis\Application Data\SoftPlug
2008-08-31 13:19 --------- d-----w C:\Program Files\Fichiers communs\PCSuite
2008-08-31 13:17 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-08-27 10:11 3,593,216 ----a-w C:\WINDOWS\SYSTEM32\dllcache\mshtml.dll
2008-08-25 09:39 70,656 ------w C:\WINDOWS\SYSTEM32\dllcache\ie4uinit.exe
2008-08-25 09:38 13,824 ------w C:\WINDOWS\SYSTEM32\dllcache\ieudinit.exe
2008-08-23 06:56 635,848 ------w C:\WINDOWS\SYSTEM32\dllcache\iexplore.exe
2008-08-23 06:54 161,792 ----a-w C:\WINDOWS\SYSTEM32\dllcache\ieakui.dll
2008-08-14 14:23 2,191,232 ----a-w C:\WINDOWS\SYSTEM32\ntoskrnl.exe
2008-08-14 14:23 2,068,096 ----a-w C:\WINDOWS\SYSTEM32\ntkrnlpa.exe
2008-08-14 11:04 138,496 ------w C:\WINDOWS\SYSTEM32\dllcache\afd.sys
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\dllcache\cdm.dll
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\cdm.dll
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\wuauclt.exe
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wuauclt.exe
2008-07-18 21:10 45,768 ----a-w C:\WINDOWS\SYSTEM32\wups2.dll
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\wups.dll
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wups.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\wuapi.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wuapi.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\wucltui.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wucltui.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\wuweb.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wuweb.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\wuaueng.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wuaueng.dll
2008-07-18 21:07 270,880 ----a-w C:\WINDOWS\SYSTEM32\mucltui.dll
2008-07-18 21:07 210,976 ----a-w C:\WINDOWS\SYSTEM32\muweb.dll
2008-07-18 19:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-07 21:28 253,952 ----a-w C:\WINDOWS\SYSTEM32\es.dll
2008-07-07 21:28 253,952 ------w C:\WINDOWS\SYSTEM32\dllcache\es.dll
2008-02-28 13:07 75,416 ----a-w C:\Documents and Settings\Michèle\Application Data\GDIPFONTCACHEV1.DAT
2007-07-09 14:56 115 ----a-w C:\Documents and Settings\Michèle\Application Data\fusioncache.dat
2005-11-13 18:45 113 ----a-w C:\Documents and Settings\Denis\Application Data\fusioncache.dat
2005-02-23 06:40 20,480 ----a-w C:\Program Files\Fichiers communs\UninstallDrv.exe
2002-03-21 16:57 271 --sh--w C:\Program Files\desktop.ini
2002-03-21 16:57 23,506 ---h--w C:\Program Files\folder.htt
2002-01-06 00:40 1,789,440 ----a-w C:\Documents and Settings\Denis\FunMagic.exe
2001-03-28 11:02 122,880 ----a-w C:\WINDOWS\INF\Agfa\message.exe
1999-01-10 11:00 34,816 ----a-w C:\Documents and Settings\Denis\Dlportio.dll
1999-01-10 11:00 3,584 ----a-w C:\Documents and Settings\Denis\Dlportio.sys
1997-11-18 10:48 80,896 ----a-w C:\Documents and Settings\Denis\WINSCARD.DLL
2008-06-19 15:40 32,768 --sha-w C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008061920080620\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" [2008-06-19 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-05 68856]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-07-23 98304]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 63712]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-08-11 949376]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-10-05 1783808]
"CardDetectorICON225"="C:\Program Files\CardDetector\ICON225\CardDetector.exe" [2007-11-14 278528]
"Tweak UI"="TWEAKUI.CPL" [2001-02-21 C:\WINDOWS\SYSTEM32\TWEAKUI.CPL]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 C:\WINDOWS\SYSTEM32\bthprops.cpl]
C:\Documents and Settings\MichŠle\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2003-03-09 65588]
C:\Documents and Settings\Denis\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2003-03-09 65588]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
EPSON Status Monitor 3 Environment Check.lnk - C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE [2005-12-26 131584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll
"VIDC.VDOM"= vdowave.drv
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"AtiPTA"=Atiptaxx.exe
"VCDPlayer"="C:\Program Files\VirtualCD3\VCDPlayer.exe" /notool
"SoundMan"=SOUNDMAN.EXE
"UFD Monitor"=C:\Program Files\USB Flash Disk Utility\UFD Utility\UFDMon.exe
"UFD Utility"=C:\Program Files\USB Flash Disk Utility\UFD Utility\USBTD.exe
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
"LoadQM"=loadqm.exe
"NsUpdate"=C:\WINDOWS\NsUpdate.exe UPDATE
"Tweak UI"=RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
"WebRebates0"="C:\PROGRAM FILES\WEB_REBATES\WebRebates0.exe"
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
"IST Service"=C:\Program Files\ISTsvc\istsvc.exe
"Internet Optimizer"="C:\Program Files\Internet Optimizer\optimize.exe"
"autoclk"=autoclk.exe
"POINTER"=point32.exe
"Trickler"="c:\windows\temp\trickler_bic_gatordm_4010.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\i-Media\\ims.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Fichiers communs\\EPSON\\EBAPI\\eEBAgent.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\eMule\\emule.exe"=
"C:\\Cardsharing\\seca-irdeto-server-client\\tcpcardserver.exe"=
"C:\\Cardsharing\\MoscpheoTurbo_3_1_2\\MoscpheoTurbo_3_1_2\\MoscpheoTurbo.exe"=
"C:\\cardserver\\cardserver.exe"=
"C:\\Cardsharing\\ShareMax4[1].49Beta\\ShareMax.exe"=
"C:\\Cardsharing\\Crypto_Emulator_v7_9\\Crypto Emulator.exe"=
"C:\\Cardsharing\\Humax-cardsharing\\Humax-cardsharing\\cw105.exe"=
"C:\\Cardsharing\\Moscpheo Client-serveur\\Serveur\\MoscpheoTurbo.exe"=
"C:\\Cardsharing\\Jojo\\CS\\CS\\newcs.exe"=
"C:\\WINDOWS\\System32\\rtcshare.exe"=
"C:\\Cardsharing\\Jojo\\CWserver203\\CW203.exe"=
"C:\\Cardsharing\\CWserver203\\CW203.exe"=
"C:\\Cardsharing\\xcwdaemon5a\\xCWDaemon.exe"=
"C:\\Program Files\\adslTV\\vlc.exe"=
"C:\\Program Files\\adslTV\\adslTV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R1 GhPciScan;GhostPciScanner;C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys [2002-08-14 5632]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-10-05 141312]
R2 DLPortIO;DriverLINX Port I/O Driver;C:\WINDOWS\system32\DRIVERS\DLPortIO.SYS [1999-01-10 3584]
S3 AF05BDA;AF9005 BDA Device;C:\WINDOWS\system32\drivers\AF05BDA.sys [2006-03-02 133504]
S3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2004-08-04 327168]
S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 18848]
S3 GT72NDISIPXP;GT 72 IP NDIS;C:\WINDOWS\system32\DRIVERS\Gt51Ip.sys [2007-11-13 95744]
S3 GT72UBUS;GT 72 U BUS;C:\WINDOWS\system32\DRIVERS\gt72ubus.sys [2007-11-13 51968]
S3 GTPTSER;GT PT SER;C:\WINDOWS\system32\DRIVERS\gtptser.sys [2007-11-13 8064]
S3 INFUSB;INFUSB;C:\WINDOWS\system32\drivers\infusb.sys [2002-09-30 11520]
S3 SiBulk;SiBulk;C:\WINDOWS\system32\drivers\smartwi.sys [2005-02-07 46208]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{424bb925-957d-11dd-80a5-00508d47e8fe}]
\Shell\AutoRun\command - G:\AutoRunCardDetector.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86a50cc8-529e-11da-8e56-00508d47e8fe}]
\Shell\AutoRun\command - K:\SETUP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"C:\Program Files\Outlook Express\setup50.exe" /APP:OE /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"C:\Program Files\Outlook Express\setup50.exe" /APP:OE /CALLER:IE50 /user /install
"C:\Program Files\Outlook Express\setup50.exe" /APP:OE /CALLER:WIN9X /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"C:\Program Files\Outlook Express\setup50.exe" /APP:OE /CALLER:IE50 /user /install
"C:\Program Files\Outlook Express\setup50.exe" /APP:OE /CALLER:WIN9X /user /install
"C:\Program Files\Outlook Express\setup50.exe" /APP:OE /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
"C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
"C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
C:\WINDOWS\SYSTEM32\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl
.
Contenu du dossier 'Tâches planifiées'
2008-10-30 C:\WINDOWS\Tasks\Planificateur pour la collecte de données PCHealth.job
- C:\WINDOWS\PCHEALTH\SUPPORT\PCHSCHD.EXE []
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-wqcekks - c:\documents and settings\denis\application data\wqcekks.exe
HKU-Default-Run-Nokia.PCSync - C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
MSConfigStartUp-BlazeServoTool - C:\Program Files\BlazeVideo\BlazeDTV 2.5a\MediaDetector.exe
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Local Page = \blank.htm
R0 -: HKCU-Main,Start Page = about:blank
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: &eBay Search - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\SYSTEM\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
O16 -: teleir_cert - hxxps://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
C:\WINDOWS\Downloaded Program Files\teleir_cert.osd
O16 -: Yahoo! Chat - hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
C:\WINDOWS\Downloaded Program Files\Yahoo! Chat.osd
O16 -: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} - hxxp://mannequin.redoute.fr/activex/Mannequin.cab
C:\WINDOWS\Downloaded Program Files\mannequin.dll
O16 -: {6DB731A3-B074-4118-8B1C-32511C65D836} - hxxp://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
C:\WINDOWS\Downloaded Program Files\fpu.inf
C:\WINDOWS\system32\msvbvm60.dll
C:\WINDOWS\system32\OLEAUT32.DLL
C:\WINDOWS\system32\OLEPRO32.DLL
C:\WINDOWS\system32\ASYCFILT.DLL
C:\WINDOWS\system32\STDOLE2.TLB
C:\WINDOWS\system32\COMCAT.DLL
C:\WINDOWS\system32\ccrpftv6.ocx
C:\WINDOWS\system32\XceedFtp.dll
C:\WINDOWS\Downloaded Program Files\fpu.ocx
O16 -: {826287F8-454E-11D9-ADFE-00062919A34C} - hxxp://express.foto.com/activeX/newUploadFotoCom.CAB
C:\WINDOWS\Downloaded Program Files\newUploadFotoCom.INF
C:\WINDOWS\system32\WS2_32.DLL
C:\WINDOWS\system32\MSSTKPRP.DLL
C:\WINDOWS\system32\MSPRPFR.DLL
C:\WINDOWS\system32\OLEAUT32.DLL
C:\WINDOWS\system32\OLEPRO32.DLL
C:\WINDOWS\system32\ASYCFILT.DLL
C:\WINDOWS\system32\STDOLE2.TLB
C:\WINDOWS\system32\COMCAT.DLL
C:\WINDOWS\system32\VB6FR.DLL
C:\WINDOWS\system32\MSVBVM60.DLL
C:\WINDOWS\fotocom.ico
C:\WINDOWS\system32\STDFTFR.DLL
C:\WINDOWS\system32\MSSTDFMT.DLL
C:\WINDOWS\system32\DPDlg.ocx
C:\WINDOWS\system32\WINSKFR.DLL
C:\WINDOWS\system32\MSWINSCK.OCX
C:\WINDOWS\system32\CMDLGFR.DLL
C:\WINDOWS\system32\COMDLG32.OCX
C:\WINDOWS\system32\MSCMCFR.DLL
C:\WINDOWS\system32\MSCOMCTL.OCX
C:\WINDOWS\system32\RsaCrypt.dll
C:\WINDOWS\Downloaded Program Files\newUploadFotoCom.ocx
O16 -: {87DB35BC-9DB6-11D3-9356-00A0C9B760DB} - hxxp://cabs.rte.fr/RteDataTableMFC.cab
C:\WINDOWS\Downloaded Program Files\RteDataTable.inf
C:\WINDOWS\SYSTEM32\msvcrt.dll
C:\WINDOWS\SYSTEM32\mfc42.dll
C:\WINDOWS\SYSTEM32\olepro32.dll
C:\WINDOWS\Downloaded Program Files\RteDataTable.ocx
O16 -: {D6ED542B-6339-11D2-91A8-00A0C9B760DB} - hxxp://cabs.rte.fr/RteAllCabsMFC.cab
C:\WINDOWS\Downloaded Program Files\RteAllCabs.inf
C:\WINDOWS\SYSTEM32\msvcrt.dll
C:\WINDOWS\SYSTEM32\mfc42.dll
C:\WINDOWS\SYSTEM32\olepro32.dll
C:\WINDOWS\Downloaded Program Files\RteTiffX.ocx
C:\WINDOWS\Downloaded Program Files\RteDataTable.ocx
C:\WINDOWS\Downloaded Program Files\RteDoc.ocx
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-30 19:39:04
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
------------------------ Autres processus actifs ------------------------
.
C:\PROGRAM FILES\FICHIERS COMMUNS\EPSON\EBAPI\EEBSVC.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE
C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\EPSON\EBAPI\EEBAGENT.EXE
C:\PROGRAM FILES\SYMANTEC\NORTON GHOST 2003\GHOSTS~2.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\LIGHTSCRIBE\LSSRVC.EXE
C:\PROGRAM FILES\ESET\NOD32KRN.EXE
C:\PROGRAM FILES\SPYWARE TERMINATOR\SP_RSSER.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\PROGRAM FILES\WINDOWS LIVE\MESSENGER\MSNMSGR.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
.
**************************************************************************
.
Heure de fin: 2008-10-30 19:42:05 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-30 18:42:00
Avant-CF: 13 007 650 816 octets libres
Après-CF: 14,017,560,576 octets libres
368 --- E O F --- 2008-10-27 16:08:45
ComboFix 08-10-30.09 - Denis 2008-10-30 19:31:22.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.178 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\Denis\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
* Resident AV is active
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Denis\Application Data\wqcekks.dat
C:\Documents and Settings\Denis\Application Data\wqcekks.exe
C:\Documents and Settings\Denis\Application Data\wqcekks_nav.dat
C:\Documents and Settings\Denis\Application Data\wqcekks_navps.dat
C:\Documents and Settings\Stéphane\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\IE4 Error Log.txt
C:\WINDOWS\start.exe
C:\WINDOWS\system32\Cfx32.lic
C:\WINDOWS\system32\cfx32.ocx
C:\WINDOWS\system32\drivers\Xprotector.sys
C:\WINDOWS\system32\mac.dll
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\system32\windows.scr
C:\WINDOWS\Web\default.htt
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Legacy_XPROTECTOR
-------\Service_NPF
-------\Service_XPROTECTOR
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-28 au 2008-10-30 ))))))))))))))))))))))))))))))))))))
.
2008-10-30 19:09 . 2008-10-30 19:09 <REP> d-------- C:\Documents and Settings\Enfants\Application Data\Spyware Terminator
2008-10-30 11:05 . 2008-10-30 11:05 <REP> d-------- C:\Documents and Settings\Denis\Application Data\Grisoft
2008-10-30 11:05 . 2008-10-30 11:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-10-30 11:05 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2008-10-30 01:14 . 2008-10-30 01:14 <REP> d-------- C:\Navipromo
2008-10-30 00:14 . 2008-10-30 00:14 <REP> d-------- C:\rsit
2008-10-30 00:04 . 2008-10-30 00:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\GARMIN
2008-10-30 00:03 . 2008-10-30 00:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-10-29 22:15 . 2008-10-29 22:15 <REP> d-------- C:\Program Files\Navilog1
2008-10-28 16:25 . 2008-10-28 16:25 <REP> d-------- C:\Intel
2008-10-28 13:58 . 2008-10-28 13:58 <REP> d-------- C:\carte mère GIGABYTE GA-8IPE1000-G
2008-10-27 17:08 . 2008-10-27 17:08 142 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.inf
2008-10-24 12:22 . 2008-10-15 18:35 337,408 --------- C:\WINDOWS\SYSTEM32\dllcache\netapi32.dll
2008-10-23 19:00 . 2008-10-23 19:01 <REP> d-------- C:\Program Files\Trend Micro
2008-10-16 12:33 . 2008-08-14 15:23 2,191,232 --------- C:\WINDOWS\SYSTEM32\dllcache\ntoskrnl.exe
2008-10-16 12:33 . 2008-08-14 15:23 2,147,328 --------- C:\WINDOWS\SYSTEM32\dllcache\ntkrnlmp.exe
2008-10-16 12:33 . 2008-08-14 15:23 2,068,096 --------- C:\WINDOWS\SYSTEM32\dllcache\ntkrnlpa.exe
2008-10-16 12:33 . 2008-08-14 15:23 2,025,984 --------- C:\WINDOWS\SYSTEM32\dllcache\ntkrpamp.exe
2008-10-15 20:44 . 2008-09-08 12:41 333,824 --------- C:\WINDOWS\SYSTEM32\dllcache\srv.sys
2008-10-15 20:39 . 2008-09-15 17:26 1,846,528 --------- C:\WINDOWS\SYSTEM32\dllcache\win32k.sys
2008-10-14 05:34 . 2008-10-14 05:34 <REP> d--hs---- C:\FOUND.001
2008-10-12 15:36 . 2008-10-12 22:59 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-10-09 15:25 . 2008-10-09 15:25 62,895 --a------ C:\FT_Splash.img
2008-10-09 15:16 . 2007-11-13 23:29 95,744 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\Gt51Ip.sys
2008-10-09 15:16 . 2007-11-13 23:29 51,968 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\gt72ubus.sys
2008-10-09 15:16 . 2007-11-13 23:29 8,064 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\gtptser.sys
2008-10-09 12:45 . 2008-10-09 12:45 <REP> d-------- C:\Documents and Settings\Michèle\Application Data\Spyware Terminator
2008-10-08 22:49 . 2008-10-08 22:49 <REP> d-------- C:\Icon 225 pilotes
2008-10-08 16:18 . 2008-10-08 16:18 <REP> d-------- C:\Program Files\Fichiers communs\France Telecom(2)
2008-10-08 11:28 . 2008-10-08 11:28 <REP> d-------- C:\Program Files\Orange
2008-10-08 11:25 . 2008-10-08 11:25 <REP> d-------- C:\Program Files\CardDetector
2008-10-06 09:24 . 2008-10-06 09:24 <REP> d-------- C:\Documents and Settings\Denis\Application Data\Malwarebytes
2008-10-06 09:24 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-10-06 09:23 . 2008-10-06 09:23 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-06 09:23 . 2008-10-06 09:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-06 09:23 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-10-05 10:54 . 2008-10-05 10:54 <REP> d-------- C:\Program Files\Spyware Terminator
2008-10-05 10:54 . 2008-10-05 10:54 <REP> d-------- C:\Documents and Settings\Denis\Application Data\Spyware Terminator
2008-10-05 10:54 . 2008-10-05 10:54 141,312 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sp_rsdrv2.sys
2008-10-04 17:35 . 2008-10-04 17:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-23 11:51 . 2008-09-23 11:51 <REP> d--hs---- C:\FOUND.000
2008-09-01 10:56 . 2008-04-13 20:45 26,112 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbser.sys
2008-09-01 10:56 . 2008-04-13 20:45 26,112 --a------ C:\WINDOWS\SYSTEM32\dllcache\usbser.sys
2008-09-01 10:55 . 2008-09-01 10:55 0 --ah----- C:\WINDOWS\SYSTEM32\DRIVERS\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-09-01 10:55 . 2008-09-01 10:55 0 --ah----- C:\WINDOWS\SYSTEM32\DRIVERS\Msft_Kernel_ccdcmb_01005.Wdf
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-03 18:12 6,066,176 ------w C:\WINDOWS\SYSTEM32\dllcache\ieframe.dll
2008-09-15 16:26 1,846,528 ----a-w C:\WINDOWS\SYSTEM32\WIN32K.SYS
2008-09-08 11:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-05 22:30 952,360 ------w C:\WINDOWS\SYSTEM32\dllcache\WgaTray.exe
2008-09-05 22:30 267,304 ------w C:\WINDOWS\SYSTEM32\dllcache\wgaLogon.dll
2008-08-31 20:56 79,304 ----a-w C:\Documents and Settings\Denis\Application Data\GDIPFONTCACHEV1.DAT
2008-08-31 20:56 --------- d-----w C:\Documents and Settings\Denis\Application Data\LEA
2008-08-31 20:55 --------- d-----w C:\Program Files\WinPcap
2008-08-31 20:55 --------- d-----w C:\Program Files\LEA
2008-08-31 20:55 --------- d-----w C:\Documents and Settings\Denis\Application Data\SoftPlug
2008-08-31 13:19 --------- d-----w C:\Program Files\Fichiers communs\PCSuite
2008-08-31 13:17 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-08-27 10:11 3,593,216 ----a-w C:\WINDOWS\SYSTEM32\dllcache\mshtml.dll
2008-08-25 09:39 70,656 ------w C:\WINDOWS\SYSTEM32\dllcache\ie4uinit.exe
2008-08-25 09:38 13,824 ------w C:\WINDOWS\SYSTEM32\dllcache\ieudinit.exe
2008-08-23 06:56 635,848 ------w C:\WINDOWS\SYSTEM32\dllcache\iexplore.exe
2008-08-23 06:54 161,792 ----a-w C:\WINDOWS\SYSTEM32\dllcache\ieakui.dll
2008-08-14 14:23 2,191,232 ----a-w C:\WINDOWS\SYSTEM32\ntoskrnl.exe
2008-08-14 14:23 2,068,096 ----a-w C:\WINDOWS\SYSTEM32\ntkrnlpa.exe
2008-08-14 11:04 138,496 ------w C:\WINDOWS\SYSTEM32\dllcache\afd.sys
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\dllcache\cdm.dll
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\cdm.dll
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\wuauclt.exe
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wuauclt.exe
2008-07-18 21:10 45,768 ----a-w C:\WINDOWS\SYSTEM32\wups2.dll
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\wups.dll
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wups.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\wuapi.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wuapi.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\wucltui.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wucltui.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\wuweb.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wuweb.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\wuaueng.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wuaueng.dll
2008-07-18 21:07 270,880 ----a-w C:\WINDOWS\SYSTEM32\mucltui.dll
2008-07-18 21:07 210,976 ----a-w C:\WINDOWS\SYSTEM32\muweb.dll
2008-07-18 19:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-07 21:28 253,952 ----a-w C:\WINDOWS\SYSTEM32\es.dll
2008-07-07 21:28 253,952 ------w C:\WINDOWS\SYSTEM32\dllcache\es.dll
2008-02-28 13:07 75,416 ----a-w C:\Documents and Settings\Michèle\Application Data\GDIPFONTCACHEV1.DAT
2007-07-09 14:56 115 ----a-w C:\Documents and Settings\Michèle\Application Data\fusioncache.dat
2005-11-13 18:45 113 ----a-w C:\Documents and Settings\Denis\Application Data\fusioncache.dat
2005-02-23 06:40 20,480 ----a-w C:\Program Files\Fichiers communs\UninstallDrv.exe
2002-03-21 16:57 271 --sh--w C:\Program Files\desktop.ini
2002-03-21 16:57 23,506 ---h--w C:\Program Files\folder.htt
2002-01-06 00:40 1,789,440 ----a-w C:\Documents and Settings\Denis\FunMagic.exe
2001-03-28 11:02 122,880 ----a-w C:\WINDOWS\INF\Agfa\message.exe
1999-01-10 11:00 34,816 ----a-w C:\Documents and Settings\Denis\Dlportio.dll
1999-01-10 11:00 3,584 ----a-w C:\Documents and Settings\Denis\Dlportio.sys
1997-11-18 10:48 80,896 ----a-w C:\Documents and Settings\Denis\WINSCARD.DLL
2008-06-19 15:40 32,768 --sha-w C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008061920080620\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" [2008-06-19 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-05 68856]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-07-23 98304]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 63712]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-08-11 949376]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-10-05 1783808]
"CardDetectorICON225"="C:\Program Files\CardDetector\ICON225\CardDetector.exe" [2007-11-14 278528]
"Tweak UI"="TWEAKUI.CPL" [2001-02-21 C:\WINDOWS\SYSTEM32\TWEAKUI.CPL]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 C:\WINDOWS\SYSTEM32\bthprops.cpl]
C:\Documents and Settings\MichŠle\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2003-03-09 65588]
C:\Documents and Settings\Denis\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2003-03-09 65588]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
EPSON Status Monitor 3 Environment Check.lnk - C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE [2005-12-26 131584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll
"VIDC.VDOM"= vdowave.drv
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"AtiPTA"=Atiptaxx.exe
"VCDPlayer"="C:\Program Files\VirtualCD3\VCDPlayer.exe" /notool
"SoundMan"=SOUNDMAN.EXE
"UFD Monitor"=C:\Program Files\USB Flash Disk Utility\UFD Utility\UFDMon.exe
"UFD Utility"=C:\Program Files\USB Flash Disk Utility\UFD Utility\USBTD.exe
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
"LoadQM"=loadqm.exe
"NsUpdate"=C:\WINDOWS\NsUpdate.exe UPDATE
"Tweak UI"=RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
"WebRebates0"="C:\PROGRAM FILES\WEB_REBATES\WebRebates0.exe"
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
"IST Service"=C:\Program Files\ISTsvc\istsvc.exe
"Internet Optimizer"="C:\Program Files\Internet Optimizer\optimize.exe"
"autoclk"=autoclk.exe
"POINTER"=point32.exe
"Trickler"="c:\windows\temp\trickler_bic_gatordm_4010.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\i-Media\\ims.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Fichiers communs\\EPSON\\EBAPI\\eEBAgent.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\eMule\\emule.exe"=
"C:\\Cardsharing\\seca-irdeto-server-client\\tcpcardserver.exe"=
"C:\\Cardsharing\\MoscpheoTurbo_3_1_2\\MoscpheoTurbo_3_1_2\\MoscpheoTurbo.exe"=
"C:\\cardserver\\cardserver.exe"=
"C:\\Cardsharing\\ShareMax4[1].49Beta\\ShareMax.exe"=
"C:\\Cardsharing\\Crypto_Emulator_v7_9\\Crypto Emulator.exe"=
"C:\\Cardsharing\\Humax-cardsharing\\Humax-cardsharing\\cw105.exe"=
"C:\\Cardsharing\\Moscpheo Client-serveur\\Serveur\\MoscpheoTurbo.exe"=
"C:\\Cardsharing\\Jojo\\CS\\CS\\newcs.exe"=
"C:\\WINDOWS\\System32\\rtcshare.exe"=
"C:\\Cardsharing\\Jojo\\CWserver203\\CW203.exe"=
"C:\\Cardsharing\\CWserver203\\CW203.exe"=
"C:\\Cardsharing\\xcwdaemon5a\\xCWDaemon.exe"=
"C:\\Program Files\\adslTV\\vlc.exe"=
"C:\\Program Files\\adslTV\\adslTV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R1 GhPciScan;GhostPciScanner;C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys [2002-08-14 5632]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-10-05 141312]
R2 DLPortIO;DriverLINX Port I/O Driver;C:\WINDOWS\system32\DRIVERS\DLPortIO.SYS [1999-01-10 3584]
S3 AF05BDA;AF9005 BDA Device;C:\WINDOWS\system32\drivers\AF05BDA.sys [2006-03-02 133504]
S3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2004-08-04 327168]
S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 18848]
S3 GT72NDISIPXP;GT 72 IP NDIS;C:\WINDOWS\system32\DRIVERS\Gt51Ip.sys [2007-11-13 95744]
S3 GT72UBUS;GT 72 U BUS;C:\WINDOWS\system32\DRIVERS\gt72ubus.sys [2007-11-13 51968]
S3 GTPTSER;GT PT SER;C:\WINDOWS\system32\DRIVERS\gtptser.sys [2007-11-13 8064]
S3 INFUSB;INFUSB;C:\WINDOWS\system32\drivers\infusb.sys [2002-09-30 11520]
S3 SiBulk;SiBulk;C:\WINDOWS\system32\drivers\smartwi.sys [2005-02-07 46208]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{424bb925-957d-11dd-80a5-00508d47e8fe}]
\Shell\AutoRun\command - G:\AutoRunCardDetector.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86a50cc8-529e-11da-8e56-00508d47e8fe}]
\Shell\AutoRun\command - K:\SETUP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"C:\Program Files\Outlook Express\setup50.exe" /APP:OE /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"C:\Program Files\Outlook Express\setup50.exe" /APP:OE /CALLER:IE50 /user /install
"C:\Program Files\Outlook Express\setup50.exe" /APP:OE /CALLER:WIN9X /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"C:\Program Files\Outlook Express\setup50.exe" /APP:OE /CALLER:IE50 /user /install
"C:\Program Files\Outlook Express\setup50.exe" /APP:OE /CALLER:WIN9X /user /install
"C:\Program Files\Outlook Express\setup50.exe" /APP:OE /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
"C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
"C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
C:\WINDOWS\SYSTEM32\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl
.
Contenu du dossier 'Tâches planifiées'
2008-10-30 C:\WINDOWS\Tasks\Planificateur pour la collecte de données PCHealth.job
- C:\WINDOWS\PCHEALTH\SUPPORT\PCHSCHD.EXE []
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-wqcekks - c:\documents and settings\denis\application data\wqcekks.exe
HKU-Default-Run-Nokia.PCSync - C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
MSConfigStartUp-BlazeServoTool - C:\Program Files\BlazeVideo\BlazeDTV 2.5a\MediaDetector.exe
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Local Page = \blank.htm
R0 -: HKCU-Main,Start Page = about:blank
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: &eBay Search - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\SYSTEM\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
O16 -: teleir_cert - hxxps://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
C:\WINDOWS\Downloaded Program Files\teleir_cert.osd
O16 -: Yahoo! Chat - hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
C:\WINDOWS\Downloaded Program Files\Yahoo! Chat.osd
O16 -: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} - hxxp://mannequin.redoute.fr/activex/Mannequin.cab
C:\WINDOWS\Downloaded Program Files\mannequin.dll
O16 -: {6DB731A3-B074-4118-8B1C-32511C65D836} - hxxp://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
C:\WINDOWS\Downloaded Program Files\fpu.inf
C:\WINDOWS\system32\msvbvm60.dll
C:\WINDOWS\system32\OLEAUT32.DLL
C:\WINDOWS\system32\OLEPRO32.DLL
C:\WINDOWS\system32\ASYCFILT.DLL
C:\WINDOWS\system32\STDOLE2.TLB
C:\WINDOWS\system32\COMCAT.DLL
C:\WINDOWS\system32\ccrpftv6.ocx
C:\WINDOWS\system32\XceedFtp.dll
C:\WINDOWS\Downloaded Program Files\fpu.ocx
O16 -: {826287F8-454E-11D9-ADFE-00062919A34C} - hxxp://express.foto.com/activeX/newUploadFotoCom.CAB
C:\WINDOWS\Downloaded Program Files\newUploadFotoCom.INF
C:\WINDOWS\system32\WS2_32.DLL
C:\WINDOWS\system32\MSSTKPRP.DLL
C:\WINDOWS\system32\MSPRPFR.DLL
C:\WINDOWS\system32\OLEAUT32.DLL
C:\WINDOWS\system32\OLEPRO32.DLL
C:\WINDOWS\system32\ASYCFILT.DLL
C:\WINDOWS\system32\STDOLE2.TLB
C:\WINDOWS\system32\COMCAT.DLL
C:\WINDOWS\system32\VB6FR.DLL
C:\WINDOWS\system32\MSVBVM60.DLL
C:\WINDOWS\fotocom.ico
C:\WINDOWS\system32\STDFTFR.DLL
C:\WINDOWS\system32\MSSTDFMT.DLL
C:\WINDOWS\system32\DPDlg.ocx
C:\WINDOWS\system32\WINSKFR.DLL
C:\WINDOWS\system32\MSWINSCK.OCX
C:\WINDOWS\system32\CMDLGFR.DLL
C:\WINDOWS\system32\COMDLG32.OCX
C:\WINDOWS\system32\MSCMCFR.DLL
C:\WINDOWS\system32\MSCOMCTL.OCX
C:\WINDOWS\system32\RsaCrypt.dll
C:\WINDOWS\Downloaded Program Files\newUploadFotoCom.ocx
O16 -: {87DB35BC-9DB6-11D3-9356-00A0C9B760DB} - hxxp://cabs.rte.fr/RteDataTableMFC.cab
C:\WINDOWS\Downloaded Program Files\RteDataTable.inf
C:\WINDOWS\SYSTEM32\msvcrt.dll
C:\WINDOWS\SYSTEM32\mfc42.dll
C:\WINDOWS\SYSTEM32\olepro32.dll
C:\WINDOWS\Downloaded Program Files\RteDataTable.ocx
O16 -: {D6ED542B-6339-11D2-91A8-00A0C9B760DB} - hxxp://cabs.rte.fr/RteAllCabsMFC.cab
C:\WINDOWS\Downloaded Program Files\RteAllCabs.inf
C:\WINDOWS\SYSTEM32\msvcrt.dll
C:\WINDOWS\SYSTEM32\mfc42.dll
C:\WINDOWS\SYSTEM32\olepro32.dll
C:\WINDOWS\Downloaded Program Files\RteTiffX.ocx
C:\WINDOWS\Downloaded Program Files\RteDataTable.ocx
C:\WINDOWS\Downloaded Program Files\RteDoc.ocx
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-30 19:39:04
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
------------------------ Autres processus actifs ------------------------
.
C:\PROGRAM FILES\FICHIERS COMMUNS\EPSON\EBAPI\EEBSVC.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE
C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\EPSON\EBAPI\EEBAGENT.EXE
C:\PROGRAM FILES\SYMANTEC\NORTON GHOST 2003\GHOSTS~2.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\LIGHTSCRIBE\LSSRVC.EXE
C:\PROGRAM FILES\ESET\NOD32KRN.EXE
C:\PROGRAM FILES\SPYWARE TERMINATOR\SP_RSSER.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\PROGRAM FILES\WINDOWS LIVE\MESSENGER\MSNMSGR.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
.
**************************************************************************
.
Heure de fin: 2008-10-30 19:42:05 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-30 18:42:00
Avant-CF: 13 007 650 816 octets libres
Après-CF: 14,017,560,576 octets libres
368 --- E O F --- 2008-10-27 16:08:45
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 290
30 oct. 2008 à 20:43
30 oct. 2008 à 20:43
---> Réessaie Navilog1.
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 290
30 oct. 2008 à 20:59
30 oct. 2008 à 20:59
---> Télécharge Toolbar S&D (Team IDN) sur ton Bureau.
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
rapport de ToolBar S&D
-----------\\ ToolBar S&D 1.2.4 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.40GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Denis ( Administrator )
BOOT : Normal boot
Antivirus : ESET NOD32 antivirus system 2.70 2.70 (Activated)
Firewall : Norton Internet Worm Protection 2005 (Activated)
A:\ (USB)
C:\ (Local Disk) - FAT32 - Total:76 Go (Free:13 Go)
D:\ (USB)
E:\ (USB)
F:\ (CD or DVD)
H:\ (CD or DVD)
P:\ (USB)
Q:\ (USB)
R:\ (USB)
"C:\ToolBar SD" ( MAJ : 27-10-2008|09:25 )
Option : [1] ( 30/10/2008|21:11 )
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="\\blank.htm"
"Start Page"="about:blank"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
"SearchAssistant"="http://searchbar.findthewebsiteyouneed.com/"
"Update_Check_Page"="http://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update"
"Search Bar"="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fsearch%2flobby%2fsearch.asp%3f"
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\DENIS\Bureau\NOD32 + crack
C:\DOCUME~1\DENIS\Bureau\NOD32 + crack\Nod32 v2[1][1][1].50.41 Francais Et Crack.rar
C:\DOCUME~1\DENIS\Bureau\NOD32 + crack\Nod32 v2[1][1][1].50.41 Francais Et Crack
C:\DOCUME~1\DENIS\Bureau\NOD32 + crack\Nod32 v2[1][1][1].50.41 Francais Et Crack\Nod32 v2.50.41 Francais Et Crack
C:\DOCUME~1\DENIS\Bureau\NOD32 + crack\Nod32 v2[1][1][1].50.41 Francais Et Crack\Nod32 v2.50.41 Francais Et Crack\Install_Nod32_V2.50.41_FRANCAIS_README.txt
C:\DOCUME~1\DENIS\Bureau\NOD32 + crack\Nod32 v2[1][1][1].50.41 Francais Et Crack\Nod32 v2.50.41 Francais Et Crack\Nod32 Server Free Updates.txt
C:\DOCUME~1\DENIS\Bureau\NOD32 + crack\Nod32 v2[1][1][1].50.41 Francais Et Crack\Nod32 v2.50.41 Francais Et Crack\Nod32 v2.50 FRENCH.exe
C:\DOCUME~1\DENIS\Bureau\NOD32 + crack\Nod32 v2[1][1][1].50.41 Francais Et Crack\Nod32 v2.50.41 Francais Et Crack\NOD32 v2.50.25 Crack_a tester apres FIX si marche pas
C:\DOCUME~1\DENIS\Bureau\NOD32 + crack\Nod32 v2[1][1][1].50.41 Francais Et Crack\Nod32 v2.50.41 Francais Et Crack\NOD32 v2.50.25 Crack_a tester apres FIX si marche pas\readme.html
1 - "C:\ToolBar SD\TB_1.txt" - 30/10/2008|21:12 - Option : [1]
-----------\\ Fin du rapport a 21:12:32,64
-----------\\ ToolBar S&D 1.2.4 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.40GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Denis ( Administrator )
BOOT : Normal boot
Antivirus : ESET NOD32 antivirus system 2.70 2.70 (Activated)
Firewall : Norton Internet Worm Protection 2005 (Activated)
A:\ (USB)
C:\ (Local Disk) - FAT32 - Total:76 Go (Free:13 Go)
D:\ (USB)
E:\ (USB)
F:\ (CD or DVD)
H:\ (CD or DVD)
P:\ (USB)
Q:\ (USB)
R:\ (USB)
"C:\ToolBar SD" ( MAJ : 27-10-2008|09:25 )
Option : [1] ( 30/10/2008|21:11 )
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="\\blank.htm"
"Start Page"="about:blank"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
"SearchAssistant"="http://searchbar.findthewebsiteyouneed.com/"
"Update_Check_Page"="http://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update"
"Search Bar"="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fsearch%2flobby%2fsearch.asp%3f"
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\DENIS\Bureau\NOD32 + crack
C:\DOCUME~1\DENIS\Bureau\NOD32 + crack\Nod32 v2[1][1][1].50.41 Francais Et Crack.rar
C:\DOCUME~1\DENIS\Bureau\NOD32 + crack\Nod32 v2[1][1][1].50.41 Francais Et Crack
C:\DOCUME~1\DENIS\Bureau\NOD32 + crack\Nod32 v2[1][1][1].50.41 Francais Et Crack\Nod32 v2.50.41 Francais Et Crack
C:\DOCUME~1\DENIS\Bureau\NOD32 + crack\Nod32 v2[1][1][1].50.41 Francais Et Crack\Nod32 v2.50.41 Francais Et Crack\Install_Nod32_V2.50.41_FRANCAIS_README.txt
C:\DOCUME~1\DENIS\Bureau\NOD32 + crack\Nod32 v2[1][1][1].50.41 Francais Et Crack\Nod32 v2.50.41 Francais Et Crack\Nod32 Server Free Updates.txt
C:\DOCUME~1\DENIS\Bureau\NOD32 + crack\Nod32 v2[1][1][1].50.41 Francais Et Crack\Nod32 v2.50.41 Francais Et Crack\Nod32 v2.50 FRENCH.exe
C:\DOCUME~1\DENIS\Bureau\NOD32 + crack\Nod32 v2[1][1][1].50.41 Francais Et Crack\Nod32 v2.50.41 Francais Et Crack\NOD32 v2.50.25 Crack_a tester apres FIX si marche pas
C:\DOCUME~1\DENIS\Bureau\NOD32 + crack\Nod32 v2[1][1][1].50.41 Francais Et Crack\Nod32 v2.50.41 Francais Et Crack\NOD32 v2.50.25 Crack_a tester apres FIX si marche pas\readme.html
1 - "C:\ToolBar SD\TB_1.txt" - 30/10/2008|21:12 - Option : [1]
-----------\\ Fin du rapport a 21:12:32,64
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 290
30 oct. 2008 à 21:42
30 oct. 2008 à 21:42
/!\ Seul denisdoc peut suivre cette procédure /!\
1/
---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.
---> Copie le texte ci-dessous par sélection puis Ctrl+C :
KillAll::
File::
C:\WINDOWS\NsUpdate.exe
c:\windows\temp\trickler_bic_gatordm_4010.exe
Folder::
C:\PROGRAM FILES\WEB_REBATES\
C:\PROGRA~1\MYWEBS~1\
C:\Program Files\ISTsvc\
C:\Program Files\Internet Optimizer\
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"NsUpdate"=-
"WebRebates0"=-
"MyWebSearch Email Plugin"=-
"IST Service"=-
"Internet Optimizer"=-
"Trickler"=-
---> Colle la sélection dans le bloc-notes
---> Enregistre ce fichier sur le bureau (Impératif)
---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes
2/
---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif
[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.
[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.
[*] Une fois le scan achevé, un rapport va s'afficher : poste-le
[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix.txt
1/
---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.
---> Copie le texte ci-dessous par sélection puis Ctrl+C :
KillAll::
File::
C:\WINDOWS\NsUpdate.exe
c:\windows\temp\trickler_bic_gatordm_4010.exe
Folder::
C:\PROGRAM FILES\WEB_REBATES\
C:\PROGRA~1\MYWEBS~1\
C:\Program Files\ISTsvc\
C:\Program Files\Internet Optimizer\
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"NsUpdate"=-
"WebRebates0"=-
"MyWebSearch Email Plugin"=-
"IST Service"=-
"Internet Optimizer"=-
"Trickler"=-
---> Colle la sélection dans le bloc-notes
---> Enregistre ce fichier sur le bureau (Impératif)
---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes
2/
---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif
[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.
[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.
[*] Une fois le scan achevé, un rapport va s'afficher : poste-le
[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix.txt
ComboFix 08-10-30.09 - Denis 2008-10-30 21:53:36.2 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.241 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\Denis\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\Denis\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé
* Resident AV is active
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
FILE ::
C:\WINDOWS\NsUpdate.exe
c:\windows\temp\trickler_bic_gatordm_4010.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-28 au 2008-10-30 ))))))))))))))))))))))))))))))))))))
.
2008-10-30 21:10 . 2008-10-30 21:10 <REP> d-------- C:\ToolBar SD
2008-10-30 19:09 . 2008-10-30 19:09 <REP> d-------- C:\Documents and Settings\Enfants\Application Data\Spyware Terminator
2008-10-30 11:05 . 2008-10-30 11:05 <REP> d-------- C:\Documents and Settings\Denis\Application Data\Grisoft
2008-10-30 11:05 . 2008-10-30 11:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-10-30 11:05 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2008-10-30 01:14 . 2008-10-30 01:14 <REP> d-------- C:\Navipromo
2008-10-30 00:14 . 2008-10-30 00:14 <REP> d-------- C:\rsit
2008-10-30 00:04 . 2008-10-30 00:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\GARMIN
2008-10-30 00:03 . 2008-10-30 00:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-10-29 22:15 . 2008-10-29 22:15 <REP> d-------- C:\Program Files\Navilog1
2008-10-28 16:25 . 2008-10-28 16:25 <REP> d-------- C:\Intel
2008-10-28 13:58 . 2008-10-28 13:58 <REP> d-------- C:\carte mère GIGABYTE GA-8IPE1000-G
2008-10-27 17:08 . 2008-10-27 17:08 142 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.inf
2008-10-24 12:22 . 2008-10-15 18:35 337,408 --------- C:\WINDOWS\SYSTEM32\dllcache\netapi32.dll
2008-10-23 19:00 . 2008-10-23 19:01 <REP> d-------- C:\Program Files\Trend Micro
2008-10-16 12:33 . 2008-08-14 15:23 2,191,232 --------- C:\WINDOWS\SYSTEM32\dllcache\ntoskrnl.exe
2008-10-16 12:33 . 2008-08-14 15:23 2,147,328 --------- C:\WINDOWS\SYSTEM32\dllcache\ntkrnlmp.exe
2008-10-16 12:33 . 2008-08-14 15:23 2,068,096 --------- C:\WINDOWS\SYSTEM32\dllcache\ntkrnlpa.exe
2008-10-16 12:33 . 2008-08-14 15:23 2,025,984 --------- C:\WINDOWS\SYSTEM32\dllcache\ntkrpamp.exe
2008-10-15 20:44 . 2008-09-08 12:41 333,824 --------- C:\WINDOWS\SYSTEM32\dllcache\srv.sys
2008-10-15 20:39 . 2008-09-15 17:26 1,846,528 --------- C:\WINDOWS\SYSTEM32\dllcache\win32k.sys
2008-10-14 05:34 . 2008-10-14 05:34 <REP> d--hs---- C:\FOUND.001
2008-10-12 15:36 . 2008-10-12 22:59 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-10-09 15:25 . 2008-10-09 15:25 62,895 --a------ C:\FT_Splash.img
2008-10-09 15:16 . 2007-11-13 23:29 95,744 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\Gt51Ip.sys
2008-10-09 15:16 . 2007-11-13 23:29 51,968 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\gt72ubus.sys
2008-10-09 15:16 . 2007-11-13 23:29 8,064 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\gtptser.sys
2008-10-09 12:45 . 2008-10-09 12:45 <REP> d-------- C:\Documents and Settings\Michèle\Application Data\Spyware Terminator
2008-10-08 22:49 . 2008-10-08 22:49 <REP> d-------- C:\Icon 225 pilotes
2008-10-08 16:18 . 2008-10-08 16:18 <REP> d-------- C:\Program Files\Fichiers communs\France Telecom(2)
2008-10-08 11:28 . 2008-10-08 11:28 <REP> d-------- C:\Program Files\Orange
2008-10-08 11:25 . 2008-10-08 11:25 <REP> d-------- C:\Program Files\CardDetector
2008-10-06 09:24 . 2008-10-06 09:24 <REP> d-------- C:\Documents and Settings\Denis\Application Data\Malwarebytes
2008-10-06 09:24 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-10-06 09:23 . 2008-10-06 09:23 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-06 09:23 . 2008-10-06 09:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-06 09:23 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-10-05 10:54 . 2008-10-05 10:54 <REP> d-------- C:\Program Files\Spyware Terminator
2008-10-05 10:54 . 2008-10-05 10:54 <REP> d-------- C:\Documents and Settings\Denis\Application Data\Spyware Terminator
2008-10-05 10:54 . 2008-10-05 10:54 141,312 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sp_rsdrv2.sys
2008-10-04 17:35 . 2008-10-04 17:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-23 11:51 . 2008-09-23 11:51 <REP> d--hs---- C:\FOUND.000
2008-09-01 10:56 . 2008-04-13 20:45 26,112 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbser.sys
2008-09-01 10:56 . 2008-04-13 20:45 26,112 --a------ C:\WINDOWS\SYSTEM32\dllcache\usbser.sys
2008-09-01 10:55 . 2008-09-01 10:55 0 --ah----- C:\WINDOWS\SYSTEM32\DRIVERS\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-09-01 10:55 . 2008-09-01 10:55 0 --ah----- C:\WINDOWS\SYSTEM32\DRIVERS\Msft_Kernel_ccdcmb_01005.Wdf
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-03 18:12 6,066,176 ------w C:\WINDOWS\SYSTEM32\dllcache\ieframe.dll
2008-09-15 16:26 1,846,528 ----a-w C:\WINDOWS\SYSTEM32\WIN32K.SYS
2008-09-08 11:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-05 22:30 952,360 ------w C:\WINDOWS\SYSTEM32\dllcache\WgaTray.exe
2008-09-05 22:30 267,304 ------w C:\WINDOWS\SYSTEM32\dllcache\wgaLogon.dll
2008-08-31 20:56 79,304 ----a-w C:\Documents and Settings\Denis\Application Data\GDIPFONTCACHEV1.DAT
2008-08-31 20:56 --------- d-----w C:\Documents and Settings\Denis\Application Data\LEA
2008-08-31 20:55 --------- d-----w C:\Program Files\WinPcap
2008-08-31 20:55 --------- d-----w C:\Program Files\LEA
2008-08-31 20:55 --------- d-----w C:\Documents and Settings\Denis\Application Data\SoftPlug
2008-08-31 13:19 --------- d-----w C:\Program Files\Fichiers communs\PCSuite
2008-08-31 13:17 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-08-27 10:11 3,593,216 ----a-w C:\WINDOWS\SYSTEM32\dllcache\mshtml.dll
2008-08-25 09:39 70,656 ------w C:\WINDOWS\SYSTEM32\dllcache\ie4uinit.exe
2008-08-25 09:38 13,824 ------w C:\WINDOWS\SYSTEM32\dllcache\ieudinit.exe
2008-08-23 06:56 635,848 ------w C:\WINDOWS\SYSTEM32\dllcache\iexplore.exe
2008-08-23 06:54 161,792 ----a-w C:\WINDOWS\SYSTEM32\dllcache\ieakui.dll
2008-08-14 14:23 2,191,232 ----a-w C:\WINDOWS\SYSTEM32\ntoskrnl.exe
2008-08-14 14:23 2,068,096 ----a-w C:\WINDOWS\SYSTEM32\ntkrnlpa.exe
2008-08-14 11:04 138,496 ------w C:\WINDOWS\SYSTEM32\dllcache\afd.sys
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\dllcache\cdm.dll
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\cdm.dll
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\wuauclt.exe
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wuauclt.exe
2008-07-18 21:10 45,768 ----a-w C:\WINDOWS\SYSTEM32\wups2.dll
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\wups.dll
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wups.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\wuapi.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wuapi.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\wucltui.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wucltui.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\wuweb.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wuweb.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\wuaueng.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wuaueng.dll
2008-07-18 21:07 270,880 ----a-w C:\WINDOWS\SYSTEM32\mucltui.dll
2008-07-18 21:07 210,976 ----a-w C:\WINDOWS\SYSTEM32\muweb.dll
2008-07-18 19:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-07 21:28 253,952 ----a-w C:\WINDOWS\SYSTEM32\es.dll
2008-07-07 21:28 253,952 ------w C:\WINDOWS\SYSTEM32\dllcache\es.dll
2008-02-28 13:07 75,416 ----a-w C:\Documents and Settings\Michèle\Application Data\GDIPFONTCACHEV1.DAT
2007-07-09 14:56 115 ----a-w C:\Documents and Settings\Michèle\Application Data\fusioncache.dat
2005-11-13 18:45 113 ----a-w C:\Documents and Settings\Denis\Application Data\fusioncache.dat
2005-02-23 06:40 20,480 ----a-w C:\Program Files\Fichiers communs\UninstallDrv.exe
2002-03-21 16:57 271 --sh--w C:\Program Files\desktop.ini
2002-03-21 16:57 23,506 ---h--w C:\Program Files\folder.htt
2002-01-06 00:40 1,789,440 ----a-w C:\Documents and Settings\Denis\FunMagic.exe
2001-03-28 11:02 122,880 ----a-w C:\WINDOWS\INF\Agfa\message.exe
1999-01-10 11:00 34,816 ----a-w C:\Documents and Settings\Denis\Dlportio.dll
1999-01-10 11:00 3,584 ----a-w C:\Documents and Settings\Denis\Dlportio.sys
1997-11-18 10:48 80,896 ----a-w C:\Documents and Settings\Denis\WINSCARD.DLL
2008-06-19 15:40 32,768 --sha-w C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008061920080620\index.dat
.
((((((((((((((((((((((((((((( snapshot@2008-10-30_19.41.32.92 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-30 18:39:04 4,947,968 ------w C:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-30 20:57:58 4,947,968 ------w C:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" [2008-06-19 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-05 68856]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-07-23 98304]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 63712]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-08-11 949376]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-10-05 1783808]
"CardDetectorICON225"="C:\Program Files\CardDetector\ICON225\CardDetector.exe" [2007-11-14 278528]
"Tweak UI"="TWEAKUI.CPL" [2001-02-21 C:\WINDOWS\SYSTEM32\TWEAKUI.CPL]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 C:\WINDOWS\SYSTEM32\bthprops.cpl]
C:\Documents and Settings\MichŠle\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2003-03-09 65588]
C:\Documents and Settings\Denis\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2003-03-09 65588]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
EPSON Status Monitor 3 Environment Check.lnk - C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE [2005-12-26 131584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll
"VIDC.VDOM"= vdowave.drv
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"AtiPTA"=Atiptaxx.exe
"VCDPlayer"="C:\Program Files\VirtualCD3\VCDPlayer.exe" /notool
"SoundMan"=SOUNDMAN.EXE
"UFD Monitor"=C:\Program Files\USB Flash Disk Utility\UFD Utility\UFDMon.exe
"UFD Utility"=C:\Program Files\USB Flash Disk Utility\UFD Utility\USBTD.exe
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
"LoadQM"=loadqm.exe
"Tweak UI"=RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
"autoclk"=autoclk.exe
"POINTER"=point32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\i-Media\\ims.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Fichiers communs\\EPSON\\EBAPI\\eEBAgent.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\eMule\\emule.exe"=
"C:\\Cardsharing\\seca-irdeto-server-client\\tcpcardserver.exe"=
"C:\\Cardsharing\\MoscpheoTurbo_3_1_2\\MoscpheoTurbo_3_1_2\\MoscpheoTurbo.exe"=
"C:\\cardserver\\cardserver.exe"=
"C:\\Cardsharing\\ShareMax4[1].49Beta\\ShareMax.exe"=
"C:\\Cardsharing\\Crypto_Emulator_v7_9\\Crypto Emulator.exe"=
"C:\\Cardsharing\\Humax-cardsharing\\Humax-cardsharing\\cw105.exe"=
"C:\\Cardsharing\\Moscpheo Client-serveur\\Serveur\\MoscpheoTurbo.exe"=
"C:\\Cardsharing\\Jojo\\CS\\CS\\newcs.exe"=
"C:\\WINDOWS\\System32\\rtcshare.exe"=
"C:\\Cardsharing\\Jojo\\CWserver203\\CW203.exe"=
"C:\\Cardsharing\\CWserver203\\CW203.exe"=
"C:\\Cardsharing\\xcwdaemon5a\\xCWDaemon.exe"=
"C:\\Program Files\\adslTV\\vlc.exe"=
"C:\\Program Files\\adslTV\\adslTV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R1 GhPciScan;GhostPciScanner;C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys [2002-08-14 5632]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-10-05 141312]
R2 DLPortIO;DriverLINX Port I/O Driver;C:\WINDOWS\system32\DRIVERS\DLPortIO.SYS [1999-01-10 3584]
S3 AF05BDA;AF9005 BDA Device;C:\WINDOWS\system32\drivers\AF05BDA.sys [2006-03-02 133504]
S3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2004-08-04 327168]
S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 18848]
S3 GT72NDISIPXP;GT 72 IP NDIS;C:\WINDOWS\system32\DRIVERS\Gt51Ip.sys [2007-11-13 95744]
S3 GT72UBUS;GT 72 U BUS;C:\WINDOWS\system32\DRIVERS\gt72ubus.sys [2007-11-13 51968]
S3 GTPTSER;GT PT SER;C:\WINDOWS\system32\DRIVERS\gtptser.sys [2007-11-13 8064]
S3 INFUSB;INFUSB;C:\WINDOWS\system32\drivers\infusb.sys [2002-09-30 11520]
S3 SiBulk;SiBulk;C:\WINDOWS\system32\drivers\smartwi.sys [2005-02-07 46208]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{424bb925-957d-11dd-80a5-00508d47e8fe}]
\Shell\AutoRun\command - G:\AutoRunCardDetector.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86a50cc8-529e-11da-8e56-00508d47e8fe}]
\Shell\AutoRun\command - K:\SETUP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"C:\Program Files\Outlook Express\setup50.exe" /APP:OE /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"C:\Program Files\Outlook Express\setup50.exe" /APP:OE /CALLER:IE50 /user /install
"C:\Program Files\Outlook Express\setup50.exe" /APP:OE /CALLER:WIN9X /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"C:\Program Files\Outlook Express\setup50.exe" /APP:OE /CALLER:IE50 /user /install
"C:\Program Files\Outlook Express\setup50.exe" /APP:OE /CALLER:WIN9X /user /install
"C:\Program Files\Outlook Express\setup50.exe" /APP:OE /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
"C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
"C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
C:\WINDOWS\SYSTEM32\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl
.
Contenu du dossier 'Tâches planifiées'
2008-10-30 C:\WINDOWS\Tasks\Planificateur pour la collecte de données PCHealth.job
- C:\WINDOWS\PCHEALTH\SUPPORT\PCHSCHD.EXE []
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-30 21:58:29
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
------------------------ Autres processus actifs ------------------------
.
C:\PROGRAM FILES\FICHIERS COMMUNS\EPSON\EBAPI\EEBSVC.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE
C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\EPSON\EBAPI\EEBAGENT.EXE
C:\PROGRAM FILES\SYMANTEC\NORTON GHOST 2003\GHOSTS~2.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\LIGHTSCRIBE\LSSRVC.EXE
C:\PROGRAM FILES\ESET\NOD32KRN.EXE
C:\PROGRAM FILES\SPYWARE TERMINATOR\SP_RSSER.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\PROGRAM FILES\WINDOWS LIVE\MESSENGER\MSNMSGR.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
.
**************************************************************************
.
Heure de fin: 2008-10-30 22:03:46 - La machine a redémarré [Denis]
ComboFix-quarantined-files.txt 2008-10-30 21:03:40
ComboFix2.txt 2008-10-30 18:42:08
Avant-CF: 13,980,663,808 octets libres
Après-CF: 13,996,032,000 octets libres
278 --- E O F --- 2008-10-27 16:08:45
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.241 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\Denis\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\Denis\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé
* Resident AV is active
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
FILE ::
C:\WINDOWS\NsUpdate.exe
c:\windows\temp\trickler_bic_gatordm_4010.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-28 au 2008-10-30 ))))))))))))))))))))))))))))))))))))
.
2008-10-30 21:10 . 2008-10-30 21:10 <REP> d-------- C:\ToolBar SD
2008-10-30 19:09 . 2008-10-30 19:09 <REP> d-------- C:\Documents and Settings\Enfants\Application Data\Spyware Terminator
2008-10-30 11:05 . 2008-10-30 11:05 <REP> d-------- C:\Documents and Settings\Denis\Application Data\Grisoft
2008-10-30 11:05 . 2008-10-30 11:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-10-30 11:05 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2008-10-30 01:14 . 2008-10-30 01:14 <REP> d-------- C:\Navipromo
2008-10-30 00:14 . 2008-10-30 00:14 <REP> d-------- C:\rsit
2008-10-30 00:04 . 2008-10-30 00:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\GARMIN
2008-10-30 00:03 . 2008-10-30 00:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-10-29 22:15 . 2008-10-29 22:15 <REP> d-------- C:\Program Files\Navilog1
2008-10-28 16:25 . 2008-10-28 16:25 <REP> d-------- C:\Intel
2008-10-28 13:58 . 2008-10-28 13:58 <REP> d-------- C:\carte mère GIGABYTE GA-8IPE1000-G
2008-10-27 17:08 . 2008-10-27 17:08 142 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.inf
2008-10-24 12:22 . 2008-10-15 18:35 337,408 --------- C:\WINDOWS\SYSTEM32\dllcache\netapi32.dll
2008-10-23 19:00 . 2008-10-23 19:01 <REP> d-------- C:\Program Files\Trend Micro
2008-10-16 12:33 . 2008-08-14 15:23 2,191,232 --------- C:\WINDOWS\SYSTEM32\dllcache\ntoskrnl.exe
2008-10-16 12:33 . 2008-08-14 15:23 2,147,328 --------- C:\WINDOWS\SYSTEM32\dllcache\ntkrnlmp.exe
2008-10-16 12:33 . 2008-08-14 15:23 2,068,096 --------- C:\WINDOWS\SYSTEM32\dllcache\ntkrnlpa.exe
2008-10-16 12:33 . 2008-08-14 15:23 2,025,984 --------- C:\WINDOWS\SYSTEM32\dllcache\ntkrpamp.exe
2008-10-15 20:44 . 2008-09-08 12:41 333,824 --------- C:\WINDOWS\SYSTEM32\dllcache\srv.sys
2008-10-15 20:39 . 2008-09-15 17:26 1,846,528 --------- C:\WINDOWS\SYSTEM32\dllcache\win32k.sys
2008-10-14 05:34 . 2008-10-14 05:34 <REP> d--hs---- C:\FOUND.001
2008-10-12 15:36 . 2008-10-12 22:59 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-10-09 15:25 . 2008-10-09 15:25 62,895 --a------ C:\FT_Splash.img
2008-10-09 15:16 . 2007-11-13 23:29 95,744 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\Gt51Ip.sys
2008-10-09 15:16 . 2007-11-13 23:29 51,968 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\gt72ubus.sys
2008-10-09 15:16 . 2007-11-13 23:29 8,064 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\gtptser.sys
2008-10-09 12:45 . 2008-10-09 12:45 <REP> d-------- C:\Documents and Settings\Michèle\Application Data\Spyware Terminator
2008-10-08 22:49 . 2008-10-08 22:49 <REP> d-------- C:\Icon 225 pilotes
2008-10-08 16:18 . 2008-10-08 16:18 <REP> d-------- C:\Program Files\Fichiers communs\France Telecom(2)
2008-10-08 11:28 . 2008-10-08 11:28 <REP> d-------- C:\Program Files\Orange
2008-10-08 11:25 . 2008-10-08 11:25 <REP> d-------- C:\Program Files\CardDetector
2008-10-06 09:24 . 2008-10-06 09:24 <REP> d-------- C:\Documents and Settings\Denis\Application Data\Malwarebytes
2008-10-06 09:24 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-10-06 09:23 . 2008-10-06 09:23 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-06 09:23 . 2008-10-06 09:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-06 09:23 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-10-05 10:54 . 2008-10-05 10:54 <REP> d-------- C:\Program Files\Spyware Terminator
2008-10-05 10:54 . 2008-10-05 10:54 <REP> d-------- C:\Documents and Settings\Denis\Application Data\Spyware Terminator
2008-10-05 10:54 . 2008-10-05 10:54 141,312 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sp_rsdrv2.sys
2008-10-04 17:35 . 2008-10-04 17:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-23 11:51 . 2008-09-23 11:51 <REP> d--hs---- C:\FOUND.000
2008-09-01 10:56 . 2008-04-13 20:45 26,112 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbser.sys
2008-09-01 10:56 . 2008-04-13 20:45 26,112 --a------ C:\WINDOWS\SYSTEM32\dllcache\usbser.sys
2008-09-01 10:55 . 2008-09-01 10:55 0 --ah----- C:\WINDOWS\SYSTEM32\DRIVERS\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-09-01 10:55 . 2008-09-01 10:55 0 --ah----- C:\WINDOWS\SYSTEM32\DRIVERS\Msft_Kernel_ccdcmb_01005.Wdf
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-03 18:12 6,066,176 ------w C:\WINDOWS\SYSTEM32\dllcache\ieframe.dll
2008-09-15 16:26 1,846,528 ----a-w C:\WINDOWS\SYSTEM32\WIN32K.SYS
2008-09-08 11:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-05 22:30 952,360 ------w C:\WINDOWS\SYSTEM32\dllcache\WgaTray.exe
2008-09-05 22:30 267,304 ------w C:\WINDOWS\SYSTEM32\dllcache\wgaLogon.dll
2008-08-31 20:56 79,304 ----a-w C:\Documents and Settings\Denis\Application Data\GDIPFONTCACHEV1.DAT
2008-08-31 20:56 --------- d-----w C:\Documents and Settings\Denis\Application Data\LEA
2008-08-31 20:55 --------- d-----w C:\Program Files\WinPcap
2008-08-31 20:55 --------- d-----w C:\Program Files\LEA
2008-08-31 20:55 --------- d-----w C:\Documents and Settings\Denis\Application Data\SoftPlug
2008-08-31 13:19 --------- d-----w C:\Program Files\Fichiers communs\PCSuite
2008-08-31 13:17 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-08-27 10:11 3,593,216 ----a-w C:\WINDOWS\SYSTEM32\dllcache\mshtml.dll
2008-08-25 09:39 70,656 ------w C:\WINDOWS\SYSTEM32\dllcache\ie4uinit.exe
2008-08-25 09:38 13,824 ------w C:\WINDOWS\SYSTEM32\dllcache\ieudinit.exe
2008-08-23 06:56 635,848 ------w C:\WINDOWS\SYSTEM32\dllcache\iexplore.exe
2008-08-23 06:54 161,792 ----a-w C:\WINDOWS\SYSTEM32\dllcache\ieakui.dll
2008-08-14 14:23 2,191,232 ----a-w C:\WINDOWS\SYSTEM32\ntoskrnl.exe
2008-08-14 14:23 2,068,096 ----a-w C:\WINDOWS\SYSTEM32\ntkrnlpa.exe
2008-08-14 11:04 138,496 ------w C:\WINDOWS\SYSTEM32\dllcache\afd.sys
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\dllcache\cdm.dll
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\cdm.dll
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\wuauclt.exe
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wuauclt.exe
2008-07-18 21:10 45,768 ----a-w C:\WINDOWS\SYSTEM32\wups2.dll
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\wups.dll
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wups.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\wuapi.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wuapi.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\wucltui.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wucltui.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\wuweb.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wuweb.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\wuaueng.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\dllcache\wuaueng.dll
2008-07-18 21:07 270,880 ----a-w C:\WINDOWS\SYSTEM32\mucltui.dll
2008-07-18 21:07 210,976 ----a-w C:\WINDOWS\SYSTEM32\muweb.dll
2008-07-18 19:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-07 21:28 253,952 ----a-w C:\WINDOWS\SYSTEM32\es.dll
2008-07-07 21:28 253,952 ------w C:\WINDOWS\SYSTEM32\dllcache\es.dll
2008-02-28 13:07 75,416 ----a-w C:\Documents and Settings\Michèle\Application Data\GDIPFONTCACHEV1.DAT
2007-07-09 14:56 115 ----a-w C:\Documents and Settings\Michèle\Application Data\fusioncache.dat
2005-11-13 18:45 113 ----a-w C:\Documents and Settings\Denis\Application Data\fusioncache.dat
2005-02-23 06:40 20,480 ----a-w C:\Program Files\Fichiers communs\UninstallDrv.exe
2002-03-21 16:57 271 --sh--w C:\Program Files\desktop.ini
2002-03-21 16:57 23,506 ---h--w C:\Program Files\folder.htt
2002-01-06 00:40 1,789,440 ----a-w C:\Documents and Settings\Denis\FunMagic.exe
2001-03-28 11:02 122,880 ----a-w C:\WINDOWS\INF\Agfa\message.exe
1999-01-10 11:00 34,816 ----a-w C:\Documents and Settings\Denis\Dlportio.dll
1999-01-10 11:00 3,584 ----a-w C:\Documents and Settings\Denis\Dlportio.sys
1997-11-18 10:48 80,896 ----a-w C:\Documents and Settings\Denis\WINSCARD.DLL
2008-06-19 15:40 32,768 --sha-w C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008061920080620\index.dat
.
((((((((((((((((((((((((((((( snapshot@2008-10-30_19.41.32.92 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-30 18:39:04 4,947,968 ------w C:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-30 20:57:58 4,947,968 ------w C:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" [2008-06-19 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-05 68856]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-07-23 98304]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 63712]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-08-11 949376]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-10-05 1783808]
"CardDetectorICON225"="C:\Program Files\CardDetector\ICON225\CardDetector.exe" [2007-11-14 278528]
"Tweak UI"="TWEAKUI.CPL" [2001-02-21 C:\WINDOWS\SYSTEM32\TWEAKUI.CPL]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 C:\WINDOWS\SYSTEM32\bthprops.cpl]
C:\Documents and Settings\MichŠle\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2003-03-09 65588]
C:\Documents and Settings\Denis\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2003-03-09 65588]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
EPSON Status Monitor 3 Environment Check.lnk - C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE [2005-12-26 131584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll
"VIDC.VDOM"= vdowave.drv
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"AtiPTA"=Atiptaxx.exe
"VCDPlayer"="C:\Program Files\VirtualCD3\VCDPlayer.exe" /notool
"SoundMan"=SOUNDMAN.EXE
"UFD Monitor"=C:\Program Files\USB Flash Disk Utility\UFD Utility\UFDMon.exe
"UFD Utility"=C:\Program Files\USB Flash Disk Utility\UFD Utility\USBTD.exe
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
"LoadQM"=loadqm.exe
"Tweak UI"=RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
"autoclk"=autoclk.exe
"POINTER"=point32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\i-Media\\ims.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Fichiers communs\\EPSON\\EBAPI\\eEBAgent.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\eMule\\emule.exe"=
"C:\\Cardsharing\\seca-irdeto-server-client\\tcpcardserver.exe"=
"C:\\Cardsharing\\MoscpheoTurbo_3_1_2\\MoscpheoTurbo_3_1_2\\MoscpheoTurbo.exe"=
"C:\\cardserver\\cardserver.exe"=
"C:\\Cardsharing\\ShareMax4[1].49Beta\\ShareMax.exe"=
"C:\\Cardsharing\\Crypto_Emulator_v7_9\\Crypto Emulator.exe"=
"C:\\Cardsharing\\Humax-cardsharing\\Humax-cardsharing\\cw105.exe"=
"C:\\Cardsharing\\Moscpheo Client-serveur\\Serveur\\MoscpheoTurbo.exe"=
"C:\\Cardsharing\\Jojo\\CS\\CS\\newcs.exe"=
"C:\\WINDOWS\\System32\\rtcshare.exe"=
"C:\\Cardsharing\\Jojo\\CWserver203\\CW203.exe"=
"C:\\Cardsharing\\CWserver203\\CW203.exe"=
"C:\\Cardsharing\\xcwdaemon5a\\xCWDaemon.exe"=
"C:\\Program Files\\adslTV\\vlc.exe"=
"C:\\Program Files\\adslTV\\adslTV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R1 GhPciScan;GhostPciScanner;C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys [2002-08-14 5632]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-10-05 141312]
R2 DLPortIO;DriverLINX Port I/O Driver;C:\WINDOWS\system32\DRIVERS\DLPortIO.SYS [1999-01-10 3584]
S3 AF05BDA;AF9005 BDA Device;C:\WINDOWS\system32\drivers\AF05BDA.sys [2006-03-02 133504]
S3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2004-08-04 327168]
S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 18848]
S3 GT72NDISIPXP;GT 72 IP NDIS;C:\WINDOWS\system32\DRIVERS\Gt51Ip.sys [2007-11-13 95744]
S3 GT72UBUS;GT 72 U BUS;C:\WINDOWS\system32\DRIVERS\gt72ubus.sys [2007-11-13 51968]
S3 GTPTSER;GT PT SER;C:\WINDOWS\system32\DRIVERS\gtptser.sys [2007-11-13 8064]
S3 INFUSB;INFUSB;C:\WINDOWS\system32\drivers\infusb.sys [2002-09-30 11520]
S3 SiBulk;SiBulk;C:\WINDOWS\system32\drivers\smartwi.sys [2005-02-07 46208]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{424bb925-957d-11dd-80a5-00508d47e8fe}]
\Shell\AutoRun\command - G:\AutoRunCardDetector.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86a50cc8-529e-11da-8e56-00508d47e8fe}]
\Shell\AutoRun\command - K:\SETUP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"C:\Program Files\Outlook Express\setup50.exe" /APP:OE /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"C:\Program Files\Outlook Express\setup50.exe" /APP:OE /CALLER:IE50 /user /install
"C:\Program Files\Outlook Express\setup50.exe" /APP:OE /CALLER:WIN9X /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"C:\Program Files\Outlook Express\setup50.exe" /APP:OE /CALLER:IE50 /user /install
"C:\Program Files\Outlook Express\setup50.exe" /APP:OE /CALLER:WIN9X /user /install
"C:\Program Files\Outlook Express\setup50.exe" /APP:OE /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
"C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
"C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
C:\WINDOWS\SYSTEM32\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl
.
Contenu du dossier 'Tâches planifiées'
2008-10-30 C:\WINDOWS\Tasks\Planificateur pour la collecte de données PCHealth.job
- C:\WINDOWS\PCHEALTH\SUPPORT\PCHSCHD.EXE []
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-30 21:58:29
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
------------------------ Autres processus actifs ------------------------
.
C:\PROGRAM FILES\FICHIERS COMMUNS\EPSON\EBAPI\EEBSVC.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE
C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\EPSON\EBAPI\EEBAGENT.EXE
C:\PROGRAM FILES\SYMANTEC\NORTON GHOST 2003\GHOSTS~2.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\LIGHTSCRIBE\LSSRVC.EXE
C:\PROGRAM FILES\ESET\NOD32KRN.EXE
C:\PROGRAM FILES\SPYWARE TERMINATOR\SP_RSSER.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\PROGRAM FILES\WINDOWS LIVE\MESSENGER\MSNMSGR.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
.
**************************************************************************
.
Heure de fin: 2008-10-30 22:03:46 - La machine a redémarré [Denis]
ComboFix-quarantined-files.txt 2008-10-30 21:03:40
ComboFix2.txt 2008-10-30 18:42:08
Avant-CF: 13,980,663,808 octets libres
Après-CF: 13,996,032,000 octets libres
278 --- E O F --- 2008-10-27 16:08:45
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 290
30 oct. 2008 à 22:23
30 oct. 2008 à 22:23
--> Télécharge UsbFix (de Chiquitine29) sur ton Bureau :
http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe
--> Lance l'installation avec les paramètres par défaut.
--> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.
--> Double-clique sur le raccourci UsbFix sur ton Bureau.
--> Le PC va redémarrer.
--> Après redémarrage, poste le rapport UsbFix.txt
Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.
(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide)
http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe
--> Lance l'installation avec les paramètres par défaut.
--> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.
--> Double-clique sur le raccourci UsbFix sur ton Bureau.
--> Le PC va redémarrer.
--> Après redémarrage, poste le rapport UsbFix.txt
Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.
(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide)
-------------- UsbFix V2.395 ---------------
* User : Denis - GOUPILDE
* Outils mis a jours le 27/10/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 22:31:42 le 30/10/2008
* Windows Xp - Internet Explorer 7.0.5730.11
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\WgaTray.exe
C:\DOCUME~1\Denis\LOCALS~1\Temp\1.tmp\b2e.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
--------------- [ Informations lecteurs ] ----------------
C: - Lecteur fixe
G: - Lecteur amovible
I: - Lecteur amovible
--------------- [ Registre / Startup ] ----------------
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
type32 REG_SZ "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
IntelliPoint REG_SZ "C:\Program Files\Microsoft IntelliPoint\point32.exe"
Tweak UI REG_SZ RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
Adobe Photo Downloader REG_SZ "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
nod32kui REG_SZ "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
BluetoothAuthenticationAgent REG_SZ rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
SpywareTerminator REG_SZ "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
CardDetectorICON225 REG_SZ C:\Program Files\CardDetector\ICON225\CardDetector.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
msnmsgr REG_SZ "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PC Suite Tray REG_SZ "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
--------------- [ Registre / Mountpoint2 ] ----------------
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{424bb925-957d-11dd-80a5-00508d47e8fe}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\denis\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{424bb925-957d-11dd-80a5-00508d47e8fe}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-1659004503-616249376-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{424bb925-957d-11dd-80a5-00508d47e8fe}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{86a50cc8-529e-11da-8e56-00508d47e8fe}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\denis\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{86a50cc8-529e-11da-8e56-00508d47e8fe}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-1659004503-616249376-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{86a50cc8-529e-11da-8e56-00508d47e8fe}\Shell\AutoRun\command
--------------- [ Nettoyage des disques ] ----------------
Echec de la supression !! - G:\VB6FR.DLL
--------------- ! Fin du rapport ! ----------------
* User : Denis - GOUPILDE
* Outils mis a jours le 27/10/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 22:31:42 le 30/10/2008
* Windows Xp - Internet Explorer 7.0.5730.11
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\WgaTray.exe
C:\DOCUME~1\Denis\LOCALS~1\Temp\1.tmp\b2e.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
--------------- [ Informations lecteurs ] ----------------
C: - Lecteur fixe
G: - Lecteur amovible
I: - Lecteur amovible
--------------- [ Registre / Startup ] ----------------
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
type32 REG_SZ "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
IntelliPoint REG_SZ "C:\Program Files\Microsoft IntelliPoint\point32.exe"
Tweak UI REG_SZ RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
Adobe Photo Downloader REG_SZ "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
nod32kui REG_SZ "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
BluetoothAuthenticationAgent REG_SZ rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
SpywareTerminator REG_SZ "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
CardDetectorICON225 REG_SZ C:\Program Files\CardDetector\ICON225\CardDetector.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
msnmsgr REG_SZ "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PC Suite Tray REG_SZ "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
--------------- [ Registre / Mountpoint2 ] ----------------
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{424bb925-957d-11dd-80a5-00508d47e8fe}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\denis\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{424bb925-957d-11dd-80a5-00508d47e8fe}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-1659004503-616249376-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{424bb925-957d-11dd-80a5-00508d47e8fe}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{86a50cc8-529e-11da-8e56-00508d47e8fe}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\denis\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{86a50cc8-529e-11da-8e56-00508d47e8fe}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-1659004503-616249376-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{86a50cc8-529e-11da-8e56-00508d47e8fe}\Shell\AutoRun\command
--------------- [ Nettoyage des disques ] ----------------
Echec de la supression !! - G:\VB6FR.DLL
--------------- ! Fin du rapport ! ----------------
j'ai viré VB6FR.DLL à la main: c'était un dossier vide
Après quelques temps de surf sur le net, pas de fenêtres intempestives !!!
Je crois que tu as fait un sacré nettoyage sur ma machine.
Après quelques temps de surf sur le net, pas de fenêtres intempestives !!!
Je crois que tu as fait un sacré nettoyage sur ma machine.
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 290
30 oct. 2008 à 23:06
30 oct. 2008 à 23:06
VB6FR.DLL ---> C'est un fichier pas un dossier.
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 290
31 oct. 2008 à 17:02
31 oct. 2008 à 17:02
---> Désinstalle UsbFix.
---> Poste un nouveau rapport HijackThis.
---> Poste un nouveau rapport HijackThis.
UsbFix désinstallé
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:43:20, on 31/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBAgent.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\CardDetector\ICON225\CardDetector.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.findthewebsiteyouneed.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PREAT IE LightFrame - {43D29D14-460E-4F3A-9037-E60F11EF12F0} - C:\WINDOWS\SYSTEM32\LightFrameIECOM.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [CardDetectorICON225] C:\Program Files\CardDetector\ICON225\CardDetector.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.25.152/code/PWActiveXImgCtl.CAB
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {826287F8-454E-11D9-ADFE-00062919A34C} (ActiveXUploadFotoCom.UserCtrlFotoCom) - http://express.foto.com/activeX/newUploadFotoCom.CAB
O16 - DPF: {87DB35BC-9DB6-11D3-9356-00A0C9B760DB} (Rte Documat DataTable Control) - http://cabs.rte.fr/RteDataTableMFC.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D6ED542B-6339-11D2-91A8-00A0C9B760DB} (RteDocumatDoc Control) - http://cabs.rte.fr/RteAllCabsMFC.cab
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EpsonBidirectionalAgent - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBAgent.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:43:20, on 31/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBAgent.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\CardDetector\ICON225\CardDetector.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.findthewebsiteyouneed.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PREAT IE LightFrame - {43D29D14-460E-4F3A-9037-E60F11EF12F0} - C:\WINDOWS\SYSTEM32\LightFrameIECOM.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [CardDetectorICON225] C:\Program Files\CardDetector\ICON225\CardDetector.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.25.152/code/PWActiveXImgCtl.CAB
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {826287F8-454E-11D9-ADFE-00062919A34C} (ActiveXUploadFotoCom.UserCtrlFotoCom) - http://express.foto.com/activeX/newUploadFotoCom.CAB
O16 - DPF: {87DB35BC-9DB6-11D3-9356-00A0C9B760DB} (Rte Documat DataTable Control) - http://cabs.rte.fr/RteDataTableMFC.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D6ED542B-6339-11D2-91A8-00A0C9B760DB} (RteDocumatDoc Control) - http://cabs.rte.fr/RteAllCabsMFC.cab
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EpsonBidirectionalAgent - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBAgent.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 290
31 oct. 2008 à 22:52
31 oct. 2008 à 22:52
---> Mets à jour Java :
https://www.java.com/fr/download/manual.jsp
---> Relance HijackThis et choisis Do a system scan only
---> Coche les cases qui sont devant les lignes suivantes :
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.findthewebsiteyouneed.com/
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.25.152/code/PWActiveXImgCtl.CAB
---> Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.
---> Redémarre ton PC et poste un nouveau rapport HijackThis.
https://www.java.com/fr/download/manual.jsp
---> Relance HijackThis et choisis Do a system scan only
---> Coche les cases qui sont devant les lignes suivantes :
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.findthewebsiteyouneed.com/
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.25.152/code/PWActiveXImgCtl.CAB
---> Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.
---> Redémarre ton PC et poste un nouveau rapport HijackThis.
Java mis à jour
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:19:39, on 01/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\CardDetector\ICON225\CardDetector.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBAgent.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.findthewebsiteyouneed.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PREAT IE LightFrame - {43D29D14-460E-4F3A-9037-E60F11EF12F0} - C:\WINDOWS\SYSTEM32\LightFrameIECOM.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [CardDetectorICON225] C:\Program Files\CardDetector\ICON225\CardDetector.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {826287F8-454E-11D9-ADFE-00062919A34C} (ActiveXUploadFotoCom.UserCtrlFotoCom) - http://express.foto.com/activeX/newUploadFotoCom.CAB
O16 - DPF: {87DB35BC-9DB6-11D3-9356-00A0C9B760DB} (Rte Documat DataTable Control) - http://cabs.rte.fr/RteDataTableMFC.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D6ED542B-6339-11D2-91A8-00A0C9B760DB} (RteDocumatDoc Control) - http://cabs.rte.fr/RteAllCabsMFC.cab
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EpsonBidirectionalAgent - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBAgent.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:19:39, on 01/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\CardDetector\ICON225\CardDetector.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBAgent.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.findthewebsiteyouneed.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PREAT IE LightFrame - {43D29D14-460E-4F3A-9037-E60F11EF12F0} - C:\WINDOWS\SYSTEM32\LightFrameIECOM.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [CardDetectorICON225] C:\Program Files\CardDetector\ICON225\CardDetector.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {826287F8-454E-11D9-ADFE-00062919A34C} (ActiveXUploadFotoCom.UserCtrlFotoCom) - http://express.foto.com/activeX/newUploadFotoCom.CAB
O16 - DPF: {87DB35BC-9DB6-11D3-9356-00A0C9B760DB} (Rte Documat DataTable Control) - http://cabs.rte.fr/RteDataTableMFC.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D6ED542B-6339-11D2-91A8-00A0C9B760DB} (RteDocumatDoc Control) - http://cabs.rte.fr/RteAllCabsMFC.cab
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EpsonBidirectionalAgent - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBAgent.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe