Pc infecté (avast n'est pas appli win32 valid
rastarocketer
Messages postés
3
Statut
Membre
-
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
merci à ceux qui prendront un peu de temps à me lire....
Alors voila j'ai du infecter ma machine avec un DL car avast ne s'ouvre plus et me dit : n'est pas une appli Win32 valide
de plus les logiciels Flash8 et dreamweaver ne s'ouvrent plus
et aussi les liens recus par mails ouvrent le navigateur mais n'affiche rien...
En fait j'ai telechargé un logiciel pour faire des fonds d'ecran mais celui ci a travaillé en fond et plus rien...
J'ai suivi les conseils lus sur le net et j'ai installé ComboFix
Voici le rapport...Si quelqu'un peut m'aider
Un grand merci/avance
ComboFix 08-11-14.01 - m 2008-11-16 13:28:13.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1733 [GMT 1:00]
Commutateurs utilisés :: c:\documents and settings\m\Bureau\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\m\Application Data\addon.dat
c:\documents and settings\m\Application Data\m
c:\documents and settings\m\Application Data\m\flec006.exe
c:\documents and settings\m\Application Data\m\shared\2003 FasterInternet PRO 1.0.zip
c:\documents and settings\m\Application Data\m\shared\3DM_Export_for_Solid_Edge_1.0.zip
c:\documents and settings\m\Application Data\m\shared\8BallClub_Online_Billiards_1.zip
c:\documents and settings\m\Application Data\m\shared\A-one_DVD_to_3GP_Ripper_6.40.zip
c:\documents and settings\m\Application Data\m\shared\A.M.L. - Full Edition
c:\documents and settings\m\Application Data\m\shared\Acala_DVD_to_Pocket_PC_Movie_2.4.2.zip
c:\documents and settings\m\Application Data\m\shared\Advanced_RSS_Mixer_Professional_3.1.58.zip
c:\documents and settings\m\Application Data\m\shared\Amic_Video_Converter_2.0_Cracked.zip
c:\documents and settings\m\Application Data\m\shared\Another IE Popup Killer 2.00.zip
c:\documents and settings\m\Application Data\m\shared\Art of Sargent Screensaver.zip
c:\documents and settings\m\Application Data\m\shared\Audio_File_Converter_1.0.zip
c:\documents and settings\m\Application Data\m\shared\AVIFrate_1.0.zip
c:\documents and settings\m\Application Data\m\shared\Balloon_Browser_0.4.2.zip
c:\documents and settings\m\Application Data\m\shared\Battlefield_Vietnam_Dawn_of_Fate_Map_Pack.zip
c:\documents and settings\m\Application Data\m\shared\BazaarBuilder 4.0.zip
c:\documents and settings\m\Application Data\m\shared\Better_Gmail_1.0.zip
c:\documents and settings\m\Application Data\m\shared\Binary_File_Splitter_1.0.zip
c:\documents and settings\m\Application Data\m\shared\Brilliant Database Professional 7.1.zip
c:\documents and settings\m\Application Data\m\shared\Build-in_RSS_Client_1.0.2.294_[Serial].zip
c:\documents and settings\m\Application Data\m\shared\Ccy_Wallpaper_Changer_Pro_2.2.2_[With_Crack].zip
c:\documents and settings\m\Application Data\m\shared\Chameleon_Calendar_1.0_[Key].zip
c:\documents and settings\m\Application Data\m\shared\Check_Favorites_1.7_[Key+Serial].zip
c:\documents and settings\m\Application Data\m\shared\Chord_Alchemy_3.3.zip
c:\documents and settings\m\Application Data\m\shared\Clock XP 2003 20.3.zip
c:\documents and settings\m\Application Data\m\shared\CoderForm_3.0.zip
c:\documents and settings\m\Application Data\m\shared\CompactCharge 2.0.zip
c:\documents and settings\m\Application Data\m\shared\CoolWWWSearch SmartKiller MiniRemoval 1.0.zip
c:\documents and settings\m\Application Data\m\shared\DAD'S RECIPE 1.5.zip
c:\documents and settings\m\Application Data\m\shared\Data Protection Software 1.46 (Serial).zip
c:\documents and settings\m\Application Data\m\shared\Displaying
c:\documents and settings\m\Application Data\m\shared\Distribute_Virtual_Disk_Enterprise_1.4_Crack.zip
c:\documents and settings\m\Application Data\m\shared\Emailarchitect Email Server 7.5.zip
c:\documents and settings\m\Application Data\m\shared\EMS_SQL_Manager_2005_for_InterBase_and_Firebird_4.3.zip
c:\documents and settings\m\Application Data\m\shared\Equalizer Recorder 1.0.zip
c:\documents and settings\m\Application Data\m\shared\ESC_LoanCalc_1.2.zip
c:\documents and settings\m\Application Data\m\shared\Exit_Button_Thunderbird_0.5.zip
c:\documents and settings\m\Application Data\m\shared\Export Query to XML for SQL server 1.04.00.zip
c:\documents and settings\m\Application Data\m\shared\ExpressMirror 3.6.1.zip
c:\documents and settings\m\Application Data\m\shared\Fresh_Killed_Beats_1.2.zip
c:\documents and settings\m\Application Data\m\shared\Gathering_Clouds_Screen_Saver_2.0.zip
c:\documents and settings\m\Application Data\m\shared\Ghost MP3 CD Maker 2.0 (KeyGen).zip
c:\documents and settings\m\Application Data\m\shared\Happy Birthday Screensaver.zip
c:\documents and settings\m\Application Data\m\shared\High Visibility Animated Cursors 2.0c.zip
c:\documents and settings\m\Application Data\m\shared\HomeKey 96.5.zip
c:\documents and settings\m\Application Data\m\shared\HR_Control_Centre_5.0.zip
c:\documents and settings\m\Application Data\m\shared\IBFirstAID_Diagnostician_1.9.zip
c:\documents and settings\m\Application Data\m\shared\iControl 1.2.1.zip
c:\documents and settings\m\Application Data\m\shared\ICQ Message Sender 2.1.zip
c:\documents and settings\m\Application Data\m\shared\Infiltration_Recovery_Tool_1.0.zip
c:\documents and settings\m\Application Data\m\shared\Jamail_3.0.1.65.zip
c:\documents and settings\m\Application Data\m\shared\Jupsat screensaver 1.0.zip
c:\documents and settings\m\Application Data\m\shared\Kaspersky.Personal.Security.Suite.+.antispam.+.antihacker.+.keys.2007.zip
c:\documents and settings\m\Application Data\m\shared\Keyhole Spy 1.12.zip
c:\documents and settings\m\Application Data\m\shared\LinearMath (Nokia Series 40) 1.zip
c:\documents and settings\m\Application Data\m\shared\LingvoSoft_Dictionary_2007_English_-_Azerbaijani_4.0.22.zip
c:\documents and settings\m\Application Data\m\shared\localTrezor 1.0.8.zip
c:\documents and settings\m\Application Data\m\shared\Lottoree 6.zip
c:\documents and settings\m\Application Data\m\shared\MB_Free_Birth_Star_1.0.zip
c:\documents and settings\m\Application Data\m\shared\MDK_demo_3.0.zip
c:\documents and settings\m\Application Data\m\shared\MemDB_Barcode_Maker_1.0_(Key+Serial).zip
c:\documents and settings\m\Application Data\m\shared\Mini-Bizz Invoicer 3.0a.zip
c:\documents and settings\m\Application Data\m\shared\MobiRise 3GP Converter 1.10.zip
c:\documents and settings\m\Application Data\m\shared\MP3_EasySplitter_2.14_[Patch].zip
c:\documents and settings\m\Application Data\m\shared\MP3_Recorder_XP_1.9.zip
c:\documents and settings\m\Application Data\m\shared\Network_Drive_Manager_2.4.0.zip
c:\documents and settings\m\Application Data\m\shared\No_Hawkers_-_AntiSpam_1.0.0.2a.zip
c:\documents and settings\m\Application Data\m\shared\NTFS Recovery Wizard 1.7.1.0.zip
c:\documents and settings\m\Application Data\m\shared\NTFSRatio 1.3.0.0.zip
c:\documents and settings\m\Application Data\m\shared\OSDeploy_1.0.2.zip
c:\documents and settings\m\Application Data\m\shared\Page2CHM 2.7a.zip
c:\documents and settings\m\Application Data\m\shared\Paint-By-Grids_3.0.2406.zip
c:\documents and settings\m\Application Data\m\shared\Panda.Titanium.Antivirus.Plus.Antispyware.20065.02.01.Multilanguage.3.WinALL.RETAIL-ARN.zip
c:\documents and settings\m\Application Data\m\shared\Panda_Screensaver_1.0.zip
c:\documents and settings\m\Application Data\m\shared\Panzer_Dragoon_demo.zip
c:\documents and settings\m\Application Data\m\shared\PCS_Backup_Agent_1.0.001.zip
c:\documents and settings\m\Application Data\m\shared\Personal_Antispy_1.3.zip
c:\documents and settings\m\Application Data\m\shared\PhoneB_1.0.2.zip
c:\documents and settings\m\Application Data\m\shared\PixGPS_1.0.2.zip
c:\documents and settings\m\Application Data\m\shared\Pop-Up_Stopper_Professional_1.80.1.zip
c:\documents and settings\m\Application Data\m\shared\PowerPPT2Swf_2.0.0.5_Serial.zip
c:\documents and settings\m\Application Data\m\shared\Privoxy_3.0.5.zip
c:\documents and settings\m\Application Data\m\shared\PsMan 1.0.0.2.zip
c:\documents and settings\m\Application Data\m\shared\QuickFormz_1.0.5.zip
c:\documents and settings\m\Application Data\m\shared\QuickWrite S60 (English - French) 2.2.zip
c:\documents and settings\m\Application Data\m\shared\Reach-a-Mail 2.83.zip
c:\documents and settings\m\Application Data\m\shared\Remedy.FM 2.0.zip
c:\documents and settings\m\Application Data\m\shared\RHPortal 1.0.zip
c:\documents and settings\m\Application Data\m\shared\RocketMouse 99 4.52.zip
c:\documents and settings\m\Application Data\m\shared\SantaClaus_Hat_Icons.zip
c:\documents and settings\m\Application Data\m\shared\Savings_Calculator_1.0.zip
c:\documents and settings\m\Application Data\m\shared\Secret_Caretaker_1.0.1032.27992.zip
c:\documents and settings\m\Application Data\m\shared\SendLater 2.04.0636.zip
c:\documents and settings\m\Application Data\m\shared\ShixxNOTE_Lite_5.home.zip
c:\documents and settings\m\Application Data\m\shared\SimSpeech 1.0.zip
c:\documents and settings\m\Application Data\m\shared\SMS PC text to Mobile 1.01.zip
c:\documents and settings\m\Application Data\m\shared\SoftCare_Overset_Manager_CS2_4.0.zip
c:\documents and settings\m\Application Data\m\shared\Space News 1.0.0.0.zip
c:\documents and settings\m\Application Data\m\shared\SpeedTrace Pro 2.00.zip
c:\documents and settings\m\Application Data\m\shared\St. Croix Live Harbor Cam 1.25.zip
c:\documents and settings\m\Application Data\m\shared\STLport 5.1.4.zip
c:\documents and settings\m\Application Data\m\shared\Sunbelt_Network_Security_Inspector_1.6.57.zip
c:\documents and settings\m\Application Data\m\shared\Sunflowers Screensaver1 1.0.zip
c:\documents and settings\m\Application Data\m\shared\Surf Safe Pilot 1.11.zip
c:\documents and settings\m\Application Data\m\shared\Synapse_1.0.zip
c:\documents and settings\m\Application Data\m\shared\SyncFolders_1.3.zip
c:\documents and settings\m\Application Data\m\shared\TAPI_Modem_ActiveX_1.0_(Crack).zip
c:\documents and settings\m\Application Data\m\shared\Terminal_Server_Console_TSCon_2.7_[Key+Serial].zip
c:\documents and settings\m\Application Data\m\shared\The Space Heater 1.0.zip
c:\documents and settings\m\Application Data\m\shared\The_Complete_Genealogy_Reporter_2008_Build_70808_(Serial).zip
c:\documents and settings\m\Application Data\m\shared\Timesheet Constructor 4.2.zip
c:\documents and settings\m\Application Data\m\shared\TimeWatch1_2.01.zip
c:\documents and settings\m\Application Data\m\shared\Tiny_Dialer_1.2_[Cracked].zip
c:\documents and settings\m\Application Data\m\shared\Tropical_Birds_ScreenSaver_1.0_KeyGen.zip
c:\documents and settings\m\Application Data\m\shared\Unreal Tournament 2003- Dark-Room map.zip
c:\documents and settings\m\Application Data\m\shared\vCard_Wizard_2.21.0080.zip
c:\documents and settings\m\Application Data\m\shared\Video_Randomizer_1.0_KeyGen.zip
c:\documents and settings\m\Application Data\m\shared\View_Source_Choice_0.3.1.zip
c:\documents and settings\m\Application Data\m\shared\VIP Task Manager Standard Edition 3.5.1 Build 523.zip
c:\documents and settings\m\Application Data\m\shared\VSPopUp_1.1.zip
c:\documents and settings\m\Application Data\m\shared\Wallperizer_1.2.1.zip
c:\documents and settings\m\Application Data\m\shared\Warcraft III - Frogger map.zip
c:\documents and settings\m\Application Data\m\shared\Web Security Guard 4.5.0.70.zip
c:\documents and settings\m\Application Data\m\shared\Windows MultiEnhancer 8.7.zip
c:\documents and settings\m\Application Data\m\shared\Windows_Mess_Cleaner_1.00.zip
c:\documents and settings\m\Application Data\m\shared\WinFuture xp-Iso-Builder 3.0.5.zip
c:\documents and settings\m\Application Data\m\shared\WPCREDIT_1.4.zip
c:\documents and settings\m\Application Data\m\shared\XJS for Windows 1.4.zip
c:\documents and settings\m\Application Data\m\shared\Zoekbank Toolbar 1.1.zip
C:\InfoSat.txt
c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
c:\windows\IE4 Error Log.txt
c:\windows\system32\drivers\downld
c:\windows\system32\drivers\downld\103406.exe
c:\windows\system32\drivers\downld\105468.exe
c:\windows\system32\drivers\downld\110890.exe
c:\windows\system32\drivers\downld\118609.exe
c:\windows\system32\drivers\downld\123750.exe
c:\windows\system32\drivers\downld\128062.exe
c:\windows\system32\drivers\downld\138468.exe
c:\windows\system32\drivers\downld\227968.exe
c:\windows\system32\drivers\downld\230218.exe
c:\windows\system32\drivers\downld\249859.exe
c:\windows\system32\drivers\downld\251406.exe
c:\windows\system32\drivers\downld\261078.exe
c:\windows\system32\drivers\downld\267203.exe
c:\windows\system32\drivers\downld\272062.exe
c:\windows\system32\drivers\downld\278265.exe
c:\windows\system32\drivers\downld\282187.exe
c:\windows\system32\drivers\downld\296750.exe
c:\windows\system32\drivers\downld\300281.exe
c:\windows\system32\drivers\downld\307796.exe
c:\windows\system32\drivers\downld\307953.exe
c:\windows\system32\drivers\downld\311265.exe
c:\windows\system32\drivers\downld\312406.exe
c:\windows\system32\drivers\downld\327265.exe
c:\windows\system32\drivers\downld\353265.exe
c:\windows\system32\drivers\downld\358109.exe
c:\windows\system32\drivers\downld\373281.exe
c:\windows\system32\drivers\downld\383125.exe
c:\windows\system32\drivers\downld\390687.exe
c:\windows\system32\drivers\downld\447468.exe
c:\windows\system32\drivers\downld\455843.exe
c:\windows\system32\drivers\downld\469093.exe
c:\windows\system32\drivers\downld\539468.exe
c:\windows\system32\drivers\downld\561875.exe
c:\windows\system32\drivers\downld\72250.exe
c:\windows\system32\drivers\downld\74312.exe
c:\windows\system32\drivers\downld\87671.exe
c:\windows\system32\drivers\downld\93250.exe
c:\windows\system32\drivers\downld\97743734.exe
c:\windows\system32\drivers\downld\97745343.exe
c:\windows\system32\drivers\downld\97758187.exe
c:\windows\system32\drivers\downld\97762890.exe
c:\windows\system32\drivers\downld\97769515.exe
c:\windows\system32\drivers\downld\97778421.exe
c:\windows\system32\drivers\downld\97787843.exe
c:\windows\system32\drivers\downld\99140.exe
c:\windows\system32\drivers\srosa.sys
c:\windows\system32\drivers\winfilse.exe
c:\windows\system32\mdelk.exe
c:\windows\system32\MSINET.oca
c:\windows\system32\tmp84.tmp
c:\windows\system32\tmp85.tmp
c:\windows\system32\wintems.exe
----- BITS: Il y a peut-être des sites infectés -----
hxxp://designer.extrafilm.fr
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_SROSA
-------\Legacy_SROSA
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-16 au 2008-11-16 ))))))))))))))))))))))))))))))))))))
.
2008-11-16 12:53 . 2008-11-16 12:54 <REP> d-------- c:\program files\Spybot - Search & Destroy
2008-11-16 12:53 . 2008-11-16 12:53 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-16 07:53 . 2008-11-16 12:25 7,168 --a------ c:\windows\system32\drivers\srosa2.sys
2008-11-13 13:41 . 2008-11-16 11:41 <REP> d-------- c:\program files\Amara - Flash Slide Show Builder
2008-11-13 13:40 . 2008-11-13 19:04 <REP> d-------- c:\program files\Amara - Flash News Ticker
2008-11-13 13:39 . 2008-11-13 19:11 <REP> d-------- c:\program files\Amara - Flash Intro and Banner Builder
2008-11-13 13:28 . 2008-11-13 19:25 <REP> d-------- c:\program files\Amara - Flash Photo Animation Software
2008-11-13 13:26 . 2008-11-16 08:38 <REP> d-------- c:\program files\Amara - Flash Menu Builder
2008-11-12 18:30 . 2008-11-12 18:30 <REP> d-------- c:\documents and settings\All Users\Application Data\Anvsoft
2008-11-12 18:29 . 2008-11-12 18:29 <REP> d-------- c:\program files\Common Files
2008-11-11 11:28 . 2008-11-11 11:28 <REP> d-------- c:\program files\Eltima Software
2008-11-11 04:14 . 2008-11-15 15:40 <REP> d-------- c:\documents and settings\m\Application Data\gtk-2.0
2008-11-10 17:00 . 2008-11-10 17:00 <REP> d-------- c:\program files\SourceTec
2008-11-10 11:13 . 2008-11-11 11:28 125 --a------ c:\windows\fd3.INI
2008-11-10 08:03 . 2008-11-16 11:47 <REP> d-------- c:\program files\Fichiers communs\Macromedia
2008-11-09 18:06 . 2008-11-09 18:06 <REP> d-------- c:\documents and settings\m\Application Data\3DFA
2008-11-09 08:42 . 2008-11-09 08:45 <REP> d-------- c:\program files\Save Flash
2008-11-02 17:07 . 2008-11-11 11:28 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-11-02 17:07 . 2008-11-02 17:14 67 --a------ c:\windows\iltwain.ini
2008-11-01 15:12 . 2008-11-01 15:12 <REP> d-------- c:\windows\Logs
2008-11-01 12:08 . 2008-11-01 12:09 <REP> d-------- c:\program files\PhotoFiltre Studio
2008-11-01 12:08 . 2008-11-01 12:08 45 ---h----- c:\windows\dsys8990.dat
2008-11-01 12:04 . 2008-11-01 12:04 <REP> d-------- c:\documents and settings\m\.thumbnails
2008-11-01 12:03 . 2008-11-15 15:40 <REP> d-------- c:\documents and settings\m\.gimp-2.6
2008-11-01 12:03 . 2008-11-01 12:03 <REP> d-------- c:\documents and settings\m\.gegl-0.0
2008-11-01 12:02 . 2008-11-01 12:02 <REP> d-------- c:\program files\Gimp-2.0
2008-10-31 17:40 . 2008-11-01 16:15 109 --a------ c:\windows\disney.ini
2008-10-28 19:10 . 2008-10-28 19:10 <REP> d-------- c:\program files\Fichiers communs\Macrovision Shared
2008-10-28 19:10 . 2008-10-28 19:10 <REP> d-------- c:\documents and settings\All Users\Application Data\Macrovision
2008-10-28 19:09 . 2008-10-28 19:09 54,784 --a------ c:\windows\system32\drivers\CDAC11BA.EXE
2008-10-28 19:09 . 2008-10-28 19:09 12,464 --a------ c:\windows\system32\drivers\CdaC15BA.SYS
2008-10-28 18:08 . 2008-10-28 18:08 <REP> d-------- c:\documents and settings\m\Application Data\ExtraFilm
2008-10-28 18:07 . 2008-10-28 18:10 <REP> d-------- c:\program files\Extrafilm Designer FR
2008-10-28 18:07 . 2008-10-28 18:10 <REP> d-------- c:\documents and settings\All Users\Application Data\ExtraFilm
2008-10-28 18:07 . 2008-10-28 18:07 1,700,352 --a------ c:\windows\system32\gdiplus.dll
2008-10-17 17:18 . 2008-10-17 17:18 <REP> d-------- c:\windows\system32\xlive
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-16 08:55 --------- d-----w c:\program files\PowerArchiver
2008-11-16 08:33 --------- d-----w c:\program files\eMule
2008-11-12 17:40 --------- d-----w c:\program files\WinFax eXPert
2008-11-12 17:40 --------- d-----w c:\program files\Media Player Classic
2008-11-12 17:40 --------- d-----w c:\program files\LiveUpdate
2008-11-12 17:40 --------- d-----w c:\program files\DMV2007
2008-11-12 17:40 --------- d-----w c:\program files\DivX
2008-11-10 15:58 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-10 05:50 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-11-09 13:23 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-08 07:25 --------- d-----w c:\program files\MSN Messenger
2008-11-08 07:25 --------- d-----w c:\program files\Messenger Plus! Live
2008-11-01 16:29 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-01 16:29 103,736 ----a-w c:\windows\system32\PnkBstrB.exe
2008-11-01 16:08 --------- d-----w c:\documents and settings\All Users\Application Data\Codemasters
2008-11-01 15:43 444,952 ----a-w c:\windows\system32\wrap_oal.dll
2008-11-01 15:43 109,080 ----a-w c:\windows\system32\OpenAL32.dll
2008-10-19 14:20 --------- d-----w c:\documents and settings\m\Application Data\Faces
2008-10-08 16:22 --------- d-----w c:\program files\Star Defender 3
2008-10-04 18:39 --------- d-----w c:\documents and settings\m\Application Data\DivX
2008-09-16 00:14 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-09-16 00:14 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-09-16 00:12 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-09-16 00:12 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-09-16 00:12 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-09-16 00:12 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
2008-09-16 00:12 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-09-16 00:12 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-09-16 00:12 294,912 ----a-w c:\windows\system32\dpu10.dll
2008-09-16 00:12 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-16 00:12 196,608 ----a-w c:\windows\system32\dtu100.dll
2008-09-16 00:12 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-16 00:11 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-09-16 00:11 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-09-16 00:11 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-09-16 00:11 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-09-16 00:11 683,520 ----a-w c:\windows\system32\DivX.dll
2008-09-16 00:11 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-16 00:11 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-06-21 14:47 24,192 ----a-w c:\documents and settings\m\usbsermptxp.sys
2008-06-21 14:47 22,768 ----a-w c:\documents and settings\m\usbsermpt.sys
2008-06-14 13:55 92,064 ----a-w c:\documents and settings\m\mqdmmdm.sys
2008-06-14 13:55 9,232 ----a-w c:\documents and settings\m\mqdmmdfl.sys
2008-06-14 13:55 79,328 ----a-w c:\documents and settings\m\mqdmserd.sys
2008-06-14 13:55 66,656 ----a-w c:\documents and settings\m\mqdmbus.sys
2008-06-14 13:55 6,208 ----a-w c:\documents and settings\m\mqdmcmnt.sys
2008-06-14 13:55 5,936 ----a-w c:\documents and settings\m\mqdmwhnt.sys
2008-06-14 13:55 4,048 ----a-w c:\documents and settings\m\mqdmcr.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-25 68856]
"Pando"="c:\program files\Pando Networks\Pando\Pando.exe" [2008-02-09 6051144]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-08-25 1871872]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-11-16 2156368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-16 81000]
"AudioDeck"="c:\program files\VIAudioi\SBADeck\ADeck.exe" [2006-03-20 516096]
"RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2005-11-23 1060864]
"LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
"LVCOMSX"="c:\program files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" [2007-02-06 252704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-25 286720]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-10-25 185632]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"wcmdmgr"="c:\windows\wt\updater\wcmdmgrl.exe" [2002-09-27 20480]
"Uninstall0001"="c:\program files\Fichiers communs\Totem Shared\Uninstall0001\upd.exe" [2008-03-23 57344]
"Uninstall0002"="c:\program files\Fichiers communs\Totem Shared\Uninstall0002\upd.exe" [2008-03-24 57344]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 c:\windows\soundman.exe]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
E-Color.lnk - c:\program files\E-Color\Common\IconMgr.exe [2007-04-01 61440]
EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2007-03-15 127488]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"vidc.vp31"= vp31vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^m^Menu Démarrer^Programmes^Démarrage^Y'z Toolbar.lnk]
path=c:\documents and settings\m\Menu Démarrer\Programmes\Démarrage\Y'z Toolbar.lnk
backup=c:\windows\pss\Y'z Toolbar.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:55 5674352 c:\program files\MSN Messenger\msnmsgr.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
"c:\\Program Files\\Java\\jre1.5.0_05\\bin\\java.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\WinFax eXPert\\WinFax.exe"=
"c:\\Program Files\\WinFax eXPert\\BvrpKrnl.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"64432:TCP"= 64432:TCP:eMuleTCP
"44362:UDP"= 44362:UDP:eMuleUDP
"135:TCP"= 135:TCP:Port DCOM (135)
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-06 35328]
R1 sK9Ou0s;sK9Ou0s;\??\c:\windows\system32\drivers\srosa2.sys [2008-11-16 7168]
S1 aswSP;avast! Self Protection; []
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys []
S3 BvrpKrnl;BvrpKrnl;c:\program files\WinFax eXPert\BVRPKrnl.exe [2008-04-09 548864]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2008-06-22 42112]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);c:\windows\system32\DRIVERS\ss_bus.sys [2008-06-08 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;c:\windows\system32\DRIVERS\ss_mdfl.sys [2008-06-08 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;c:\windows\system32\DRIVERS\ss_mdm.sys [2008-06-08 109704]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\autorun.exe
\Shell\setup\command - J:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25474cd2-36f2-11dc-8334-001617925579}]
\Shell\AutoRun\command - wd_windows_tools\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{265a5727-cf08-11db-82a4-001617925579}]
\Shell\AutoRun\command - G:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c9d883c-ec37-11db-82db-001617925579}]
\Shell\AutoRun\command - J:\autorun.exe
\Shell\setup\command - J:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4caebf61-ce6a-11db-829d-001617925579}]
\Shell\AutoRun\command - H:\RunGame.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ec5493e-2d6e-11dc-832f-001617925579}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dfd119c2-c860-11db-bfea-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
2008-11-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
2008-11-16 c:\windows\Tasks\RegistrySmart Scheduled Scan.job
- c:\program files\RegistrySmart\RegistrySmart.exe []
2008-11-16 c:\windows\Tasks\RegistrySmart Scheduled Scan.job
- c:\program files\RegistrySmart []
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-LDM - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
HKCU-Run-BitTorrent - c:\program files\BitTorrent\bittorrent.exe
HKCU-Run-LClock - c:\\Program Files\\LClock\\lclock.exe
HKCU-Run-P2kAutostart - (no file)
Notify-AtiExtEvent - (no file)
Notify-WgaLogon - (no file)
MSConfigStartUp-BitTorrent - c:\program files\BitTorrent\bittorrent.exe
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\m\Application Data\Mozilla\Firefox\Profiles\7hedgli1.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://google.fr/
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-16 13:30:19
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AudioDeck = c:\program files\VIAudioi\SBADeck\ADeck.exe 1???\ ?|????e:\sound\VIA\vin???|???|?????????
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\srosa]
.
Heure de fin: 2008-11-16 13:32:14
ComboFix-quarantined-files.txt 2008-11-16 12:32:04
Avant-CF: 1,531,207,680 octets libres
Après-CF: 1,941,454,848 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
429
merci à ceux qui prendront un peu de temps à me lire....
Alors voila j'ai du infecter ma machine avec un DL car avast ne s'ouvre plus et me dit : n'est pas une appli Win32 valide
de plus les logiciels Flash8 et dreamweaver ne s'ouvrent plus
et aussi les liens recus par mails ouvrent le navigateur mais n'affiche rien...
En fait j'ai telechargé un logiciel pour faire des fonds d'ecran mais celui ci a travaillé en fond et plus rien...
J'ai suivi les conseils lus sur le net et j'ai installé ComboFix
Voici le rapport...Si quelqu'un peut m'aider
Un grand merci/avance
ComboFix 08-11-14.01 - m 2008-11-16 13:28:13.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1733 [GMT 1:00]
Commutateurs utilisés :: c:\documents and settings\m\Bureau\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\m\Application Data\addon.dat
c:\documents and settings\m\Application Data\m
c:\documents and settings\m\Application Data\m\flec006.exe
c:\documents and settings\m\Application Data\m\shared\2003 FasterInternet PRO 1.0.zip
c:\documents and settings\m\Application Data\m\shared\3DM_Export_for_Solid_Edge_1.0.zip
c:\documents and settings\m\Application Data\m\shared\8BallClub_Online_Billiards_1.zip
c:\documents and settings\m\Application Data\m\shared\A-one_DVD_to_3GP_Ripper_6.40.zip
c:\documents and settings\m\Application Data\m\shared\A.M.L. - Full Edition
c:\documents and settings\m\Application Data\m\shared\Acala_DVD_to_Pocket_PC_Movie_2.4.2.zip
c:\documents and settings\m\Application Data\m\shared\Advanced_RSS_Mixer_Professional_3.1.58.zip
c:\documents and settings\m\Application Data\m\shared\Amic_Video_Converter_2.0_Cracked.zip
c:\documents and settings\m\Application Data\m\shared\Another IE Popup Killer 2.00.zip
c:\documents and settings\m\Application Data\m\shared\Art of Sargent Screensaver.zip
c:\documents and settings\m\Application Data\m\shared\Audio_File_Converter_1.0.zip
c:\documents and settings\m\Application Data\m\shared\AVIFrate_1.0.zip
c:\documents and settings\m\Application Data\m\shared\Balloon_Browser_0.4.2.zip
c:\documents and settings\m\Application Data\m\shared\Battlefield_Vietnam_Dawn_of_Fate_Map_Pack.zip
c:\documents and settings\m\Application Data\m\shared\BazaarBuilder 4.0.zip
c:\documents and settings\m\Application Data\m\shared\Better_Gmail_1.0.zip
c:\documents and settings\m\Application Data\m\shared\Binary_File_Splitter_1.0.zip
c:\documents and settings\m\Application Data\m\shared\Brilliant Database Professional 7.1.zip
c:\documents and settings\m\Application Data\m\shared\Build-in_RSS_Client_1.0.2.294_[Serial].zip
c:\documents and settings\m\Application Data\m\shared\Ccy_Wallpaper_Changer_Pro_2.2.2_[With_Crack].zip
c:\documents and settings\m\Application Data\m\shared\Chameleon_Calendar_1.0_[Key].zip
c:\documents and settings\m\Application Data\m\shared\Check_Favorites_1.7_[Key+Serial].zip
c:\documents and settings\m\Application Data\m\shared\Chord_Alchemy_3.3.zip
c:\documents and settings\m\Application Data\m\shared\Clock XP 2003 20.3.zip
c:\documents and settings\m\Application Data\m\shared\CoderForm_3.0.zip
c:\documents and settings\m\Application Data\m\shared\CompactCharge 2.0.zip
c:\documents and settings\m\Application Data\m\shared\CoolWWWSearch SmartKiller MiniRemoval 1.0.zip
c:\documents and settings\m\Application Data\m\shared\DAD'S RECIPE 1.5.zip
c:\documents and settings\m\Application Data\m\shared\Data Protection Software 1.46 (Serial).zip
c:\documents and settings\m\Application Data\m\shared\Displaying
c:\documents and settings\m\Application Data\m\shared\Distribute_Virtual_Disk_Enterprise_1.4_Crack.zip
c:\documents and settings\m\Application Data\m\shared\Emailarchitect Email Server 7.5.zip
c:\documents and settings\m\Application Data\m\shared\EMS_SQL_Manager_2005_for_InterBase_and_Firebird_4.3.zip
c:\documents and settings\m\Application Data\m\shared\Equalizer Recorder 1.0.zip
c:\documents and settings\m\Application Data\m\shared\ESC_LoanCalc_1.2.zip
c:\documents and settings\m\Application Data\m\shared\Exit_Button_Thunderbird_0.5.zip
c:\documents and settings\m\Application Data\m\shared\Export Query to XML for SQL server 1.04.00.zip
c:\documents and settings\m\Application Data\m\shared\ExpressMirror 3.6.1.zip
c:\documents and settings\m\Application Data\m\shared\Fresh_Killed_Beats_1.2.zip
c:\documents and settings\m\Application Data\m\shared\Gathering_Clouds_Screen_Saver_2.0.zip
c:\documents and settings\m\Application Data\m\shared\Ghost MP3 CD Maker 2.0 (KeyGen).zip
c:\documents and settings\m\Application Data\m\shared\Happy Birthday Screensaver.zip
c:\documents and settings\m\Application Data\m\shared\High Visibility Animated Cursors 2.0c.zip
c:\documents and settings\m\Application Data\m\shared\HomeKey 96.5.zip
c:\documents and settings\m\Application Data\m\shared\HR_Control_Centre_5.0.zip
c:\documents and settings\m\Application Data\m\shared\IBFirstAID_Diagnostician_1.9.zip
c:\documents and settings\m\Application Data\m\shared\iControl 1.2.1.zip
c:\documents and settings\m\Application Data\m\shared\ICQ Message Sender 2.1.zip
c:\documents and settings\m\Application Data\m\shared\Infiltration_Recovery_Tool_1.0.zip
c:\documents and settings\m\Application Data\m\shared\Jamail_3.0.1.65.zip
c:\documents and settings\m\Application Data\m\shared\Jupsat screensaver 1.0.zip
c:\documents and settings\m\Application Data\m\shared\Kaspersky.Personal.Security.Suite.+.antispam.+.antihacker.+.keys.2007.zip
c:\documents and settings\m\Application Data\m\shared\Keyhole Spy 1.12.zip
c:\documents and settings\m\Application Data\m\shared\LinearMath (Nokia Series 40) 1.zip
c:\documents and settings\m\Application Data\m\shared\LingvoSoft_Dictionary_2007_English_-_Azerbaijani_4.0.22.zip
c:\documents and settings\m\Application Data\m\shared\localTrezor 1.0.8.zip
c:\documents and settings\m\Application Data\m\shared\Lottoree 6.zip
c:\documents and settings\m\Application Data\m\shared\MB_Free_Birth_Star_1.0.zip
c:\documents and settings\m\Application Data\m\shared\MDK_demo_3.0.zip
c:\documents and settings\m\Application Data\m\shared\MemDB_Barcode_Maker_1.0_(Key+Serial).zip
c:\documents and settings\m\Application Data\m\shared\Mini-Bizz Invoicer 3.0a.zip
c:\documents and settings\m\Application Data\m\shared\MobiRise 3GP Converter 1.10.zip
c:\documents and settings\m\Application Data\m\shared\MP3_EasySplitter_2.14_[Patch].zip
c:\documents and settings\m\Application Data\m\shared\MP3_Recorder_XP_1.9.zip
c:\documents and settings\m\Application Data\m\shared\Network_Drive_Manager_2.4.0.zip
c:\documents and settings\m\Application Data\m\shared\No_Hawkers_-_AntiSpam_1.0.0.2a.zip
c:\documents and settings\m\Application Data\m\shared\NTFS Recovery Wizard 1.7.1.0.zip
c:\documents and settings\m\Application Data\m\shared\NTFSRatio 1.3.0.0.zip
c:\documents and settings\m\Application Data\m\shared\OSDeploy_1.0.2.zip
c:\documents and settings\m\Application Data\m\shared\Page2CHM 2.7a.zip
c:\documents and settings\m\Application Data\m\shared\Paint-By-Grids_3.0.2406.zip
c:\documents and settings\m\Application Data\m\shared\Panda.Titanium.Antivirus.Plus.Antispyware.20065.02.01.Multilanguage.3.WinALL.RETAIL-ARN.zip
c:\documents and settings\m\Application Data\m\shared\Panda_Screensaver_1.0.zip
c:\documents and settings\m\Application Data\m\shared\Panzer_Dragoon_demo.zip
c:\documents and settings\m\Application Data\m\shared\PCS_Backup_Agent_1.0.001.zip
c:\documents and settings\m\Application Data\m\shared\Personal_Antispy_1.3.zip
c:\documents and settings\m\Application Data\m\shared\PhoneB_1.0.2.zip
c:\documents and settings\m\Application Data\m\shared\PixGPS_1.0.2.zip
c:\documents and settings\m\Application Data\m\shared\Pop-Up_Stopper_Professional_1.80.1.zip
c:\documents and settings\m\Application Data\m\shared\PowerPPT2Swf_2.0.0.5_Serial.zip
c:\documents and settings\m\Application Data\m\shared\Privoxy_3.0.5.zip
c:\documents and settings\m\Application Data\m\shared\PsMan 1.0.0.2.zip
c:\documents and settings\m\Application Data\m\shared\QuickFormz_1.0.5.zip
c:\documents and settings\m\Application Data\m\shared\QuickWrite S60 (English - French) 2.2.zip
c:\documents and settings\m\Application Data\m\shared\Reach-a-Mail 2.83.zip
c:\documents and settings\m\Application Data\m\shared\Remedy.FM 2.0.zip
c:\documents and settings\m\Application Data\m\shared\RHPortal 1.0.zip
c:\documents and settings\m\Application Data\m\shared\RocketMouse 99 4.52.zip
c:\documents and settings\m\Application Data\m\shared\SantaClaus_Hat_Icons.zip
c:\documents and settings\m\Application Data\m\shared\Savings_Calculator_1.0.zip
c:\documents and settings\m\Application Data\m\shared\Secret_Caretaker_1.0.1032.27992.zip
c:\documents and settings\m\Application Data\m\shared\SendLater 2.04.0636.zip
c:\documents and settings\m\Application Data\m\shared\ShixxNOTE_Lite_5.home.zip
c:\documents and settings\m\Application Data\m\shared\SimSpeech 1.0.zip
c:\documents and settings\m\Application Data\m\shared\SMS PC text to Mobile 1.01.zip
c:\documents and settings\m\Application Data\m\shared\SoftCare_Overset_Manager_CS2_4.0.zip
c:\documents and settings\m\Application Data\m\shared\Space News 1.0.0.0.zip
c:\documents and settings\m\Application Data\m\shared\SpeedTrace Pro 2.00.zip
c:\documents and settings\m\Application Data\m\shared\St. Croix Live Harbor Cam 1.25.zip
c:\documents and settings\m\Application Data\m\shared\STLport 5.1.4.zip
c:\documents and settings\m\Application Data\m\shared\Sunbelt_Network_Security_Inspector_1.6.57.zip
c:\documents and settings\m\Application Data\m\shared\Sunflowers Screensaver1 1.0.zip
c:\documents and settings\m\Application Data\m\shared\Surf Safe Pilot 1.11.zip
c:\documents and settings\m\Application Data\m\shared\Synapse_1.0.zip
c:\documents and settings\m\Application Data\m\shared\SyncFolders_1.3.zip
c:\documents and settings\m\Application Data\m\shared\TAPI_Modem_ActiveX_1.0_(Crack).zip
c:\documents and settings\m\Application Data\m\shared\Terminal_Server_Console_TSCon_2.7_[Key+Serial].zip
c:\documents and settings\m\Application Data\m\shared\The Space Heater 1.0.zip
c:\documents and settings\m\Application Data\m\shared\The_Complete_Genealogy_Reporter_2008_Build_70808_(Serial).zip
c:\documents and settings\m\Application Data\m\shared\Timesheet Constructor 4.2.zip
c:\documents and settings\m\Application Data\m\shared\TimeWatch1_2.01.zip
c:\documents and settings\m\Application Data\m\shared\Tiny_Dialer_1.2_[Cracked].zip
c:\documents and settings\m\Application Data\m\shared\Tropical_Birds_ScreenSaver_1.0_KeyGen.zip
c:\documents and settings\m\Application Data\m\shared\Unreal Tournament 2003- Dark-Room map.zip
c:\documents and settings\m\Application Data\m\shared\vCard_Wizard_2.21.0080.zip
c:\documents and settings\m\Application Data\m\shared\Video_Randomizer_1.0_KeyGen.zip
c:\documents and settings\m\Application Data\m\shared\View_Source_Choice_0.3.1.zip
c:\documents and settings\m\Application Data\m\shared\VIP Task Manager Standard Edition 3.5.1 Build 523.zip
c:\documents and settings\m\Application Data\m\shared\VSPopUp_1.1.zip
c:\documents and settings\m\Application Data\m\shared\Wallperizer_1.2.1.zip
c:\documents and settings\m\Application Data\m\shared\Warcraft III - Frogger map.zip
c:\documents and settings\m\Application Data\m\shared\Web Security Guard 4.5.0.70.zip
c:\documents and settings\m\Application Data\m\shared\Windows MultiEnhancer 8.7.zip
c:\documents and settings\m\Application Data\m\shared\Windows_Mess_Cleaner_1.00.zip
c:\documents and settings\m\Application Data\m\shared\WinFuture xp-Iso-Builder 3.0.5.zip
c:\documents and settings\m\Application Data\m\shared\WPCREDIT_1.4.zip
c:\documents and settings\m\Application Data\m\shared\XJS for Windows 1.4.zip
c:\documents and settings\m\Application Data\m\shared\Zoekbank Toolbar 1.1.zip
C:\InfoSat.txt
c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
c:\windows\IE4 Error Log.txt
c:\windows\system32\drivers\downld
c:\windows\system32\drivers\downld\103406.exe
c:\windows\system32\drivers\downld\105468.exe
c:\windows\system32\drivers\downld\110890.exe
c:\windows\system32\drivers\downld\118609.exe
c:\windows\system32\drivers\downld\123750.exe
c:\windows\system32\drivers\downld\128062.exe
c:\windows\system32\drivers\downld\138468.exe
c:\windows\system32\drivers\downld\227968.exe
c:\windows\system32\drivers\downld\230218.exe
c:\windows\system32\drivers\downld\249859.exe
c:\windows\system32\drivers\downld\251406.exe
c:\windows\system32\drivers\downld\261078.exe
c:\windows\system32\drivers\downld\267203.exe
c:\windows\system32\drivers\downld\272062.exe
c:\windows\system32\drivers\downld\278265.exe
c:\windows\system32\drivers\downld\282187.exe
c:\windows\system32\drivers\downld\296750.exe
c:\windows\system32\drivers\downld\300281.exe
c:\windows\system32\drivers\downld\307796.exe
c:\windows\system32\drivers\downld\307953.exe
c:\windows\system32\drivers\downld\311265.exe
c:\windows\system32\drivers\downld\312406.exe
c:\windows\system32\drivers\downld\327265.exe
c:\windows\system32\drivers\downld\353265.exe
c:\windows\system32\drivers\downld\358109.exe
c:\windows\system32\drivers\downld\373281.exe
c:\windows\system32\drivers\downld\383125.exe
c:\windows\system32\drivers\downld\390687.exe
c:\windows\system32\drivers\downld\447468.exe
c:\windows\system32\drivers\downld\455843.exe
c:\windows\system32\drivers\downld\469093.exe
c:\windows\system32\drivers\downld\539468.exe
c:\windows\system32\drivers\downld\561875.exe
c:\windows\system32\drivers\downld\72250.exe
c:\windows\system32\drivers\downld\74312.exe
c:\windows\system32\drivers\downld\87671.exe
c:\windows\system32\drivers\downld\93250.exe
c:\windows\system32\drivers\downld\97743734.exe
c:\windows\system32\drivers\downld\97745343.exe
c:\windows\system32\drivers\downld\97758187.exe
c:\windows\system32\drivers\downld\97762890.exe
c:\windows\system32\drivers\downld\97769515.exe
c:\windows\system32\drivers\downld\97778421.exe
c:\windows\system32\drivers\downld\97787843.exe
c:\windows\system32\drivers\downld\99140.exe
c:\windows\system32\drivers\srosa.sys
c:\windows\system32\drivers\winfilse.exe
c:\windows\system32\mdelk.exe
c:\windows\system32\MSINET.oca
c:\windows\system32\tmp84.tmp
c:\windows\system32\tmp85.tmp
c:\windows\system32\wintems.exe
----- BITS: Il y a peut-être des sites infectés -----
hxxp://designer.extrafilm.fr
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_SROSA
-------\Legacy_SROSA
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-16 au 2008-11-16 ))))))))))))))))))))))))))))))))))))
.
2008-11-16 12:53 . 2008-11-16 12:54 <REP> d-------- c:\program files\Spybot - Search & Destroy
2008-11-16 12:53 . 2008-11-16 12:53 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-16 07:53 . 2008-11-16 12:25 7,168 --a------ c:\windows\system32\drivers\srosa2.sys
2008-11-13 13:41 . 2008-11-16 11:41 <REP> d-------- c:\program files\Amara - Flash Slide Show Builder
2008-11-13 13:40 . 2008-11-13 19:04 <REP> d-------- c:\program files\Amara - Flash News Ticker
2008-11-13 13:39 . 2008-11-13 19:11 <REP> d-------- c:\program files\Amara - Flash Intro and Banner Builder
2008-11-13 13:28 . 2008-11-13 19:25 <REP> d-------- c:\program files\Amara - Flash Photo Animation Software
2008-11-13 13:26 . 2008-11-16 08:38 <REP> d-------- c:\program files\Amara - Flash Menu Builder
2008-11-12 18:30 . 2008-11-12 18:30 <REP> d-------- c:\documents and settings\All Users\Application Data\Anvsoft
2008-11-12 18:29 . 2008-11-12 18:29 <REP> d-------- c:\program files\Common Files
2008-11-11 11:28 . 2008-11-11 11:28 <REP> d-------- c:\program files\Eltima Software
2008-11-11 04:14 . 2008-11-15 15:40 <REP> d-------- c:\documents and settings\m\Application Data\gtk-2.0
2008-11-10 17:00 . 2008-11-10 17:00 <REP> d-------- c:\program files\SourceTec
2008-11-10 11:13 . 2008-11-11 11:28 125 --a------ c:\windows\fd3.INI
2008-11-10 08:03 . 2008-11-16 11:47 <REP> d-------- c:\program files\Fichiers communs\Macromedia
2008-11-09 18:06 . 2008-11-09 18:06 <REP> d-------- c:\documents and settings\m\Application Data\3DFA
2008-11-09 08:42 . 2008-11-09 08:45 <REP> d-------- c:\program files\Save Flash
2008-11-02 17:07 . 2008-11-11 11:28 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-11-02 17:07 . 2008-11-02 17:14 67 --a------ c:\windows\iltwain.ini
2008-11-01 15:12 . 2008-11-01 15:12 <REP> d-------- c:\windows\Logs
2008-11-01 12:08 . 2008-11-01 12:09 <REP> d-------- c:\program files\PhotoFiltre Studio
2008-11-01 12:08 . 2008-11-01 12:08 45 ---h----- c:\windows\dsys8990.dat
2008-11-01 12:04 . 2008-11-01 12:04 <REP> d-------- c:\documents and settings\m\.thumbnails
2008-11-01 12:03 . 2008-11-15 15:40 <REP> d-------- c:\documents and settings\m\.gimp-2.6
2008-11-01 12:03 . 2008-11-01 12:03 <REP> d-------- c:\documents and settings\m\.gegl-0.0
2008-11-01 12:02 . 2008-11-01 12:02 <REP> d-------- c:\program files\Gimp-2.0
2008-10-31 17:40 . 2008-11-01 16:15 109 --a------ c:\windows\disney.ini
2008-10-28 19:10 . 2008-10-28 19:10 <REP> d-------- c:\program files\Fichiers communs\Macrovision Shared
2008-10-28 19:10 . 2008-10-28 19:10 <REP> d-------- c:\documents and settings\All Users\Application Data\Macrovision
2008-10-28 19:09 . 2008-10-28 19:09 54,784 --a------ c:\windows\system32\drivers\CDAC11BA.EXE
2008-10-28 19:09 . 2008-10-28 19:09 12,464 --a------ c:\windows\system32\drivers\CdaC15BA.SYS
2008-10-28 18:08 . 2008-10-28 18:08 <REP> d-------- c:\documents and settings\m\Application Data\ExtraFilm
2008-10-28 18:07 . 2008-10-28 18:10 <REP> d-------- c:\program files\Extrafilm Designer FR
2008-10-28 18:07 . 2008-10-28 18:10 <REP> d-------- c:\documents and settings\All Users\Application Data\ExtraFilm
2008-10-28 18:07 . 2008-10-28 18:07 1,700,352 --a------ c:\windows\system32\gdiplus.dll
2008-10-17 17:18 . 2008-10-17 17:18 <REP> d-------- c:\windows\system32\xlive
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-16 08:55 --------- d-----w c:\program files\PowerArchiver
2008-11-16 08:33 --------- d-----w c:\program files\eMule
2008-11-12 17:40 --------- d-----w c:\program files\WinFax eXPert
2008-11-12 17:40 --------- d-----w c:\program files\Media Player Classic
2008-11-12 17:40 --------- d-----w c:\program files\LiveUpdate
2008-11-12 17:40 --------- d-----w c:\program files\DMV2007
2008-11-12 17:40 --------- d-----w c:\program files\DivX
2008-11-10 15:58 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-10 05:50 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-11-09 13:23 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-08 07:25 --------- d-----w c:\program files\MSN Messenger
2008-11-08 07:25 --------- d-----w c:\program files\Messenger Plus! Live
2008-11-01 16:29 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-01 16:29 103,736 ----a-w c:\windows\system32\PnkBstrB.exe
2008-11-01 16:08 --------- d-----w c:\documents and settings\All Users\Application Data\Codemasters
2008-11-01 15:43 444,952 ----a-w c:\windows\system32\wrap_oal.dll
2008-11-01 15:43 109,080 ----a-w c:\windows\system32\OpenAL32.dll
2008-10-19 14:20 --------- d-----w c:\documents and settings\m\Application Data\Faces
2008-10-08 16:22 --------- d-----w c:\program files\Star Defender 3
2008-10-04 18:39 --------- d-----w c:\documents and settings\m\Application Data\DivX
2008-09-16 00:14 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-09-16 00:14 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-09-16 00:12 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-09-16 00:12 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-09-16 00:12 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-09-16 00:12 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
2008-09-16 00:12 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-09-16 00:12 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-09-16 00:12 294,912 ----a-w c:\windows\system32\dpu10.dll
2008-09-16 00:12 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-16 00:12 196,608 ----a-w c:\windows\system32\dtu100.dll
2008-09-16 00:12 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-16 00:11 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-09-16 00:11 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-09-16 00:11 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-09-16 00:11 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-09-16 00:11 683,520 ----a-w c:\windows\system32\DivX.dll
2008-09-16 00:11 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-16 00:11 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-06-21 14:47 24,192 ----a-w c:\documents and settings\m\usbsermptxp.sys
2008-06-21 14:47 22,768 ----a-w c:\documents and settings\m\usbsermpt.sys
2008-06-14 13:55 92,064 ----a-w c:\documents and settings\m\mqdmmdm.sys
2008-06-14 13:55 9,232 ----a-w c:\documents and settings\m\mqdmmdfl.sys
2008-06-14 13:55 79,328 ----a-w c:\documents and settings\m\mqdmserd.sys
2008-06-14 13:55 66,656 ----a-w c:\documents and settings\m\mqdmbus.sys
2008-06-14 13:55 6,208 ----a-w c:\documents and settings\m\mqdmcmnt.sys
2008-06-14 13:55 5,936 ----a-w c:\documents and settings\m\mqdmwhnt.sys
2008-06-14 13:55 4,048 ----a-w c:\documents and settings\m\mqdmcr.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-25 68856]
"Pando"="c:\program files\Pando Networks\Pando\Pando.exe" [2008-02-09 6051144]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-08-25 1871872]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-11-16 2156368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-16 81000]
"AudioDeck"="c:\program files\VIAudioi\SBADeck\ADeck.exe" [2006-03-20 516096]
"RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2005-11-23 1060864]
"LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
"LVCOMSX"="c:\program files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" [2007-02-06 252704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-25 286720]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-10-25 185632]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"wcmdmgr"="c:\windows\wt\updater\wcmdmgrl.exe" [2002-09-27 20480]
"Uninstall0001"="c:\program files\Fichiers communs\Totem Shared\Uninstall0001\upd.exe" [2008-03-23 57344]
"Uninstall0002"="c:\program files\Fichiers communs\Totem Shared\Uninstall0002\upd.exe" [2008-03-24 57344]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 c:\windows\soundman.exe]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
E-Color.lnk - c:\program files\E-Color\Common\IconMgr.exe [2007-04-01 61440]
EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2007-03-15 127488]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"vidc.vp31"= vp31vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^m^Menu Démarrer^Programmes^Démarrage^Y'z Toolbar.lnk]
path=c:\documents and settings\m\Menu Démarrer\Programmes\Démarrage\Y'z Toolbar.lnk
backup=c:\windows\pss\Y'z Toolbar.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:55 5674352 c:\program files\MSN Messenger\msnmsgr.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
"c:\\Program Files\\Java\\jre1.5.0_05\\bin\\java.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\WinFax eXPert\\WinFax.exe"=
"c:\\Program Files\\WinFax eXPert\\BvrpKrnl.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"64432:TCP"= 64432:TCP:eMuleTCP
"44362:UDP"= 44362:UDP:eMuleUDP
"135:TCP"= 135:TCP:Port DCOM (135)
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-06 35328]
R1 sK9Ou0s;sK9Ou0s;\??\c:\windows\system32\drivers\srosa2.sys [2008-11-16 7168]
S1 aswSP;avast! Self Protection; []
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys []
S3 BvrpKrnl;BvrpKrnl;c:\program files\WinFax eXPert\BVRPKrnl.exe [2008-04-09 548864]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2008-06-22 42112]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);c:\windows\system32\DRIVERS\ss_bus.sys [2008-06-08 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;c:\windows\system32\DRIVERS\ss_mdfl.sys [2008-06-08 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;c:\windows\system32\DRIVERS\ss_mdm.sys [2008-06-08 109704]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\autorun.exe
\Shell\setup\command - J:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25474cd2-36f2-11dc-8334-001617925579}]
\Shell\AutoRun\command - wd_windows_tools\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{265a5727-cf08-11db-82a4-001617925579}]
\Shell\AutoRun\command - G:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c9d883c-ec37-11db-82db-001617925579}]
\Shell\AutoRun\command - J:\autorun.exe
\Shell\setup\command - J:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4caebf61-ce6a-11db-829d-001617925579}]
\Shell\AutoRun\command - H:\RunGame.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ec5493e-2d6e-11dc-832f-001617925579}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dfd119c2-c860-11db-bfea-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
2008-11-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
2008-11-16 c:\windows\Tasks\RegistrySmart Scheduled Scan.job
- c:\program files\RegistrySmart\RegistrySmart.exe []
2008-11-16 c:\windows\Tasks\RegistrySmart Scheduled Scan.job
- c:\program files\RegistrySmart []
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-LDM - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
HKCU-Run-BitTorrent - c:\program files\BitTorrent\bittorrent.exe
HKCU-Run-LClock - c:\\Program Files\\LClock\\lclock.exe
HKCU-Run-P2kAutostart - (no file)
Notify-AtiExtEvent - (no file)
Notify-WgaLogon - (no file)
MSConfigStartUp-BitTorrent - c:\program files\BitTorrent\bittorrent.exe
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\m\Application Data\Mozilla\Firefox\Profiles\7hedgli1.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://google.fr/
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-16 13:30:19
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AudioDeck = c:\program files\VIAudioi\SBADeck\ADeck.exe 1???\ ?|????e:\sound\VIA\vin???|???|?????????
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\srosa]
.
Heure de fin: 2008-11-16 13:32:14
ComboFix-quarantined-files.txt 2008-11-16 12:32:04
Avant-CF: 1,531,207,680 octets libres
Après-CF: 1,941,454,848 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
429
A voir également:
- Pc infecté (avast n'est pas appli win32 valid
- Ethernet n'a pas de configuration ip valide - Guide
- Mon pc est lent - Guide
- Reinitialiser pc - Guide
- Ma cle usb n'est pas reconnu par mon pc - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
4 réponses
slt il en reste
c:\windows\system32\drivers\srosa2.sys
vire tes cracks puis
pour voir:
Telecharge FindyKill sur ton bureau :
--> http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe
--> Lance l installation avec les parametres par default
--> Double clic sur le raccourci FindyKill sur ton bureau
--> Au menu principal,choisi l option 1 (Recherche)
--> Post le rapport FindyKill.txt
Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
c:\windows\system32\drivers\srosa2.sys
vire tes cracks puis
pour voir:
Telecharge FindyKill sur ton bureau :
--> http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe
--> Lance l installation avec les parametres par default
--> Double clic sur le raccourci FindyKill sur ton bureau
--> Au menu principal,choisi l option 1 (Recherche)
--> Post le rapport FindyKill.txt
Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
----------------- FindyKill V4.700 ------------------
* User : m - PC-MICHEL
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 13/11/08 par Chiquitine29
* Recherche effectuée à 14:44:50 le 16/11/2008
* Windows XP - Internet Explorer 6.0.2900.2180
((((((((((((((((( *** Recherche *** ))))))))))))))))))
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\m\Bureau\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
--------------- [ Fichiers/Dossiers infectieux ] ----------------
»»»» Presence des fichiers dans C:
»»»» Presence des fichiers dans C:\WINDOWS
»»»» Presence des fichiers dans C:\WINDOWS\Prefetch
Found ! - C:\WINDOWS\prefetch\105968.EXE-0B7F6E80.pf
Found ! - C:\WINDOWS\prefetch\87671.EXE-1338E1A1.pf
Found ! - C:\WINDOWS\prefetch\93250.EXE-27A9D4BB.pf
Found ! - C:\WINDOWS\prefetch\97758187.EXE-1FBD099F.pf
Found ! - C:\WINDOWS\prefetch\97762890.EXE-2F6B9FE6.pf
Found ! - C:\WINDOWS\prefetch\97778421.EXE-11B15FF0.pf
Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-13520BFC.pf
Found ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Found ! - C:\WINDOWS\prefetch\WINFILSE.EXE-17C2CF68.pf
Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
Found ! - C:\WINDOWS\Prefetch\INSTALL_CRACK.EXE-00157211.pf
Found ! - C:\WINDOWS\Prefetch\INSTALL_CRACK.EXE-05879299.pf
Found ! - C:\WINDOWS\Prefetch\INSTALL_CRACK.EXE-00157211.pf
Found ! - C:\WINDOWS\Prefetch\INSTALL_CRACK.EXE-05879299.pf
Found ! - C:\WINDOWS\Prefetch\KEYGEN.EXE-26AE8C79.pf
Found ! - C:\WINDOWS\Prefetch\KEYGEN.EXE-26AE8C79.pf
»»»» Presence des fichiers dans C:\WINDOWS\system32
»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers
Found ! [16/11/2008 12:25] - C:\WINDOWS\system32\drivers\srosa2.sys
»»»» Presence des fichiers dans C:\Documents and Settings\m\Application Data
»»»» Presence des fichiers dans C:\DOCUME~1\m\LOCALS~1\Temp
»»»» Presence des fichiers dans C:\Documents and Settings\m\Local Settings\Temporary Internet Files\Content.IE5
--------------- [ Registre / Startup ] ----------------
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
SoundMan REG_SZ SOUNDMAN.EXE
AudioDeck REG_SZ C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
RaidTool REG_SZ C:\Program Files\VIA\RAID\raid_tool.exe
LogitechCommunicationsManager REG_SZ "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
LogitechQuickCamRibbon REG_SZ "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
LVCOMSX REG_SZ "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz REG_SZ nwiz.exe /install
NvMediaCenter REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
ISUSPM Startup REG_SZ C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
ISUSScheduler REG_SZ "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
wcmdmgr REG_SZ C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
Uninstall0001 REG_SZ "C:\Program Files\Fichiers communs\Totem Shared\Uninstall0001\upd.exe" LASTCALL!adverts.virtuagirl.com!StatsVirtuaGirl
Uninstall0002 REG_SZ "C:\Program Files\Fichiers communs\Totem Shared\Uninstall0002\upd.exe" LASTCALL!adverts.virtuagirl.com!StatsVirtuaGirl
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Pando REG_SZ "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
NBJ REG_SZ "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
--------------- [ Registre / Clés infectieuses ] ----------------
Found ! - HKEY_USERS\S-1-5-21-746137067-1993962763-725345543-1003\Software\Local AppWizard-Generated Applications\install_crack
Found ! - HKEY_USERS\S-1-5-21-746137067-1993962763-725345543-1003\Software\Local AppWizard-Generated Applications\keygen
Found ! - HKEY_USERS\S-1-5-21-746137067-1993962763-725345543-1003\Software\Local AppWizard-Generated Applications\winfilse
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\install_crack
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\keygen
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winfilse
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s
--------------- [ Etat / Services ] ----------------
+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]
/!\ Ndisuio - Type de démarrage = 4
/!\ Ip6Fw - Type de démarrage = 4
SharedAccess - Type de démarrage = 2
wuauserv - Type de démarrage = 2
wscsvc - Type de démarrage = 2
--------------- [ Recherche dans supports amovibles] ----------------
+- Informations :
C: - Lecteur fixe
F: - Lecteur fixe
K: - Lecteur amovible
* User : m - PC-MICHEL
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 13/11/08 par Chiquitine29
* Recherche effectuée à 14:44:50 le 16/11/2008
* Windows XP - Internet Explorer 6.0.2900.2180
((((((((((((((((( *** Recherche *** ))))))))))))))))))
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\m\Bureau\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
--------------- [ Fichiers/Dossiers infectieux ] ----------------
»»»» Presence des fichiers dans C:
»»»» Presence des fichiers dans C:\WINDOWS
»»»» Presence des fichiers dans C:\WINDOWS\Prefetch
Found ! - C:\WINDOWS\prefetch\105968.EXE-0B7F6E80.pf
Found ! - C:\WINDOWS\prefetch\87671.EXE-1338E1A1.pf
Found ! - C:\WINDOWS\prefetch\93250.EXE-27A9D4BB.pf
Found ! - C:\WINDOWS\prefetch\97758187.EXE-1FBD099F.pf
Found ! - C:\WINDOWS\prefetch\97762890.EXE-2F6B9FE6.pf
Found ! - C:\WINDOWS\prefetch\97778421.EXE-11B15FF0.pf
Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-13520BFC.pf
Found ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Found ! - C:\WINDOWS\prefetch\WINFILSE.EXE-17C2CF68.pf
Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
Found ! - C:\WINDOWS\Prefetch\INSTALL_CRACK.EXE-00157211.pf
Found ! - C:\WINDOWS\Prefetch\INSTALL_CRACK.EXE-05879299.pf
Found ! - C:\WINDOWS\Prefetch\INSTALL_CRACK.EXE-00157211.pf
Found ! - C:\WINDOWS\Prefetch\INSTALL_CRACK.EXE-05879299.pf
Found ! - C:\WINDOWS\Prefetch\KEYGEN.EXE-26AE8C79.pf
Found ! - C:\WINDOWS\Prefetch\KEYGEN.EXE-26AE8C79.pf
»»»» Presence des fichiers dans C:\WINDOWS\system32
»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers
Found ! [16/11/2008 12:25] - C:\WINDOWS\system32\drivers\srosa2.sys
»»»» Presence des fichiers dans C:\Documents and Settings\m\Application Data
»»»» Presence des fichiers dans C:\DOCUME~1\m\LOCALS~1\Temp
»»»» Presence des fichiers dans C:\Documents and Settings\m\Local Settings\Temporary Internet Files\Content.IE5
--------------- [ Registre / Startup ] ----------------
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
SoundMan REG_SZ SOUNDMAN.EXE
AudioDeck REG_SZ C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
RaidTool REG_SZ C:\Program Files\VIA\RAID\raid_tool.exe
LogitechCommunicationsManager REG_SZ "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
LogitechQuickCamRibbon REG_SZ "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
LVCOMSX REG_SZ "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz REG_SZ nwiz.exe /install
NvMediaCenter REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
ISUSPM Startup REG_SZ C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
ISUSScheduler REG_SZ "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
wcmdmgr REG_SZ C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
Uninstall0001 REG_SZ "C:\Program Files\Fichiers communs\Totem Shared\Uninstall0001\upd.exe" LASTCALL!adverts.virtuagirl.com!StatsVirtuaGirl
Uninstall0002 REG_SZ "C:\Program Files\Fichiers communs\Totem Shared\Uninstall0002\upd.exe" LASTCALL!adverts.virtuagirl.com!StatsVirtuaGirl
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Pando REG_SZ "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
NBJ REG_SZ "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
--------------- [ Registre / Clés infectieuses ] ----------------
Found ! - HKEY_USERS\S-1-5-21-746137067-1993962763-725345543-1003\Software\Local AppWizard-Generated Applications\install_crack
Found ! - HKEY_USERS\S-1-5-21-746137067-1993962763-725345543-1003\Software\Local AppWizard-Generated Applications\keygen
Found ! - HKEY_USERS\S-1-5-21-746137067-1993962763-725345543-1003\Software\Local AppWizard-Generated Applications\winfilse
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\install_crack
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\keygen
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winfilse
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s
--------------- [ Etat / Services ] ----------------
+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]
/!\ Ndisuio - Type de démarrage = 4
/!\ Ip6Fw - Type de démarrage = 4
SharedAccess - Type de démarrage = 2
wuauserv - Type de démarrage = 2
wscsvc - Type de démarrage = 2
--------------- [ Recherche dans supports amovibles] ----------------
+- Informations :
C: - Lecteur fixe
F: - Lecteur fixe
K: - Lecteur amovible
parfait il a trouvé les bagles restant:
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir
--> Double clic sur le raccourci FindyKill sur ton bureau
--> Au menu principal,choisi l option 2 (Suppression)
/!\ il y aura 2 redémarrage, laisse travailler l outils jusqu a l apparition du message "nettoyage effectué"
/!\ Ne te sert pas du pc durant la suppression , ton bureau ne sera pas accessible c est normal !
-------> ensuite post le rapport FindyKill.txt
Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides
puis
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir
--> Double clic sur le raccourci FindyKill sur ton bureau
--> Au menu principal,choisi l option 2 (Suppression)
/!\ il y aura 2 redémarrage, laisse travailler l outils jusqu a l apparition du message "nettoyage effectué"
/!\ Ne te sert pas du pc durant la suppression , ton bureau ne sera pas accessible c est normal !
-------> ensuite post le rapport FindyKill.txt
Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides
puis
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
télécharges ceci
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html
exécutes
poste le rapport et ne jettes rien avant examination
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html
exécutes
poste le rapport et ne jettes rien avant examination
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:42:32, on 16/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\m\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [Uninstall0001] "C:\Program Files\Fichiers communs\Totem Shared\Uninstall0001\upd.exe" LASTCALL!adverts.virtuagirl.com!StatsVirtuaGirl
O4 - HKLM\..\Run: [Uninstall0002] "C:\Program Files\Fichiers communs\Totem Shared\Uninstall0002\upd.exe" LASTCALL!adverts.virtuagirl.com!StatsVirtuaGirl
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Common\IconMgr.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{355222FE-F66F-43BD-91A3-1E645AEB5A2A}: NameServer = 80.10.246.1,80.10.246.139
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: BvrpKrnl - Unknown owner - C:\Program Files\WinFax eXPert\BVRPKrnl.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O24 - Desktop Component 0: (no name) - http://tbn0.google.com/...
Scan saved at 14:42:32, on 16/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\m\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [Uninstall0001] "C:\Program Files\Fichiers communs\Totem Shared\Uninstall0001\upd.exe" LASTCALL!adverts.virtuagirl.com!StatsVirtuaGirl
O4 - HKLM\..\Run: [Uninstall0002] "C:\Program Files\Fichiers communs\Totem Shared\Uninstall0002\upd.exe" LASTCALL!adverts.virtuagirl.com!StatsVirtuaGirl
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Common\IconMgr.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{355222FE-F66F-43BD-91A3-1E645AEB5A2A}: NameServer = 80.10.246.1,80.10.246.139
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: BvrpKrnl - Unknown owner - C:\Program Files\WinFax eXPert\BVRPKrnl.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O24 - Desktop Component 0: (no name) - http://tbn0.google.com/...
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Uninstall0002] "C:\Program Files\Fichiers communs\Totem Shared\Uninstall0002\upd.exe" LASTCALL!adverts.virtuagirl.com!StatsVirtuaGirl
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimize
ça c'est déjà très mauvais
a fixer
()supprimer)
vérifier s'il n'y a rien d'autre coché
O4 - HKLM\..\Run: [Uninstall0002] "C:\Program Files\Fichiers communs\Totem Shared\Uninstall0002\upd.exe" LASTCALL!adverts.virtuagirl.com!StatsVirtuaGirl
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimize
ça c'est déjà très mauvais
a fixer
()supprimer)
vérifier s'il n'y a rien d'autre coché
