Précédent
- 1
- 2
- 3
ComboFix 08-11-30.02 - Claude 2008-12-01 17:38:51.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.494 [GMT 1:00]
Lancé depuis: c:\documents and settings\Claude\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-01 au 2008-12-01 ))))))))))))))))))))))))))))))))))))
.
2008-12-01 17:27 . 2008-12-01 17:27 396,288 --a------ C:\HijackThis.exe
2008-12-01 16:52 . 2008-12-01 16:52 410,976 --a------ c:\windows\system32\deploytk.dll
2008-12-01 16:34 . 2008-12-01 16:34 <REP> d-------- c:\program files\Avira
2008-12-01 16:34 . 2008-12-01 16:34 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-12-01 08:22 . 2008-12-01 14:47 <REP> d-------- C:\Lop SD
2008-11-29 11:52 . 2008-11-29 12:34 <REP> d-------- c:\program files\Navilog1
2008-11-26 22:27 . 2008-11-26 22:27 1,393 --a------ c:\windows\imsins.BAK
2008-11-25 12:48 . 2008-11-25 12:48 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
2008-11-25 12:18 . 2008-11-25 12:19 <REP> d-------- C:\Inetpub
2008-11-12 17:36 . 2008-11-12 17:36 <REP> d-------- c:\program files\MSXML 4.0
2008-11-11 19:10 . 2008-11-11 19:10 <REP> d-------- c:\program files\Fichiers communs\PCSuite
2008-11-11 19:07 . 2008-05-07 07:39 1,419,232 --a------ c:\windows\system32\wdfcoinstaller01005.dll
2008-11-11 19:07 . 2008-05-07 07:38 659,968 --a------ c:\windows\system32\nmwcdcocls.dll
2008-11-11 19:07 . 2008-05-07 07:38 20,864 --a------ c:\windows\system32\drivers\ccdcmbo.sys
2008-11-11 19:07 . 2008-05-07 07:38 17,536 --a------ c:\windows\system32\drivers\ccdcmb.sys
2008-11-11 19:07 . 2008-05-07 07:38 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys
2008-11-11 19:07 . 2008-06-06 09:24 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-01 15:54 --------- d-----w c:\program files\Java
2008-12-01 12:29 --------- d-----w c:\documents and settings\Claude\Application Data\gtk-2.0
2008-11-28 11:22 --------- d-----w c:\documents and settings\Claude\Application Data\LimeWire
2008-11-26 08:38 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-11-25 11:07 --------- d-----w c:\program files\Zylom Games
2008-11-25 11:07 --------- d-----w c:\program files\Generalia Software
2008-11-24 11:26 --------- d-----w c:\program files\Lavasoft
2008-11-24 06:26 90,112 ----a-w c:\windows\DUMP96e1.tmp
2008-11-11 18:10 --------- d-----w c:\program files\Fichiers communs\Nokia
2008-11-11 18:07 --------- d-----w c:\program files\Nokia
2008-11-11 18:02 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2008-11-11 16:16 --------- d-----w c:\documents and settings\Claude\Application Data\Nokia
2008-11-07 15:03 --------- d-----w c:\documents and settings\Claude\Application Data\AVG7
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-19 14:53 --------- d-----w c:\program files\GIMP-2.0
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:59 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-10-14 11:48 --------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2008-10-14 11:44 --------- d-----w c:\program files\PC Connectivity Solution
2008-10-14 11:44 --------- d-----w c:\program files\DIFX
2008-10-13 16:02 --------- d-----w c:\program files\Windows Live
2008-10-13 06:17 --------- d-----w c:\program files\OXXOGames
2008-10-12 18:00 --------- d-----w c:\program files\SFRWidget
2008-10-12 14:25 --------- d-----w c:\program files\Windows Live Toolbar
2008-10-12 14:25 --------- d-----w c:\program files\Windows Live Favorites
2008-10-12 14:19 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-10-12 14:07 --------- d-----w c:\program files\SDLL
2008-10-12 14:01 --------- d-----w c:\program files\Microsoft Works
2008-10-12 13:59 --------- d-----w c:\program files\Screenseven
2008-10-12 13:55 --------- d-----w c:\program files\Yahoo!
2008-10-12 13:39 --------- d-----w c:\program files\Power IE
2008-10-10 07:04 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-10-09 15:32 --------- d-----w c:\program files\iKlax Media
2008-10-09 11:03 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-09 11:03 --------- d-----w c:\program files\Micro Application
2008-10-07 10:47 --------- d-----w c:\documents and settings\All Users\Application Data\Nokia
2008-10-07 10:43 --------- d-----w c:\program files\MSXML 6.0
2008-10-07 10:28 --------- d-----w c:\documents and settings\Claude\Application Data\PC Suite
2008-10-07 10:13 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-10-07 10:13 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-10-03 17:12 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 15:39 1,846,144 ----a-w c:\windows\system32\win32k.sys
2008-09-15 15:39 1,846,144 ----a-w c:\windows\system32\dllcache\win32k.sys
2008-09-05 22:30 952,360 ------w c:\windows\system32\dllcache\WgaTray.exe
2008-09-05 22:30 267,304 ------w c:\windows\system32\dllcache\wgaLogon.dll
2008-09-04 16:45 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-04 16:45 1,106,944 ----a-w c:\windows\system32\dllcache\msxml3.dll
2008-03-06 15:48 88 --sh--r c:\windows\system32\EAE8E70877.sys
2008-03-06 16:37 3,140 --sha-w c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2008-11-29_14.47.38.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-08-09 12:04:11 40,768 ----a-w c:\windows\system32\drivers\avgntdd.sys
+ 2008-05-09 12:15:47 45,376 ----a-w c:\windows\system32\drivers\avgntdd.sys
- 2007-07-18 13:22:19 21,312 ----a-w c:\windows\system32\drivers\avgntmgr.sys
+ 2008-01-21 17:11:28 22,336 ----a-w c:\windows\system32\drivers\avgntmgr.sys
- 2008-11-25 20:22:22 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys
+ 2008-12-01 15:40:12 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys
- 2007-03-01 09:34:36 28,352 ----a-w c:\windows\system32\drivers\ssmdrv.sys
+ 2007-11-08 18:03:26 21,248 ----a-w c:\windows\system32\drivers\ssmdrv.sys
- 2008-11-29 13:41:14 218,065 ----a-w c:\windows\system32\inetsrv\MetaBase.bin
+ 2008-12-01 16:03:47 218,059 ----a-w c:\windows\system32\inetsrv\MetaBase.bin
- 2008-06-09 23:21:01 135,168 ----a-w c:\windows\system32\java.exe
+ 2008-12-01 15:52:18 144,792 ----a-w c:\windows\system32\java.exe
- 2008-06-09 23:21:04 135,168 ----a-w c:\windows\system32\javaw.exe
+ 2008-12-01 15:52:19 144,792 ----a-w c:\windows\system32\javaw.exe
- 2008-06-10 00:32:34 139,264 ----a-w c:\windows\system32\javaws.exe
+ 2008-12-01 15:52:19 148,888 ----a-w c:\windows\system32\javaws.exe
+ 2008-12-01 15:59:53 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_828.dat
+ 2008-12-01 15:59:53 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_a54.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-01 136600]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-03 344064]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-22 45056]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-06-07 24576]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 16:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\WebEye\\WebEye.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
S3 MBAMCatchMe;MBAMCatchMe;\??\c:\program files\Malwarebytes' Anti-Malware\catchme.sys []
S3 PAC7311;VGA SoC PC-Camer@;c:\windows\system32\DRIVERS\PA707UCM.SYS [2005-09-16 150272]
S3 SDVC05;USB SDVC05;c:\windows\system32\Drivers\SDVC05.sys [2006-05-28 18088]
.
Contenu du dossier 'Tâches planifiées'
2005-06-11 c:\windows\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-05 12:00]
2008-12-01 c:\windows\Tasks\User_Feed_Synchronization-{5C79FAFC-5AD7-47BD-882C-49C39D424FDA}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 12:58]
2008-12-01 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKU-Default-Run-AVG7_Run - c:\progra~1\Grisoft\AVG7\avgw.exe
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\Claude\Application Data\Mozilla\Firefox\Profiles\68ic7th5.default\
FF -: plugin - c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF -: plugin - c:\documents and settings\Claude\Application Data\Mozilla\plugins\npPxPlay.dll
FF -: plugin - c:\program files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-01 17:43:31
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(1312)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Heure de fin: 2008-12-01 17:45:27
ComboFix-quarantined-files.txt 2008-12-01 16:45:08
ComboFix2.txt 2008-11-29 13:48:46
Avant-CF: 26 422 448 128 octets libres
Après-CF: 26,432,098,304 octets libres
203 --- E O F --- 2008-11-26 21:28:07
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.494 [GMT 1:00]
Lancé depuis: c:\documents and settings\Claude\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-01 au 2008-12-01 ))))))))))))))))))))))))))))))))))))
.
2008-12-01 17:27 . 2008-12-01 17:27 396,288 --a------ C:\HijackThis.exe
2008-12-01 16:52 . 2008-12-01 16:52 410,976 --a------ c:\windows\system32\deploytk.dll
2008-12-01 16:34 . 2008-12-01 16:34 <REP> d-------- c:\program files\Avira
2008-12-01 16:34 . 2008-12-01 16:34 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-12-01 08:22 . 2008-12-01 14:47 <REP> d-------- C:\Lop SD
2008-11-29 11:52 . 2008-11-29 12:34 <REP> d-------- c:\program files\Navilog1
2008-11-26 22:27 . 2008-11-26 22:27 1,393 --a------ c:\windows\imsins.BAK
2008-11-25 12:48 . 2008-11-25 12:48 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
2008-11-25 12:18 . 2008-11-25 12:19 <REP> d-------- C:\Inetpub
2008-11-12 17:36 . 2008-11-12 17:36 <REP> d-------- c:\program files\MSXML 4.0
2008-11-11 19:10 . 2008-11-11 19:10 <REP> d-------- c:\program files\Fichiers communs\PCSuite
2008-11-11 19:07 . 2008-05-07 07:39 1,419,232 --a------ c:\windows\system32\wdfcoinstaller01005.dll
2008-11-11 19:07 . 2008-05-07 07:38 659,968 --a------ c:\windows\system32\nmwcdcocls.dll
2008-11-11 19:07 . 2008-05-07 07:38 20,864 --a------ c:\windows\system32\drivers\ccdcmbo.sys
2008-11-11 19:07 . 2008-05-07 07:38 17,536 --a------ c:\windows\system32\drivers\ccdcmb.sys
2008-11-11 19:07 . 2008-05-07 07:38 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys
2008-11-11 19:07 . 2008-06-06 09:24 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-01 15:54 --------- d-----w c:\program files\Java
2008-12-01 12:29 --------- d-----w c:\documents and settings\Claude\Application Data\gtk-2.0
2008-11-28 11:22 --------- d-----w c:\documents and settings\Claude\Application Data\LimeWire
2008-11-26 08:38 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-11-25 11:07 --------- d-----w c:\program files\Zylom Games
2008-11-25 11:07 --------- d-----w c:\program files\Generalia Software
2008-11-24 11:26 --------- d-----w c:\program files\Lavasoft
2008-11-24 06:26 90,112 ----a-w c:\windows\DUMP96e1.tmp
2008-11-11 18:10 --------- d-----w c:\program files\Fichiers communs\Nokia
2008-11-11 18:07 --------- d-----w c:\program files\Nokia
2008-11-11 18:02 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2008-11-11 16:16 --------- d-----w c:\documents and settings\Claude\Application Data\Nokia
2008-11-07 15:03 --------- d-----w c:\documents and settings\Claude\Application Data\AVG7
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-19 14:53 --------- d-----w c:\program files\GIMP-2.0
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:59 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-10-14 11:48 --------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2008-10-14 11:44 --------- d-----w c:\program files\PC Connectivity Solution
2008-10-14 11:44 --------- d-----w c:\program files\DIFX
2008-10-13 16:02 --------- d-----w c:\program files\Windows Live
2008-10-13 06:17 --------- d-----w c:\program files\OXXOGames
2008-10-12 18:00 --------- d-----w c:\program files\SFRWidget
2008-10-12 14:25 --------- d-----w c:\program files\Windows Live Toolbar
2008-10-12 14:25 --------- d-----w c:\program files\Windows Live Favorites
2008-10-12 14:19 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-10-12 14:07 --------- d-----w c:\program files\SDLL
2008-10-12 14:01 --------- d-----w c:\program files\Microsoft Works
2008-10-12 13:59 --------- d-----w c:\program files\Screenseven
2008-10-12 13:55 --------- d-----w c:\program files\Yahoo!
2008-10-12 13:39 --------- d-----w c:\program files\Power IE
2008-10-10 07:04 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-10-09 15:32 --------- d-----w c:\program files\iKlax Media
2008-10-09 11:03 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-09 11:03 --------- d-----w c:\program files\Micro Application
2008-10-07 10:47 --------- d-----w c:\documents and settings\All Users\Application Data\Nokia
2008-10-07 10:43 --------- d-----w c:\program files\MSXML 6.0
2008-10-07 10:28 --------- d-----w c:\documents and settings\Claude\Application Data\PC Suite
2008-10-07 10:13 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-10-07 10:13 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-10-03 17:12 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 15:39 1,846,144 ----a-w c:\windows\system32\win32k.sys
2008-09-15 15:39 1,846,144 ----a-w c:\windows\system32\dllcache\win32k.sys
2008-09-05 22:30 952,360 ------w c:\windows\system32\dllcache\WgaTray.exe
2008-09-05 22:30 267,304 ------w c:\windows\system32\dllcache\wgaLogon.dll
2008-09-04 16:45 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-04 16:45 1,106,944 ----a-w c:\windows\system32\dllcache\msxml3.dll
2008-03-06 15:48 88 --sh--r c:\windows\system32\EAE8E70877.sys
2008-03-06 16:37 3,140 --sha-w c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2008-11-29_14.47.38.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-08-09 12:04:11 40,768 ----a-w c:\windows\system32\drivers\avgntdd.sys
+ 2008-05-09 12:15:47 45,376 ----a-w c:\windows\system32\drivers\avgntdd.sys
- 2007-07-18 13:22:19 21,312 ----a-w c:\windows\system32\drivers\avgntmgr.sys
+ 2008-01-21 17:11:28 22,336 ----a-w c:\windows\system32\drivers\avgntmgr.sys
- 2008-11-25 20:22:22 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys
+ 2008-12-01 15:40:12 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys
- 2007-03-01 09:34:36 28,352 ----a-w c:\windows\system32\drivers\ssmdrv.sys
+ 2007-11-08 18:03:26 21,248 ----a-w c:\windows\system32\drivers\ssmdrv.sys
- 2008-11-29 13:41:14 218,065 ----a-w c:\windows\system32\inetsrv\MetaBase.bin
+ 2008-12-01 16:03:47 218,059 ----a-w c:\windows\system32\inetsrv\MetaBase.bin
- 2008-06-09 23:21:01 135,168 ----a-w c:\windows\system32\java.exe
+ 2008-12-01 15:52:18 144,792 ----a-w c:\windows\system32\java.exe
- 2008-06-09 23:21:04 135,168 ----a-w c:\windows\system32\javaw.exe
+ 2008-12-01 15:52:19 144,792 ----a-w c:\windows\system32\javaw.exe
- 2008-06-10 00:32:34 139,264 ----a-w c:\windows\system32\javaws.exe
+ 2008-12-01 15:52:19 148,888 ----a-w c:\windows\system32\javaws.exe
+ 2008-12-01 15:59:53 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_828.dat
+ 2008-12-01 15:59:53 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_a54.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-01 136600]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-03 344064]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-22 45056]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-06-07 24576]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 16:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\WebEye\\WebEye.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
S3 MBAMCatchMe;MBAMCatchMe;\??\c:\program files\Malwarebytes' Anti-Malware\catchme.sys []
S3 PAC7311;VGA SoC PC-Camer@;c:\windows\system32\DRIVERS\PA707UCM.SYS [2005-09-16 150272]
S3 SDVC05;USB SDVC05;c:\windows\system32\Drivers\SDVC05.sys [2006-05-28 18088]
.
Contenu du dossier 'Tâches planifiées'
2005-06-11 c:\windows\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-05 12:00]
2008-12-01 c:\windows\Tasks\User_Feed_Synchronization-{5C79FAFC-5AD7-47BD-882C-49C39D424FDA}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 12:58]
2008-12-01 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKU-Default-Run-AVG7_Run - c:\progra~1\Grisoft\AVG7\avgw.exe
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\Claude\Application Data\Mozilla\Firefox\Profiles\68ic7th5.default\
FF -: plugin - c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF -: plugin - c:\documents and settings\Claude\Application Data\Mozilla\plugins\npPxPlay.dll
FF -: plugin - c:\program files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-01 17:43:31
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(1312)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Heure de fin: 2008-12-01 17:45:27
ComboFix-quarantined-files.txt 2008-12-01 16:45:08
ComboFix2.txt 2008-11-29 13:48:46
Avant-CF: 26 422 448 128 octets libres
Après-CF: 26,432,098,304 octets libres
203 --- E O F --- 2008-11-26 21:28:07
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
/!\ Seul ladeck peut suivre cette procédure /!\
1/
---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.
---> Copie le texte ci-dessous par sélection puis Ctrl+C :
KillAll::
Driver::
Avg7Alrt
Avg7UpdSvc
AVGEMS
Folder::
C:\PROGRA~1\Grisoft\AVG7
---> Colle la sélection dans le bloc-notes
---> Enregistre ce fichier sur le bureau (Impératif)
---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes
2/
---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif
[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.
[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.
[*] Une fois le scan achevé, un rapport va s'afficher : poste-le
[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix\Combofix.txt
1/
---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.
---> Copie le texte ci-dessous par sélection puis Ctrl+C :
KillAll::
Driver::
Avg7Alrt
Avg7UpdSvc
AVGEMS
Folder::
C:\PROGRA~1\Grisoft\AVG7
---> Colle la sélection dans le bloc-notes
---> Enregistre ce fichier sur le bureau (Impératif)
---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes
2/
---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif
[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.
[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.
[*] Une fois le scan achevé, un rapport va s'afficher : poste-le
[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix\Combofix.txt
ComboFix 08-11-30.02 - Claude 2008-12-01 18:17:28.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.521 [GMT 1:00]
Lancé depuis: c:\documents and settings\Claude\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Claude\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_AVG7ALRT
-------\Legacy_AVG7UPDSVC
-------\Legacy_AVGEMS
-------\Service_Avg7Alrt
-------\Service_Avg7UpdSvc
-------\Service_AVGEMS
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-01 au 2008-12-01 ))))))))))))))))))))))))))))))))))))
.
2008-12-01 17:27 . 2008-12-01 17:27 396,288 --a------ C:\HijackThis.exe
2008-12-01 16:52 . 2008-12-01 16:52 410,976 --a------ c:\windows\system32\deploytk.dll
2008-12-01 16:34 . 2008-12-01 16:34 <REP> d-------- c:\program files\Avira
2008-12-01 16:34 . 2008-12-01 16:34 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-12-01 08:22 . 2008-12-01 14:47 <REP> d-------- C:\Lop SD
2008-11-29 11:52 . 2008-11-29 12:34 <REP> d-------- c:\program files\Navilog1
2008-11-26 22:27 . 2008-11-26 22:27 1,393 --a------ c:\windows\imsins.BAK
2008-11-25 12:48 . 2008-11-25 12:48 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
2008-11-25 12:18 . 2008-11-25 12:19 <REP> d-------- C:\Inetpub
2008-11-12 17:36 . 2008-11-12 17:36 <REP> d-------- c:\program files\MSXML 4.0
2008-11-11 19:10 . 2008-11-11 19:10 <REP> d-------- c:\program files\Fichiers communs\PCSuite
2008-11-11 19:07 . 2008-05-07 07:39 1,419,232 --a------ c:\windows\system32\wdfcoinstaller01005.dll
2008-11-11 19:07 . 2008-05-07 07:38 659,968 --a------ c:\windows\system32\nmwcdcocls.dll
2008-11-11 19:07 . 2008-05-07 07:38 20,864 --a------ c:\windows\system32\drivers\ccdcmbo.sys
2008-11-11 19:07 . 2008-05-07 07:38 17,536 --a------ c:\windows\system32\drivers\ccdcmb.sys
2008-11-11 19:07 . 2008-05-07 07:38 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys
2008-11-11 19:07 . 2008-06-06 09:24 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-01 15:54 --------- d-----w c:\program files\Java
2008-12-01 12:29 --------- d-----w c:\documents and settings\Claude\Application Data\gtk-2.0
2008-11-28 11:22 --------- d-----w c:\documents and settings\Claude\Application Data\LimeWire
2008-11-26 08:38 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-11-25 11:07 --------- d-----w c:\program files\Zylom Games
2008-11-25 11:07 --------- d-----w c:\program files\Generalia Software
2008-11-24 11:26 --------- d-----w c:\program files\Lavasoft
2008-11-24 06:26 90,112 ----a-w c:\windows\DUMP96e1.tmp
2008-11-11 18:10 --------- d-----w c:\program files\Fichiers communs\Nokia
2008-11-11 18:07 --------- d-----w c:\program files\Nokia
2008-11-11 18:02 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2008-11-11 16:16 --------- d-----w c:\documents and settings\Claude\Application Data\Nokia
2008-11-07 15:03 --------- d-----w c:\documents and settings\Claude\Application Data\AVG7
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-19 14:53 --------- d-----w c:\program files\GIMP-2.0
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:59 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-10-14 11:48 --------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2008-10-14 11:44 --------- d-----w c:\program files\PC Connectivity Solution
2008-10-14 11:44 --------- d-----w c:\program files\DIFX
2008-10-13 16:02 --------- d-----w c:\program files\Windows Live
2008-10-13 06:17 --------- d-----w c:\program files\OXXOGames
2008-10-12 18:00 --------- d-----w c:\program files\SFRWidget
2008-10-12 14:25 --------- d-----w c:\program files\Windows Live Toolbar
2008-10-12 14:25 --------- d-----w c:\program files\Windows Live Favorites
2008-10-12 14:19 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-10-12 14:07 --------- d-----w c:\program files\SDLL
2008-10-12 14:01 --------- d-----w c:\program files\Microsoft Works
2008-10-12 13:59 --------- d-----w c:\program files\Screenseven
2008-10-12 13:55 --------- d-----w c:\program files\Yahoo!
2008-10-12 13:39 --------- d-----w c:\program files\Power IE
2008-10-10 07:04 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-10-09 15:32 --------- d-----w c:\program files\iKlax Media
2008-10-09 11:03 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-09 11:03 --------- d-----w c:\program files\Micro Application
2008-10-07 10:47 --------- d-----w c:\documents and settings\All Users\Application Data\Nokia
2008-10-07 10:43 --------- d-----w c:\program files\MSXML 6.0
2008-10-07 10:28 --------- d-----w c:\documents and settings\Claude\Application Data\PC Suite
2008-10-07 10:13 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-10-07 10:13 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-10-03 17:12 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 15:39 1,846,144 ----a-w c:\windows\system32\win32k.sys
2008-09-15 15:39 1,846,144 ----a-w c:\windows\system32\dllcache\win32k.sys
2008-09-05 22:30 952,360 ------w c:\windows\system32\dllcache\WgaTray.exe
2008-09-05 22:30 267,304 ------w c:\windows\system32\dllcache\wgaLogon.dll
2008-09-04 16:45 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-04 16:45 1,106,944 ----a-w c:\windows\system32\dllcache\msxml3.dll
2008-03-06 15:48 88 --sh--r c:\windows\system32\EAE8E70877.sys
2008-03-06 16:37 3,140 --sha-w c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2008-11-29_14.47.38.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-08-09 12:04:11 40,768 ----a-w c:\windows\system32\drivers\avgntdd.sys
+ 2008-05-09 12:15:47 45,376 ----a-w c:\windows\system32\drivers\avgntdd.sys
- 2007-07-18 13:22:19 21,312 ----a-w c:\windows\system32\drivers\avgntmgr.sys
+ 2008-01-21 17:11:28 22,336 ----a-w c:\windows\system32\drivers\avgntmgr.sys
- 2008-11-25 20:22:22 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys
+ 2008-12-01 15:40:12 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys
- 2007-03-01 09:34:36 28,352 ----a-w c:\windows\system32\drivers\ssmdrv.sys
+ 2007-11-08 18:03:26 21,248 ----a-w c:\windows\system32\drivers\ssmdrv.sys
- 2008-11-29 13:41:14 218,065 ----a-w c:\windows\system32\inetsrv\MetaBase.bin
+ 2008-12-01 17:23:34 218,059 ----a-w c:\windows\system32\inetsrv\MetaBase.bin
- 2008-06-09 23:21:01 135,168 ----a-w c:\windows\system32\java.exe
+ 2008-12-01 15:52:18 144,792 ----a-w c:\windows\system32\java.exe
- 2008-06-09 23:21:04 135,168 ----a-w c:\windows\system32\javaw.exe
+ 2008-12-01 15:52:19 144,792 ----a-w c:\windows\system32\javaw.exe
- 2008-06-10 00:32:34 139,264 ----a-w c:\windows\system32\javaws.exe
+ 2008-12-01 15:52:19 148,888 ----a-w c:\windows\system32\javaws.exe
+ 2008-12-01 17:23:35 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_2dc.dat
+ 2008-12-01 17:23:35 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_4a4.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-01 136600]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-03 344064]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-22 45056]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-06-07 24576]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 16:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\WebEye\\WebEye.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
S3 MBAMCatchMe;MBAMCatchMe;\??\c:\program files\Malwarebytes' Anti-Malware\catchme.sys []
S3 PAC7311;VGA SoC PC-Camer@;c:\windows\system32\DRIVERS\PA707UCM.SYS [2005-09-16 150272]
S3 SDVC05;USB SDVC05;c:\windows\system32\Drivers\SDVC05.sys [2006-05-28 18088]
.
Contenu du dossier 'Tâches planifiées'
2005-06-11 c:\windows\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-05 12:00]
2008-12-01 c:\windows\Tasks\User_Feed_Synchronization-{5C79FAFC-5AD7-47BD-882C-49C39D424FDA}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 12:58]
2008-12-01 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-01 18:24:02
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(1324)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Fichiers communs\logishrd\LVMVFM\LVPrcSrv.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\logishrd\LVCOMSER\LVComSer.exe
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PSIService.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\snmp.exe
c:\windows\system32\PAStiSvc.exe
c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Fichiers communs\logishrd\LVCOMSER\LVComSer.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclToBTSrv.exe
c:\program files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
.
**************************************************************************
.
Heure de fin: 2008-12-01 18:30:39 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-01 17:30:32
ComboFix2.txt 2008-12-01 16:45:31
ComboFix3.txt 2008-11-29 13:48:46
Avant-CF: 26 421 559 296 octets libres
Après-CF: 26,404,061,184 octets libres
241 --- E O F --- 2008-11-26 21:28:07
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.521 [GMT 1:00]
Lancé depuis: c:\documents and settings\Claude\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Claude\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_AVG7ALRT
-------\Legacy_AVG7UPDSVC
-------\Legacy_AVGEMS
-------\Service_Avg7Alrt
-------\Service_Avg7UpdSvc
-------\Service_AVGEMS
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-01 au 2008-12-01 ))))))))))))))))))))))))))))))))))))
.
2008-12-01 17:27 . 2008-12-01 17:27 396,288 --a------ C:\HijackThis.exe
2008-12-01 16:52 . 2008-12-01 16:52 410,976 --a------ c:\windows\system32\deploytk.dll
2008-12-01 16:34 . 2008-12-01 16:34 <REP> d-------- c:\program files\Avira
2008-12-01 16:34 . 2008-12-01 16:34 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-12-01 08:22 . 2008-12-01 14:47 <REP> d-------- C:\Lop SD
2008-11-29 11:52 . 2008-11-29 12:34 <REP> d-------- c:\program files\Navilog1
2008-11-26 22:27 . 2008-11-26 22:27 1,393 --a------ c:\windows\imsins.BAK
2008-11-25 12:48 . 2008-11-25 12:48 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
2008-11-25 12:18 . 2008-11-25 12:19 <REP> d-------- C:\Inetpub
2008-11-12 17:36 . 2008-11-12 17:36 <REP> d-------- c:\program files\MSXML 4.0
2008-11-11 19:10 . 2008-11-11 19:10 <REP> d-------- c:\program files\Fichiers communs\PCSuite
2008-11-11 19:07 . 2008-05-07 07:39 1,419,232 --a------ c:\windows\system32\wdfcoinstaller01005.dll
2008-11-11 19:07 . 2008-05-07 07:38 659,968 --a------ c:\windows\system32\nmwcdcocls.dll
2008-11-11 19:07 . 2008-05-07 07:38 20,864 --a------ c:\windows\system32\drivers\ccdcmbo.sys
2008-11-11 19:07 . 2008-05-07 07:38 17,536 --a------ c:\windows\system32\drivers\ccdcmb.sys
2008-11-11 19:07 . 2008-05-07 07:38 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys
2008-11-11 19:07 . 2008-06-06 09:24 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-01 15:54 --------- d-----w c:\program files\Java
2008-12-01 12:29 --------- d-----w c:\documents and settings\Claude\Application Data\gtk-2.0
2008-11-28 11:22 --------- d-----w c:\documents and settings\Claude\Application Data\LimeWire
2008-11-26 08:38 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-11-25 11:07 --------- d-----w c:\program files\Zylom Games
2008-11-25 11:07 --------- d-----w c:\program files\Generalia Software
2008-11-24 11:26 --------- d-----w c:\program files\Lavasoft
2008-11-24 06:26 90,112 ----a-w c:\windows\DUMP96e1.tmp
2008-11-11 18:10 --------- d-----w c:\program files\Fichiers communs\Nokia
2008-11-11 18:07 --------- d-----w c:\program files\Nokia
2008-11-11 18:02 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2008-11-11 16:16 --------- d-----w c:\documents and settings\Claude\Application Data\Nokia
2008-11-07 15:03 --------- d-----w c:\documents and settings\Claude\Application Data\AVG7
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-19 14:53 --------- d-----w c:\program files\GIMP-2.0
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:59 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-10-14 11:48 --------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2008-10-14 11:44 --------- d-----w c:\program files\PC Connectivity Solution
2008-10-14 11:44 --------- d-----w c:\program files\DIFX
2008-10-13 16:02 --------- d-----w c:\program files\Windows Live
2008-10-13 06:17 --------- d-----w c:\program files\OXXOGames
2008-10-12 18:00 --------- d-----w c:\program files\SFRWidget
2008-10-12 14:25 --------- d-----w c:\program files\Windows Live Toolbar
2008-10-12 14:25 --------- d-----w c:\program files\Windows Live Favorites
2008-10-12 14:19 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-10-12 14:07 --------- d-----w c:\program files\SDLL
2008-10-12 14:01 --------- d-----w c:\program files\Microsoft Works
2008-10-12 13:59 --------- d-----w c:\program files\Screenseven
2008-10-12 13:55 --------- d-----w c:\program files\Yahoo!
2008-10-12 13:39 --------- d-----w c:\program files\Power IE
2008-10-10 07:04 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-10-09 15:32 --------- d-----w c:\program files\iKlax Media
2008-10-09 11:03 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-09 11:03 --------- d-----w c:\program files\Micro Application
2008-10-07 10:47 --------- d-----w c:\documents and settings\All Users\Application Data\Nokia
2008-10-07 10:43 --------- d-----w c:\program files\MSXML 6.0
2008-10-07 10:28 --------- d-----w c:\documents and settings\Claude\Application Data\PC Suite
2008-10-07 10:13 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-10-07 10:13 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-10-03 17:12 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 15:39 1,846,144 ----a-w c:\windows\system32\win32k.sys
2008-09-15 15:39 1,846,144 ----a-w c:\windows\system32\dllcache\win32k.sys
2008-09-05 22:30 952,360 ------w c:\windows\system32\dllcache\WgaTray.exe
2008-09-05 22:30 267,304 ------w c:\windows\system32\dllcache\wgaLogon.dll
2008-09-04 16:45 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-04 16:45 1,106,944 ----a-w c:\windows\system32\dllcache\msxml3.dll
2008-03-06 15:48 88 --sh--r c:\windows\system32\EAE8E70877.sys
2008-03-06 16:37 3,140 --sha-w c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2008-11-29_14.47.38.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-08-09 12:04:11 40,768 ----a-w c:\windows\system32\drivers\avgntdd.sys
+ 2008-05-09 12:15:47 45,376 ----a-w c:\windows\system32\drivers\avgntdd.sys
- 2007-07-18 13:22:19 21,312 ----a-w c:\windows\system32\drivers\avgntmgr.sys
+ 2008-01-21 17:11:28 22,336 ----a-w c:\windows\system32\drivers\avgntmgr.sys
- 2008-11-25 20:22:22 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys
+ 2008-12-01 15:40:12 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys
- 2007-03-01 09:34:36 28,352 ----a-w c:\windows\system32\drivers\ssmdrv.sys
+ 2007-11-08 18:03:26 21,248 ----a-w c:\windows\system32\drivers\ssmdrv.sys
- 2008-11-29 13:41:14 218,065 ----a-w c:\windows\system32\inetsrv\MetaBase.bin
+ 2008-12-01 17:23:34 218,059 ----a-w c:\windows\system32\inetsrv\MetaBase.bin
- 2008-06-09 23:21:01 135,168 ----a-w c:\windows\system32\java.exe
+ 2008-12-01 15:52:18 144,792 ----a-w c:\windows\system32\java.exe
- 2008-06-09 23:21:04 135,168 ----a-w c:\windows\system32\javaw.exe
+ 2008-12-01 15:52:19 144,792 ----a-w c:\windows\system32\javaw.exe
- 2008-06-10 00:32:34 139,264 ----a-w c:\windows\system32\javaws.exe
+ 2008-12-01 15:52:19 148,888 ----a-w c:\windows\system32\javaws.exe
+ 2008-12-01 17:23:35 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_2dc.dat
+ 2008-12-01 17:23:35 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_4a4.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-01 136600]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-03 344064]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-22 45056]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-06-07 24576]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 16:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\WebEye\\WebEye.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
S3 MBAMCatchMe;MBAMCatchMe;\??\c:\program files\Malwarebytes' Anti-Malware\catchme.sys []
S3 PAC7311;VGA SoC PC-Camer@;c:\windows\system32\DRIVERS\PA707UCM.SYS [2005-09-16 150272]
S3 SDVC05;USB SDVC05;c:\windows\system32\Drivers\SDVC05.sys [2006-05-28 18088]
.
Contenu du dossier 'Tâches planifiées'
2005-06-11 c:\windows\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-05 12:00]
2008-12-01 c:\windows\Tasks\User_Feed_Synchronization-{5C79FAFC-5AD7-47BD-882C-49C39D424FDA}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 12:58]
2008-12-01 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-01 18:24:02
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(1324)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Fichiers communs\logishrd\LVMVFM\LVPrcSrv.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\logishrd\LVCOMSER\LVComSer.exe
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PSIService.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\snmp.exe
c:\windows\system32\PAStiSvc.exe
c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Fichiers communs\logishrd\LVCOMSER\LVComSer.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclToBTSrv.exe
c:\program files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
.
**************************************************************************
.
Heure de fin: 2008-12-01 18:30:39 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-01 17:30:32
ComboFix2.txt 2008-12-01 16:45:31
ComboFix3.txt 2008-11-29 13:48:46
Avant-CF: 26 421 559 296 octets libres
Après-CF: 26,404,061,184 octets libres
241 --- E O F --- 2008-11-26 21:28:07
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:45:49, on 01/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
Scan saved at 18:45:49, on 01/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
Précédent
- 1
- 2
- 3
